Dispatch from the world’s premier security event
With more than 40,000 attendees from InfoSec, Security Ops, Software Architects, CISOs, 500 sessions and the entire city packed with conference visitors, attending the RSA Conference for the first time was an overwhelming experience. It seemed like the whole city talks cyber security – signs, side events in every hotel, and I won’t even mention how difficult it was to find a proper table in a restaurant… (actually, I did get a table at Ozumo and that was an amazing dinner!)
As someone who’s relatively new to the security space, the real experience from my perspective was to see first-hand, the depth and the width of the IT security space. There are so many categories (such as Risk & Compliance, Network Security, Cloud Security, Mobile Security etc.) sub-categories (including Email Security, Data Leak Prevention, Fire Wall, End Point Security, VPN, SIEM, Biometrics and so on) and sub-sub-categories (like SCADA security for buildings or biometrics for contact centers) to information security. There are so many potential breaches and so much data to protect. I knew that before but didn’t really realize the scope of it.
So what did I learn at RSA 2019?
1. Wherever you look, there is a growing need for better security
I learned that wherever there is information, or a connection to information, there is also a risk of having this information lost or stolen. I also learned that as the technology evolves and new techniques emerge, these innovations lead directly to an increased potential for data loss, breaches and therefore and increased need to protect and mitigate them. That’s why we see more and more niche security solutions – for healthcare, for IoT, for industrial IoT, for DevOps, for specific mobile apps and so on – and I fully expect that trend to continue.
2. Stick to security basics
Although there are plenty of new market categories that are driven by real needs, most attacks still start with an employee lured to click a malicious file or link. There are many cyber security solutions aiming to address this problem – from securing the network, through securing email gateways and endpoints, and all the way to employee training and education. However, at the end of the day there is still a gap, and even though these solutions are in place, organizations are still being breached at an increased rate. Therefore, it is no surprise that even in 2019, these “basic” solutions are still a key part of RSA. And you know what, as long as the arms race of email and content security is taking place, they are not going anywhere.
3. Enough with FUD
And perhaps the most important thing for me as a marketer was to notice how everyone talks the same language. Almost all the vendors are talking about threats, attacks and risks. I understand why they use FUD (and I do that too sometimes, after all, I’m in security too), but I did miss two things – looking at the positive side of things (for example, how these cyber solutions make your life easier), and some sense of humor. It seems like everybody is so busy frightening others, that they sometimes forget that after all, we talk to people and people like to laugh.
IT and cyber security is not going anywhere, there is a growing need for it across industries, roles, geographies, organizations, and basically, wherever you look. Even traditional problems like email or network security gaps are not totally addressed yet, there is a need for innovation there too. And the entire conversation is around threats, risks, attacks, loss. Makes you wish that we would live in a safer world. On a personal note as a marketer, I would try changing the attitude, and the lingo to a more positive one.