By Phil Reitinger
Recently I posed this question on Twitter: “If talking to a vendor at the @RSAConference and the conversation lags just ask ‘Please tell me about your deep learning implementation of blockchain to address supply-chain challenges with cloud infrastructure.’” The jargon can be overwhelming. Then Dr. Allan Friedman of NTIA posed a picture of his RSA badge with a pin that says “No Purchase Authority” to reduce vendor harassment. As of now I have over 40 meetings, events, interviews, and receptions planned for RSA, and that will only go up. On Friday, I’ll be exhausted and past-ready to head home. I’m not 20, 30, 40 or even 50 anymore.
So why do we come? I wrote about that two years ago: “it’s the people. The sessions can be very interesting, the keynotes provocative, and the exhibit floor educational. But that isn’t why I come every year. I come because it is the best chance and place to connect with the infosec and privacy community. I’ve by far lost count of the number of people I’ve talked to this trip, and I bet the same is true for you. And while the planned meetings can be great, or not, often the chance encounters offer the greatest ROI.”
Let me expand on this a bit. For all the technological folderol of conferences, the growing consensus is that cybersecurity is about business and business risk, not technology and technology risk. And in the triad of measures to reduce risk – people, process and technology – people is still underappreciated. Cybersecurity is a business problem and a people problem. RSA provides an opportunity to talk about the business of cybersecurity with a larger collection of the people who can help more than anywhere else.
I most emphatically do NOT mean that we will solve our cybersecurity business problems by throwing people at them. As I like to say, people do not scale. We will not train our way out of the ongoing crisis – we must use process and technology – because properly designed and implemented, these solutions can scale. But throwing technology and process at problems, without a shared understanding among participants or a strategy informed by others, is no more effective than throwing people at that same problem. To be most effective, we need a community developing solutions and a community working together to implement them.
This is where events like the RSA Conference, and especially the RSA Conference itself, come into play. There is a network effect among people far more powerful than that among devices. Based on the amazing people I will talk to over the next week, I fully expect to fly home on Friday with at least a couple of new, big ideas to try, and partnerships to form that can make a real difference. That’s why I’m here.
Oh, the talks and the parties are pretty good too.