This week, 50,000 security professionals will descend upon San Francisco for the 27th Annual RSA Security Conference, arguably the largest global security event of the year. And for the security community to win against “the bad guys,” we’re going to need at least 50,000 more people.
Yes, the well-established “security skills gap” will be a hot point of discussion at this year’s RSA Conference. But in a year fueled by industry controversy (including backlash against the RSA Conference itself), the conversations onstage and in the Expo Hall are expected to be the most lively since 2014, when the debate around Edward Snowden came to the forefront on security’s biggest stage. Unlike RSA’s conference rivals, Black Hat and DefCon, RSA is an industry event attended by a balance of security analysts and business executives. This group has historically bred an interesting mix of opinions on topics related to privacy, inclusion and disclosure.
From Facebook’s public data privacy crisis with Cambridge Analytica and a long overdue movement calling for the security industry to finally break the glass ceiling, here are the three things that will be on everyone’s mind at RSA this year.
Diversity and inclusion
Throughout my 20+ years in the security community, the unfortunate reality remains that a gender bias exists. Finally, we’re approaching it head-on, but there’s lots of work to be done. When RSA initially announced their keynote roster this year, the list was dominated by men — in fact, the only woman announced as an initial keynote was Monica Lewinsky. In response, a one-day alternative conference was announced — OURSA — which promised to deliver content from a more diverse group of experts. Bravo. The event sold out quickly — my company was lucky enough to get a handful of tickets.
A lack of diversity in the security community is not just wrong from a social-psychological sense — it is a business issue. There is a huge talent gap in security jobs. Many organizations are ignoring a significant portion of the population by not recognizing contributions, and not creating opportunities for positive role modeling. OURSA, which seeks to help correct that, will be talked about for some time. In fact, their impact is already being felt — RSA has added a number of female and POC keynote speakers in response to the controversy. Good on them.
A perfect storm of data privacy is brewing. First, you have General Data Protection Regulation (or GDPR) — the acronym on every vendor’s lips this year. Designed to strengthen data protection for individuals, GDPR will change the way every business that operates in the EU handles the personal data of its users and customers. This will have a massive, global impact on the ways companies operate and disclose data breaches. Solutions specifically designed to address GDPR will surely be unveiled at RSA this year as the global security community tries to make sense of what new compliance standards they have to meet. Then, you have what might be the biggest topic at RSA this year: Cambridge Analytica. With CEO Mark Zuckerberg under fire from the media and Facebook users, you can bet that an elevated discussion on the ethics of data will be had at RSA. There are quite a few talks on security and privacy on this year’s RSA agenda, and given event attendees are typically bent toward business and organizational leadership, data privacy will be top of mind.
Many in the industry are wising up to the fact that buzzword bingo created by vendors is hurting, not helping the security community. Every year at RSA, attendees listen to topics ranging from security leadership, to cryptography, to keynotes on threats. And every year security professionals must ask themselves, how can this knowledge be operationalized — how can all the practices, technologies and ideas be put to effect in any given organization? A lot of this boils down to what we can bucket as “Security Operations,” a simple and understandable term that encompasses everything that happens within a Security Operations Center (SOC) to keep companies aware, secure and analytics-driven. Last year, the key trends driving growth in Security Operations were machine learning and artificial intelligence. But is the hype over? Or is automation the new thing?
The bottom line
As I’ve written in TechCrunch before, cybersecurity is a moving target. People want to talk a lot about “the good guys” winning or “the bad guys” winning, but the truth remains that our best way to make inroads to combat emerging threats and hit that target is by working together. And that doesn’t just go for security analysts — it applies to security vendors, too. More than anything, RSA presents a great networking opportunity for security professionals to come together and learn from each other on what trends are helping them find threats faster. I predict that as always, the community will help each other understand what substantive state changes people need to make when they get back to their offices.