R.A.D. - My Perspective of RSA 2020
After being immersed in the mayhem that is RSA I often wonder if it is what you miss rather than what you see that is so intriguing. The range of activities and opportunities to listen are immense. The expo floor is as crowded as ever with a plethora of vendors. Many were pushing dashboards as key. There is undoubtedly a place in the market for a dashboard of security dashboard vendors.
What Were We Thinking?
It is the range of talks and discussions that provides the most interesting area of thought. Without any bias Wendy Nather’s talk was received extremely well. Not only did it provoke controversy about the industry– her opening line was “What were we thinking?” – it also produced laughter and nodding in agreement. Before the end I was being pinged by folks asking for introductions. That is a sign of success. Always take the chance to bask in others glory..
Cloud Security and CISO Communications
But what of the topics in the more general sessions away from the keynote. I had a glance through the agenda and found two areas which seem to have grown in profile. Firstly, Cloud security, more particularly the protection or exploitation of cloud applications and the importance of security in the Kubernetes world.
Secondly the importance of the CISO being able to communicate or interact with the senior C level teams within organisations. So, one area technical. The other definitely not technical. This is a personal scan and I am sure that others will take a more scientific approach and analysis.
When it came to the more management type of task, I also noticed that the queues were much longer. The standby lines for spare seats were often doubling back on themselves. This is a sure sign of interest. One particular talk on Zero Trust by the Microsoft CISO had a huge queue plus an overfill room full to the brim. So, there is interest in Zero Trust although it is does not appear as high profile as it was. This talk discussed the need to start the Zero Trust journey by implementing MFA at once and how the use of a strong solution could be part of a programme to remove passwords. This aspect made the solution very popular with users and management as it improved ease of access as well as reducing the cost of passwords resets. So user efficiency and operational efficiency rolled up into one.
From an operational perspective it seems that a continuing theme is how more processes and analysis can be automated. How to reduce the need for the so called “mandraulic” activities to be reduced. This is driven by the need to reduce the time from detection to reaction but also by the shortage of skills within the industry. I cannot count how many time the topic of the shortage of skills and talent was mentioned in talks of all natures. A common theme was the need to look outside the normal technical areas for those with diverse skills and talents that could be developed as security professionals.
Having written the above, perhaps the most striking change this year was the omnipresent nature of the automated hand sanitizers. Wherever possible small devices were placed to squirt hygiene into your life. A reassuring reaction to the news that we are all hearing. Hopefully these will become a common feature at all future events.
Security in :20. We ask 4 Cisco Security Advisory CISO's about the biggest cybersecurity trends. Can they beat the clock? Watch. #RSAC #CiscoSecure @duosec @seanfsez @jwgoerlich @gattaca pic.twitter.com/9iQUGoZV1B— Cisco (@Cisco) February 26, 2020