RSA in a Nutshell

Curtis Blount

RSA 2011. Another rainy cold week in San Francisco. Being from the East Coast, I typically do not come west of the Mississippi for a Security Conference. With the CISO Summit in Orlando and INTEROP in New York, it’s basically same show, just a longer plane ride.

Being a 30 year veteran of the Information Security industry you become rather slighted to the “been there done that” mentality. So in attending RSA I had no preset expectations on the event in general. As I’ve transitioned more into a Strategy roll within Information Security I am more interested in “What’s Innovative”.

 The RSA Conference

If you are a veteran of the industry like me the vast majority of the topics and discussions were nothing new. The panel discussions, specifically around Cyber Security and Government regulation, gave some real insight into the potential direction of the existing Presidential Administration.

Of course the typical talking points Cloud Security, Governance, Risk and Compliance, Hackers & Treats, were also here. Same discussion, just a different view point. Nevertheless, it was very interesting to listen to the discussion points.

The prevailing joke at the conference was not you were not allowed to have a conversation with mentioning Cloud in the first two minutes and at least 20 times during the conversation.

The Professional Development Seminars were particularly interesting as the all-day seminar really focused on the future of CISO’s and how to really start thinking about realigning your career. As we all know the Role of the CISO is fast changing, so the idea of making sure your career goals, knowledge, certifications and framework are in line with the direction of Information Security in general was quite a fascinating discussion.

 The RSA Convention

With over 350 vendors at the Expo there was plenty to see. I find it amazing to come to these events and see 50 ways to build a firewall, 50 ways to build IDS, 50 ways to detect AV, 50 ways to stop malware. As I mentioned earlier I came here looking for Innovation. For the most part, I found pretty much “more of the same”.

All the major players were here with the usual talking points. Practically, every vendor has a Cloud offering. Some of the newer product offerings are around Mobility and Security offering AV and malware protection on mobile devices.

Practically, every vendor was giving away an iPad which seems to be more the draw than the actual products itself.

What I was hoping to see (which is lacking in our Security world) are tools to measure Security Metrics. Security Metrics is very difficult to measure, however with all of the Governance Tools on the market it would be nice to see good metrics tools that covers SMART (i.e. specific, measurable, attainable, repeatable and time-dependent). Truly useful metrics indicate the degree to which security goals are being met.

AT RSA you will see old friends, and deals being made. Overall it’s good to see this industry alive and well.