Notes from RSA 2017

Every year San Francisco plays host to a massive show in the guise of the RSA Security Conference. The city becomes awash in a sea of interlopers wandering about the streets adjacent to the Moscone Center with their name badges dangling around their necks. The motivations for attendees run the gamut from A to Z and all points in between.

For me this is an opportunity to connect with customers and friends. It allows me the chance to talk with a lot of people. In the course of my conversations with people I asked them what they thought the overarching theme of the conference has been. In most years I would receive a response that was by and large uniform. This year, I was surprised to hear no uniform answer. Each person I spoke to had a different take away. I was firmly convinced that Internet of Things would be the main one but, I guess that was only my perspective.

I think that this has a lot to do with sheer size of the conference. This year I have heard numbers of attendees has crested the 40,000 mark. For a security related event that is a massive figure. One of the things that some of the attendees that I spoke with said they are here for is to see product demos and get more information for their own enterprises in a one stop shop fashion.

That makes sense. Many companies simply don’t have the budget that they can send their security folks to multiple security conferences and trainings so, RSA becomes that bazaar in a lot of cases.

What I did take in as I wandered around the show floors in the north and south buildings was the themes of ransomware and IoT related attacks. I do find it amusing how IoT security specialists seems to have cropped up over night as if Jack dropped his magic beans onto the thin layer of carpet and they spring from the fibers.

When you peel back the layers of hyperbole and fear uncertainty and doubt you will find a lot of very good security companies here with some excellent solutions to sell. But, if you are an attendee who is responsible for defending an enterprise you want to make sure the vendors (yes, I work for one as well) ask you what problem you are trying to address. If they lead with “LOOK AT THE PRETTY FACE PLATE” (this actually happened to me many moons ago) or something about blinky lights you need to walk away. I spent many years tormenting vendors when they would do things like that and now, I work to make sure I never do that.

I spent years as a defender. Basically two decades. I made a lot of mistakes. One thing that I learned early on was that I needed to build a frank and open relationship with vendors and avoid the fluff. You, as a defender, have to be able to see through the haze to ferret out the demonstrable good that can help you whatever your situation might be.

Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)