During his keynote at last year\u2019s RSA Security Conference (titled: Escaping Security\u2019s Dark Ages), Amit Yoran, president of RSA, lambasted the industry as failing its customers.\u00a0 In a related interview with Fortune Magazine, Yoran stated, \u201cLet\u2019s do things differently; let\u2019s think differently; let\u2019s act differently \u2013 because what the security industry has been doing has not worked.\u201dNow in the 10 months since last year\u2019s industry get-together (note:\u00a0 RSA 2015 was in April), the overall state of cybersecurity has only continued to devolve.\u00a0 Large organizations are moving more and more workloads to public and private cloud infrastructure and proceeding further with mobile and IoT applications making it more difficult to monitor and defend sensitive IT and data assets.\u00a0 Meanwhile, the global cybersecurity skills shortage has gotten even worse.\u00a0 According to ESG research, 46% of organizations claim that they have a \u201cproblematic shortage\u201d of cybersecurity skills, an 18% increase from 2015 (note: I am an ESG analyst).With Amit\u2019s keynote in mind, I\u2019ll be heading to this year\u2019s RSA conference to see if the industry has made any progress as far as thinking and acting differently \u2013 especially in light of these changes.\u00a0 I\u2019m hoping that I see advancement in the following areas:Decreasing the attack surface.\u00a0 We need to do a better job in terms of limiting who gets access to applications and data, and segmenting traffic between network assets.\u00a0 There are a lot of technologies in this area including white listing (Carbon Black, Intel Security, Kaspersky Lab), network access controls (Aruba\/HP, Bradford Networks, ForeScout), and network\/workload micro-segmentation (Cisco ACI, VMware NSX, Illumio, vArmour, etc.).\u00a0 Data encryption and some of the CASB tools also apply here.\u00a0 The real problem is that it can be time-consuming and difficult to create, monitor, and enforce these types of policies.\u00a0 I\u2019d like to see these tools further interoperate with security monitoring, and even offer cybersecurity professionals advice on better ways to lock things down.\u00a0 We have to do more to decrease the attack surface with incremental steps that are easy to understand, implement, monitor, and fine-tune.\u00a0Increasing the productivity of cybersecurity and IT professionals.\u00a0 I\u2019ve written a lot about integrated cybersecurity orchestration platforms (ICOPs) like FirstHour, Hexadite, Phantom Cyber, Resilient Systems, and ServiceNow, and even predicted that this would be a focus area for the cybersecurity industry in 2016.\u00a0 I\u2019m bullish on this area because of its potential to streamline cybersecurity automation and automate the multitude of tedious tasks undertaken for incident detection and response.\u00a0 Oh and let\u2019s not forget that infosec teams need strong communications and collaboration with IT operations but this relationship is often handicapped by different processes, skill sets, and objectives.\u00a0 I\u2019m hopeful that ICOPs continue to gain momentum so that cybersecurity teams can use their limited time more efficiently on high-priorities.Improving security without disrupting users.\u00a0 Ask any CISOs and he or she will tell you that this is one of the biggest challenges they face.\u00a0 There are a few encouraging trends taking place.\u00a0 First, next-generation endpoint security tools are often based upon extremely lightweight agents while offloading tasks like malware analysis, real-time signature creation, and IoC definition to the cloud.\u00a0 Confer, CrowdStrike, Trend Micro, and Webroot come to mind. \u00a0I\u2019m also encouraged by the industry effort to replace user name\/password authentication with multi-factor alternatives \u2013 a big part of the president\u2019s recent Cybersecurity National Action Plan (CNAP) as well.\u00a0 Standards like FIDO may help make this a reality.\u00a0 Finally, there is an overall trend toward collecting, processing, and analyzing a lot more data to improve security monitoring to help accelerate security decision making.\u00a0 This is happening all over the place \u2013 cloud infrastructure, endpoints, networks, data usage, etc.\u00a0 I\u2019m also seeing interesting new SIEM capabilities from IBM (QRadar), LogRhythm, and Splunk as well as interesting security analytics technologies from the UBA crowd (Caspida (Splunk), Exabeam, Gurucul, etc.) and others (Arbor Networks, Forcepoint, RSA, Sqrrl).\u00a0 If we can use methods like these to improve security AND the user experience, we win big.\u00a0For the most part, Amit Yoran\u2019s 2015 message was spot on \u2013 the industry must do more that develop and sell point tools in order to improve the overall state of cybersecurity (are you listening on Sand Hill Rd.?).\u00a0 Vendors should really take the time to understand and empathize with customers and work on true solutions to their problems.\u00a0 I hope Amit continues to preach this message \u2013 I know I will.\u00a0BTW, here\u2019s a link to the blog I posted earlier this week about what else I\u2019m anticipating at this year\u2019s RSA Conference.\u00a0 See you next week!