home_banner `

Content Icon

RSA 2018: Where Does Infosec Go From Here?

April 30, 2018 | Blog | Security Policies and Strategy | By Bill Brenner, IANS Faculty

Having attended every RSA Conference but one in the last 14 years, I’ve grown accustomed to the following questions:

  • What’s new or hot this year?

  • What are the big lessons?

Looking at RSA Conference 2018, the crowd was noticeably younger this year, suggesting an industry growth spurt and raising questions about where infosec goes from here.

Better Answers for Old Challenges

It’s natural for people to ask what’s new, and it used to be a question I could easily answer after a stroll through the expo hall. In 2005, the buzz was all about data breaches, then a new and scary thing. Between 2006 and 2008, it was cloud security. Another year, it was advanced persistent threats (APTs).

This year, buzzword marketing was more muted. It’s hard to get excited when data breaches have long since become daily occurrences. There’s still a lot of talk about ransomware, malicious crypto-mining and blockchain technology people struggle to understand. And most challenges continue to be examined through the compliance lens, the latest example being GDPR.

Security practitioners deal with threats that constantly change shape, but within those shapes, they see the same core problems that have dogged them for 20 years. They’re not coming to RSA in search of what’s new. They seek better ways to deal with old problems.

Conference Overcrowding?

Many long-time friends in the industry made the same observation: The crowds have become noticeably larger, to the point where veterans can’t recognize most of the people around them. Almost everyone I know asked aloud: Who the heck are all these people?

By its own count, RSA put this year’s attendance at more than 42,000 attendees, in the same zone as last year’s 43,000 attendees and 2016’s approximately 40,000. But a lot of security attendees came to town without an RSA registration. Instead, they held meetings in the surrounding hotels, restaurants and bars.

Are all these new faces a positive development? I’d like to think so. More people means more companies are taking security seriously, hiring more cyber soldiers and sending them to events like RSA for training.

Whether that’s a sustainable trend remains to be seen. According to those surveyed for our recently released Winning the Battle of the Budget report, CISOs expect their own budgets to go through more scrutiny as their bosses seek proof that infosec costs are providing business value and return on investment (ROI). Headcounts could level off as a result.

If all the new hires and their conference experiences result in fewer data incidents, the crowds will keep growing. Or, we could be staring at a human resources bubble about to burst.

The Young Need Guidance

Industry veterans also marveled at how young the new attendees are. Some believe millennials are clueless, a presence that threatens to dumb down the profession. Having met some smart, hard-working people of that generation, I don’t believe that line of thinking for a second. But going forward, they’ll have much to prove. They’ll need mentors to guide them in the coming years.

Networking Is Most Important

There are a lot of great sessions each year, and 2018 was no exception. But as happens every time, the most important thing you can do at RSA is meet as many new peers as possible and reconnect with older ones. We’re all in this together, and the more we can share notes, the better prepared we’ll be when the next WannaCry hits.

Growth Is Great, But More Focus Is Needed

It’s great to see security becoming more mainstream. But as it continues to rapidly expand, I wonder if RSA is losing focus.

RSA used to be held in one place. Now it’s in two. Presentation rooms are a lot more spread out through the Moscone neighborhood than they used to be. The result is a lot of running around and not as much attention to the detail of the talks.

I don’t have a good answer for how we deal with that. Maybe RSA needs to run more shuttles throughout town to help attendees get from Point A to B. Perhaps getting around will be easier once all the construction is complete.

Either way, between the expanded geography and the influx of new people, RSA has some work to do if people are going to continue learning and growing.

Any views or opinions presented in this document are solely those of the Faculty and do not necessarily represent the views and opinions of IANS. Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our written reports, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by the client in connection with such information, opinions, or advice.

Related Research

Poll: Best Ways to Encourage PAM Tool Usage

What statements or phrases can help increase adoption of tools like Thycotic Secret Server? In this Viewpoints report, IANS Faculty Josh More, Adam Shostack and Jason Gillam offer some tried-and-true strategies.

Information Security Job Description Templates (Updated)

With the information security workforce shortage projected to reach 2-3 million over the next few years, organizations are putting a greater emphasis on their recruiting process to better fill out their security teams. Use these sample infosec job descriptions to set the foundation for role expectations and attract the most highly qualified professionals to your organization. 

Customer-Infosec Advisory Council Charter and Bylaws Template

This template documents a charter and bylaws for a customer-infosec advisory council designed to facilitate the sharing of company infosec capabilities and roadmaps with customers, and customer experiences and concerns with the company.

Help Security Staffers Develop a Career Roadmap

Retaining and growing internal talent is a top challenge for most information security programs. In this Ask-an-Expert written response, IANS Faculty Rich Guida steps through the process of matching employee goals with company needs to strengthen the team overall.