Observations from my first RSA Conference
- Posted on April 26, 2018
- Estimated reading time 3 minutes
I’ve been in technology consulting and information security for the past quarter-century – first for 16 years with Accenture, and more recently, eight years with Avanade.
Yet, I had never been to the annual RSA Conference, the world’s leading information and cybersecurity event. That is until last week, when I was fortunate to attend the event at the Moscone Center in San Francisco, Calif.
I was impressed with the size and scope of the conference. There were over 600 booths battling for the attention of 50,000 attendees in two large exhibit calls – ranging from government entities like the National Security Agency (NSA) and the U.S. Department of Homeland Security (DHS) to leading software and security companies like Microsoft, Oracle, Palo Alto Networks and McAfee.
The bad guys get sophisticated
One of the main themes I heard is that there is more sophistication from the “bad guys” including nation states up to nefarious activities, for-profit hacks and hacktivists. Machine learning and artificial intelligence (AI) are helping both sides build more sophisticated capabilities; as the threats become more advanced using AI, the solutions and mitigations are getting more advanced via machine learning.
DHS Secretary Kirstjen Nielsen was one of the opening keynote speakers at RSA 2018. She said that cybersecurity used to be a problem reserved for the IT department, but now it’s everyone’s problem. She believes that the bad guys are crowdsourcing their attacks, so we (as a security community) need to crowdsource our response. She also mentioned that DHS will soon release its cybersecurity strategy incorporating five themes where she believes we need a “new approach for a new age.” Those themes are: systemic risk; collective defense; refreshing the thinking about what the U.S. federal role in cybersecurity should be; advanced persistent resilience; and cyber deterrence.
I thought the best keynote at RSA 2018 was given by McAfee CEO Chris Young. He said that in 1972, there were 24 hijacked airplanes – basically one every other week. That’s when everyone got serious about airport security. Young said the same thing must happen around cybersecurity today. He noted that cybersecurity has not yet reached the level of priority that it needs to be at for the security industry to truly manage the attack landscape we face.
He pointed to the terror attacks on September 11 and said that the security response was not built around new technologies; it was just a change in culture. He added that we can’t wait for a digital 9/11 to force us to change.
A view from the venture capitalists
Among the other sessions I attended was a panel of three venture capitalists –Asheem Chandna from Greylock Partners, David Cowan from Bessemer Venture Partners, and Ray Rothrock from Venrock – who discussed key trends in security. Collectively, the panelists are investors in nearly two dozen security companies, and each saw a continuation of investment in security firms moving forward (on both the software and services sides).
One of the most surprising presentations was an afternoon keynote from Monica Lewinsky, the former White House intern who was found to have had an intimate relationship with former President Bill Clinton. Repeating some of the themes she used in a 2015 TED Talk, Lewinsky talked about the public humiliation she endured, thanks to the digital revolution. Lewinsky advocated that security professionals need to help protect vulnerable people from hackers because such hacking can lead to public humiliation. She added that many instances of cyberbullying involve hacked or secretly recorded photos, videos or audio becoming public.
While the agenda was jampacked with great sessions, I still found time to meet with some of the security leaders at Microsoft and Accenture (Avanade’s parent companies), as well as some of our security alliance partners like SailPoint, Zscaler, Splunk and Tanium. I also attended a dinner with several CISOs so I could hear first-hand their thoughts on the needs of the marketplace.
In retrospect, my four days at the RSA Conference provided a valuable opportunity to get a 360-degree view of the security industry and the challenges we face, both today and into the foreseeable future.