Five Things: RSA Conference 2011
Thanks to InfoSec Island I had the opportunity to attend the 2011 RSA Conference in San Francisco, free of charge. It was a unique experience, well worth my time and energy to attend. This week’s blog is Five Things I learned at RSA Conference 2011.
1. The information security community is huge and diverse. I’ve seen numbers indicating there were anywhere from 11,000 to 20,000 people at the conference. And those attending make up just a small fraction of the information security practitioners around the world. I met attendees from South America, Africa, Australia, Europe, and Asia (just missing a representative from Antarctica).
And the make-up of those who I met varied wildly as well. Developers, encryption gurus, GRC experts, CISO, compliance, engineers, lawyers, fraud prevention, auditors, sales people, government, private sector, and more were all jammed together in the same building (and one afternoon, it seemed we were all jammed into the same hallway…). It reinforced that we simply cannot be an expert in every area of security.
2. The security industry has fantastic vendors. We in the security industry are incredibly lucky to have superb vendor support and constantly evolving technologies to help us achieve our security objectives. As I walked through the vendor exhibition hall I was continuously amazed by the impressive array of tools and systems they are being constantly created and improved. No, these security tools will not solve our fundamental security needs, as they can never take the place of self-awareness and solid risk management. But as tools for a well managed security program, these vendors provide systems that can make us more efficient, save us money, and take care of some of our headaches.
3. Security is important to companies. Even in this down economy, thousands of companies determined that it was worth their time and money to send delegates to share and learn about security. Security awareness is making great inroads to senior management. This is critical to us gaining the prioritization, budget and corporate pull needed to make real change.
4. Many of us are struggling with the exact same things. There were a few topics that dominated the session agenda. Security in the cloud, DLP implementation, and documenting/reporting on security metrics were among the most popular topics in the conference. While I don’t know that a huge conference is the place to solve these problems, it did give the attendees the opportunity to hear from experts who were willing to share their advice, and from our peers who are struggling with the same issues.
5. Security has a very short history, but a very long future. The biggest names in the history of information security are not only alive, but they are still contributing to the community. Information security is a young discipline with a ton of growth left still in front of it. RSA conference had appearances from Diffie, Rivest, Shamir, and Adleman (They were referred to as, “living legends”). Tens of thousands of security practitioners have taken up the task that was first handled by those legends, and are driving security into places it had never been considered before. With the increasing malicious threats and improving defenses we can expect that the only constant will be change.
Overall, the RSA Conference far exceeded my expectations for value. The organizers did a fantastic job of providing different tracks (up to 17 separate tracks) to deliver maximum value to attendees. In a world of tight budgets and limited resources attending a conference like this may be an extravagance that gets cut, but I am sure glad I had the opportunity to go.
Connect with Robb on Google+