Another year and another RSA Conference in the books. While I’m still wrapping my head around everything I saw and experienced at this year’s mega security confab in San Francisco, figure it’s best to write it all down while it’s still somewhat fresh in my mind.
The vibe at this year’s conference was notably more subdued than years past due in large part to the fear of a potential Coronaviru pandemic, which was no doubt exacerbated by the pull out of Verizon, AT&T and IBM the week before the start of the show. Many attendees donned face masks and perhaps no brand had a stronger presence all week than Purell and their eponymous antiseptic stations blanketing the show floor (ironic since an anti-bacterial cannot stop a virus!).
But as they say in Hollywood, the show must go on. And so over the course of three frenetic days, I trekked across the entirety of the Moscone Center to spend time with Alloy clients, attend sessions and workshops, and sat through my fair share of vendor presentations to learn what trends might shape the cyber landscape in 2020 and beyond.
What follows are some of my personal observations, takeaways, and highlights from RSA 2020:
Hanging Hard with Alloy Cybersecurity Clients
Two Alloy clients had a presence at RSA 2020: OPSWAT, the established leader in the Critical Infrastructure Protection (CIP) market and LUMU, a brand new start-up in the network security category that aims to help enterprise customers measure compromise in real time.
The OPSWAT booth was a hive of activity with a steady stream of videos and live presentations on their new Network Access Control capabilities along with the launch of their MetaDefender USB Drive on the Amazon store.
Alloy began working with LUMU in early January 2020 with the goal of helping them create some buzz as they publicly debuted their cloud-based security service for the first time. With less than two months before the show, the Alloy cyber team got to work and secured two pieces of feature coverage in CSO as well stories in several other key security trade outlets, helping them to raise awareness for their brand with key prospects at the show.
Machine Identity Crisis
One of the more thought-provoking booth presentations that really caught my attention was from machine identity solutions provider Venafi. The topic of identity in cybersecurity is something I am personally very intrigued by and have spent a good portion of my time writing about over the past five years. While there are dozens of vendors who are trying to solve the challenge of user identity (most notably, of course, being RSA itself), I was not familiar with the issue of machine identity and the critical role that SSL certificates and SSH keys play in establishing the identity of a machine and how the expiration of these certificates has been the culprit behind some of the largest data breaches.
Check out Venafi’s explainer video “5 Stages of TLS Certificate Outage Grief” to get a better understanding of the potential consequences of an expired certificate:
CSA Summit: Privacy and Security in the Cloud
I had the pleasure of working with the Cloud Security Alliance (CSA) back shortly after it was first founded by Jim Reavis in 2008 so it was great to spend a couple of hours at the CSA Summit, where CSA curates a full day of sessions on various topics related to raising awareness around best practices to ensure a secure cloud computing environment.
While all of the sessions I sat in on were outstanding, I was particularly impressed and surprised by the session led by Aravind Swaminathan, a former assistant US District Attorney and global co-chair for international law firm Orrick, Herrington & Sutcliffe on the topic, “Save Your (Cyber) Bacon: Personal Liability for CISOs and Infosec Pros”. I was thinking of skipping this one as I didn’t imagine an attorney talking about risk and liability would be all that interesting but decided to stick around and so glad I did, as Aravind was an engaging and energetic speaker who brought a seemingly dry topic to life. Here’s a video of Aravind speaking on a similar topic.
Privacy & AI
While the theme of this year’s RSA was ‘The Human Element’, everywhere you looked, the potential and promise of machine intelligence was on full display. One of the more popular sessions tackled the complex issue of legal and compliance threats that AI might potentially spawn: Artificial Intelligence Security and Privacy Legal Threats and Opportunity.
Meanwhile, there were a number of new startups that launched at RSA that are leveraging sophisticated AI engines to better protect user privacy and help companies manage compliance with new data privacy regulations. One notable company worth keeping an eye on is SecuritiAI, which recently landed $50 million in Series B financing and was named the most innovative startup at RSA.
eWeek ‘Bangers & Mash’ Podcast
I’m an avid fan of podcasts and so I was excited to be invited to watch a live recording for the Seamless Podcast: FutureCon Cybersecurity Series Episode hosted by Darin Andersen and moderated by eWeek editor Chris Preimesberger.. The topic of the two-hour session was “The Human Element in Smart & Safe Cities,” and featured an all-star panel of cybersecurity experts, including OPSWAT’s new Chief Revenue Officer, Patrick Tan. The conversation was both intimate and wide-ranging, touching on everything from the cybersecurity considerations for the next generation of connected cities to the potential vulnerabilities of autonomous vehicles. The new episode will be available later this week and can be found here or via Stitcher or Spotify.
Of course, no event wrap up would be complete without a “Best Of” list so in the spirit of a BuzzFeed listicle, here’s my take.
Most Topical SWAG
I was joking with a friend on the exhibit floor that I wouldn’t be surprised to see an exhibitor promoting branded face masks and then just a little while later she sent me this promotional tweet from WolfSSL:
Most Adorable Booth
If there’s one sure-fire way to bring people into your booth by the dozens… puppies! Application Security provider Veracode brought along a half dozen adorable therapy dogs who were available for cuddles and pets. I can only imagine the bureaucratic hoops that must be jumped through to make that happen but glad they did.
Most Over the Top Booth
Fresh off closing a $120 million round this past June (bringing its total funding to a whopping $430 million), Sentinel One was one of the featured cyber unicorns at this year’s RSA. And with mountains of cash burning a hole in their pockets, the marketing folks debuted a new booth that looked like a cross between Tron and an art installation at Burning Man:
https://twitter.com/Grifter801/status/1232081765570756608
Most Ironic Charging Station
Either the NSA has a wicked sense of humor or they failed to see rather obvious irony of offering attendees a chance to have their personal devices scanned charged.
It was truly fantastic to have the opportunity to spend some quality time with Alloy clients, meet new people, and reconnect with old friends -- I’m already looking forward to RSA2021. Let’s just hope that next year we will see a whole lot less Purell and a whole lot more cyber innovation.
Interested in learning about how Alloy helps its cybersecurity clients standout at busy events? Get in touch!