Key takeaways from the world’s largest cybersecurity conference
This wasn’t my first RSA Conference in San Francisco. Given the state of the world however, it was the first time I’d been able to attend for a number of years. It was a privilege to be back. Thank you Investment NSW and Austrade for the partial support you provided to help us be part of it.
The RSA keynotes are typically a good reference for determining the overarching messages that are currently permeating through our industry.
Cybersecurity as a national security imperative
US government representatives have always had a decent presence at the RSA Conference. One thing that seems to have changed this time around however, was that officials both current and past were all in attendance and graced the various keynote stages frequently.
Jen Easterly was particularly present and exuded a level of cool that no government official has ever been able to achieve.
Her predecessor, Chris Krebs, who was famously fired via Tweet (he seems to wear this as a badge of honour, and rightfully so in my opinion), was also a visible part of proceedings.
The things we’re currently doing aren’t working
A cynic would say this is a thinly-veiled message that the solution providers push to sell more stuff.
There’s some truth to this. But if you’ve been in the industry for some time, you know this is true. There are many reasons for this, but the fact of the matter is, we need to do better. And we can’t do it just with new tools.
One of the keynotes mentioned that everything we have in our Security Operations Centres (SOCs) today, will need to be fully replaced in a few years, and that this is already happening.
My personal opinion on this matter is that the root cause stems from so many in our industry who refuse to change. The most counter-productive people are the ones who stand on their pedestals proclaiming:
“We’ve always done it this way, and I’m not letting anyone change it because I’m the expert on how this works.”
Until they move on, we will never get measurably better. So we wait, until they leave or retire. It’s why progress is so slow.
It’s always difficult to ascertain if this ends up being someone’s message because it is trendy or if they really want to make a difference. But it was a constant theme throughout the agenda. I suppose we should be glad that it hasn’t disappeared from the conversation.
I’ve written about this in the past, so I won’t labour the point. All I’ll say is that it seems to serve many vendor agendas to virtue signal that they care about diversity. Which is nice, I suppose.
I saw a great graphic on LinkedIn about how every vendor goes into a big conference like RSA wanting to have a “differentiated voice” but then ends up saying the exact same thing as everyone else.
Without further ado, here are the buzzwords I noticed being overused to the point where they’ve become meaningless:
- Zero Trust
- API Security
Apparently every vendor exhibiting at RSA does all of these things.
Did I miss any? Sound off in the comments.
The Expo Floor
If you’ve ever walked the Expo Floor at the RSA Conference, you’ll know that it’s huge. The only other cybersecurity conference I’ve ever been to that can match the RSA Expo Floor’s scale is the Blackhat conference in Las Vegas.
The pictures don’t do the scale justice. It’s the kind of thing you just have to experience in person.
Having worked for a few large cybersecurity vendors in my career, I know the costs and effort associated with doing this. And for that, I continue to admire how the marketing teams in these large vendors do what they do.
The cynic’s lens on this however, is that the Expo Floor is simply the space where all the big vendors can show everyone else just how much money they have and help reinforce with their customers just what a “sure bet” it is to buy their technology. We all know this (being a “sure bet”) isn’t true, but you can’t deny that the psychology works on many people.
It’s for that reason that I’ve yet to hear any vendor say they’ve ever gotten the ROI they expected from exhibiting at any conference, but most of the value comes from things that cannot be tangibly measured.
There’s a reason that RSA Conference veterans will tell new attendees that it’s not really about the conference. Sure, you learn a few new things, see some interesting technology, and get a sense of what’s happening in our industry.
But it’s really about everything that’s happening around the conference. It’s really about the people you get to meet and reconnect with.
Given the norms of the past few years where we’ve been on countless video calls, people are relishing the prospect of seeing others in person again. And events like the RSA Conference help supercharge the ability to do that in a short, condensed period of time.
If you ask anyone what their favourite part of the conference was, a majority will tell you it was the people. It certainly was for me.
To all the new people I met during the week, as well as the people I’ve known for years but hadn’t seen in person until recently, getting to hang out with you all made the trip worth it.
Until next time.
Ian Yip is the CEO of Avertro, a venture-backed cybersecurity software company. Avertro CyberHQ is a SaaS platform that helps leaders manage, measure, and report on their cybersecurity performance.