This year’s RSA conference happens to be its 25th anniversary, and the evolution from where it started to what it has become is impressive. On the other hand, many things haven’t changed. The security industry is still debating how to best address some of the same challenges discussed 25 years ago. Encryption for example, is still a hot topic (and I imagine always will be to some extent). As you may expect, the debate between the FBI and Apple over the San Bernardino attacker’s iPhone is a recurring theme since the outcome of that case will ultimately set a precedent that will impact everyone in the industry on some level, either directly or indirectly.
However, there are also many new topics, theories, tactics and strategies being discussed that nobody had even imagined 25 years ago. RSA has expanded beyond what many less-informed professionals have traditionally defined as “security.”
Security as Change Management
For example, there are many new vendors offering products and services centered around behavioral analytics. What they are offering is not what most assume you’d find at a security conference. It’s no longer simply about identifying a login attempt at 2 am for a user who works 8-5. It has evolved into a deeper discussion about psychology, human nature and how to harness those characteristics to improve awareness, change culture across the enterprise from the boardroom to the mail room and ultimately improve security posture.
In fact, I was surprised to see many of my former InfoSec colleagues from my previous life now joined by their Change Management team. I had a chance to catch up with them and heard a lot about the sessions they attended. The content was vastly different from years past. Below is one of many vendors on the expo floor pushing behavioral analytics. Yes, the concept has been around but we’re seeing a step change in the definition and goal of their offering.
Something for Everyone
There were 500+ vendors and over 40 thousand attendees at this year’s conference, with hundreds upon hundreds of various presentations, peer-to-peer discussion groups, learning labs and networking events. There was something for everyone, even for the kids.
There have also been a few surprises along the way, such as a performance from Pentatonix (Yes, they must have been paid a pretty penny, because they did a medley of popular songs but all the words were changed to relate to cybersecurity).
I know many out there saw that one of the keynotes was given by the folks behind the TV show CSI Cyber and immediately assume it was of little value. Truth be told, I agree and skipped those. Instead, we strategically focused our time on things relevant to West Monroe’s Security and Infrastructure Services and our World Class Capability offerings. More to come on what that means, how we did it, and the outcomes of our investment in attending in my next edition.