Since this was my first Tech.Ed, I don't have anything to compare it with, but I'm a little disappointed. The highlights were pretty much limited to the sessions from Steve Riley and Jesper Johanssen. But if you've been listening to them speak or reading their whitepapers / blogs and anything else over the past 2-3 years, it wasn't anything new. Especially not if you read their book before going!
But one huge highlight was the half hour 1 on 1 I had with Steve Riley. It seems he is at the same point I am with regards to Windows security, in that nowadays the problem is less technical and more people / process related. I think most Windows admins know what needs to be done to secure their boxes, and what technologies are available to keep them secure. But when it comes to getting outages from business owners, we're still in the same (bad) situation we were in 3 years ago.
Anyone who works in a large environment knows this. People who have only ever worked in small environments will have no idea of what I'm talking about. I'm not longer tolerant of people making flippant remarks about 'how come all the big enterprises get [insert attack here] - don't they know how to patch?'. Yeh right. You try getting an outage on a box that sees hundreds of millions of income go through it. It doesn't matter if it's clustered - business people are paranoid of any change, esepcially when it's something they do not understand and there's a LOT of money involved.
Steve mentioned he is working on a presentation about showing security ROI. I can't wait to get his thoughts on that, not that I'm waiting for him to do something... all Windows admins should be looking into this asap!