RSA Conference 2017 Edited.png

The RSA Conference 2017 in San Francisco has just concluded. For those unfamiliar, it is one of the biggest information security shows in the US. This year, the attendance climbed to over 40,000 people. Over the past week, I had the opportunity to hear from some of the brightest minds in the field of InfoSec.

I spent many hours on the expo floor looking at and talking with various vendors. I also was glad to have a chance to catch-up with former co-workers and share a cocktail or three and talk some shop in a… let’s say… uninhibited manner.

Main Takeaways

Here are some takeaways from some of the speakers I had a chance to listen to:

  • Jon Lithgow (yes, the actor) delivered a powerful opening monologue that painted a pretty dire picture of the world without information security. A hacked planet with no trust and by extension, no security, could lead to the fall of companies, governments, and even civilizations. However, we have not failed yet despite the constant challenges inherent to security roles. Together, we can and should continue to fight the good fight. 
  • Zulfikar Ramzen from RSA noted this was the largest US RSA Conference they had ever put on. He talked about drawing connections between security and business objectives. Being able to explain security issues by providing business implications will go a long way to helping gain the organizational support that security teams need to be successful. He also discussed chaos and what it does for you. While most people associate chaos with a negative (and it certainly can be), it can also cause positive things like creating moments of truth and forcing progress to happen.
  • Michael Dell of Dell mentioned that the number one concern of business leaders he has talked with is security. More specifically, the complexity of the security posture and how to manage the associated business risk. IT should not longer be IT, but BT - Business Technology. The business needs to understand security ramifications to their decisions. But that is not enough as IT also needs to understand the business ramifications of their decisions.
  • Brad Smith of Microsoft noted that 74% of business expect to be breached this year. That is an astounding number. Nation state attacks against civilian targets like Sony are occurring more often than ever. He also mentioned that 90% of intrusions begin with a phishing email. Every organization needs to have a strong defense to counter these threats, especially when “every company has at least one person who will click on anything.”
  • Chris Young of Intel talked about fake news, which has become a hot topic as this past US presidential election has shown us. Did you know that fake news was actually predicted at the 2016 US RSA Conference? The manipulation of data can be a key factor in becoming a source of truth or fiction. With the world increasingly leveraging big data models as part of their business, changes in the small data that feeds these giant repositories can have significant impacts. In summary, secure all the data and accounts!

While San Fran is one of my favorite cities in the world (go 9ers!), it can be fairly expensive to attend this event. I have already had several people ask me if I thought it was worth it. While personal experiences may vary, it was absolutely worth it for me.

Being able to talk with others sharing their wins and losses, grill vendors on products, and connect with people face to face instead of emails forges stronger relationships and is well worth the investment in time and money. I am fortunate to work for a company that sees this value and takes full advantage of it as often as possible. Hopefully, yours does, too (or will in the future).

Building Consensus in Your IAM Program

Jeff Steadman

Jeff Steadman

As part of our advisory practice, I partner with our clients to help plan their IAM strategies. Prior to joining Identropy, I spent over a dozen years managing, building, and running Identity & Access Management programs, projects, and teams for SC Johnson and Walgreens.