What’s hot and what’s not in security: Learnings from RSA Conference 2020

Cyber Security

Representatives of the FieldHouse cyber security team made their way all the way out to San Francisco for one of the security industry’s biggest events: RSA Conference.

img
Aidan Murphy
Senior Account Director
@aidanmurphy_

Think of it like Paris Fashion Week, but for security people. This is where the trends of the year are set. Ok, it’s nothing like Paris Fashion Week. But as you parade up and down the conference floor, it becomes very apparent what’s “hot” and what “not” in security.

For a more insightful blog on how security professionals are facing off against the comms team click here. But stay right where you are if you’re here for the obligatory blog on what we gleaned from our time spent in an underground hanger with 700 exhibitors and 36,000 security professionals.

WHAT’S HOT

UK cyber security

Walking around the conference floor it was great to see how well represented UK cyber security companies were. The Department of International Trade had set up the UK pavilion with fascinating companies including CybSafe and we saw many familiar faces from CyLon, and of course even more familiar client faces! More than once it was remarked to me how strong a reputation in cyber security the UK has.

Quantum security(?)

My homework from the conference is to do my reading on quantum computing, which – I was reliably informed – is about to put the majority of the cyber security community out of business. Don’t ask me how, just take my word for it. Or more accurately, the word of the vendor who gave me an incomprehensible demonstration of how he could protect against quantum cyber security attacks using a light(?). By next year’s RSA I’ll be informed.

Skills training

RSA’s theme this year was “The Human Element” and it was very well represented by the vendors on the show floor. The acceptance that preventative technologies won’t stop every attack, combined with the fact that the most common methods of attack are still those that rely on human fallibility, mean that the focus has shifted to the humans at either end of the attack chain. It’s a broad church, with some vendors focusing on skills training for the average employee, others focusing on testing staff’s security savvy, some looking at how to collect data on how prepared your workforce is, and our own client Immersive Labs looking at benchmarking and upskilling the security team.

Magicians

 

 

Like every good trade show, RSA has its fair share of stand gimmicks and vendor merch. There were Star Wars arcade games, sales people dressed as Darth Vader (why would they assume security people would like Star Wars so much?), branded battle axes, a man dressed as a giant fox, FireEye socks, and NSA notebooks (probably bugged). The biggest crowd I saw was for a magician shooting snooker balls out of attendee’s mouths, proving that we are all just children at heart.

The weather

This is pretty much how I expected California to look all the time but I was informed by locals that 22⁰C and sunny isn’t typical for San Francisco in February. It’s always nice for security professionals to get a bit of sun when they emerge, squinting, from the sunless bunker of the Moscone Centre. I hope the weather decides to make the journey over for Infosec in London this year.

WHAT’S NOT

AI and blockchain

Two years ago, AI would have probably been pasted across most of the vendor stands. Two years on, more than one person made a joke about AI not being able to save the day (oh, how we laughed). There were actually many vendors using AI in interesting ways but they are now leading with the problem they are solving, rather than using AI as a shorthand for “cool”. Blockchain has also lost a bit of its glean. Although, a vendor did get quite uppity with me when I suggested it was gone for good – so don’t write it off completely yet.

Passwords

You could barely move in the hall for vendors touting alternatives to passwords. The password’s obsolescence is long overdue but I remember when biometrics were meant to be the death of passwords and we’ve had those for years. Let’s see how it goes.

The Expo Pass

You’d think the “Expo Pass” would get you pretty good access to the expo right? No. All the keynotes are off limits and some of the most exciting parts of the expo itself, like the Innovation Sandbox Contest and the Early Stage Expo. If you are planning your trip for next year, I’d consider springing for one of the higher levels. Or, you can do what we did and head along to BSides San Francisco ahead of RSA, which was one of the most insightful security conferences I have attended.

Seaweed popcorn

Not sure this is a regular feature of RSA or I just chose the wrong bowl of nibbles but popcorn that tastes of fish is a big no from me.

Sunburn in February

I don’t want to talk about it.

Aidan Murphy, Senior Account Director, @aidanmurphy_

Back