RSA Conference 2016 was a great opportunity to connect with the expansive and expanding world of information security. Just like the threat landscape is continuously changing, so is the landscape of security technology and solution providers to help combat this growing risk.

Initially, I was shocked by the volume of people attending the conference. However, when thinking about how many more vendors, service providers and security professionals there are today, it put it into better perspective.

I was very pleased to see what appeared to be an increasing number of women in attendance at the conference and in breakout sessions. This gives me hope that we can continue to build diversity and balance into the security profession.

I particularly enjoyed the all women panel on “The Measure of Success: Security Metrics to Tell Your Story.” What I appreciated most was they moved beyond discussing the need for security metrics – they actually provided metrics as real-world examples.

The session covered the need for metrics on three levels: operational, executive and board level. It was very beneficial to see this level of detail and was extremely helpful to see what others might be doing and where your security program may have some gaps.

At other conferences there’s been a healthy discussion around the need to have metrics but no one actually showed you theirs. This insight will help many security professionals begin the long path to the metric conversation in their own companies. Well done ladies.

The Keynote on “Beyond Encryption,” which explored the encryption dilemma and other key areas, was very interesting. The session touched on the Apple/government debacle providing various points of view.

The keynote was thought provoking and provided several different views of the situation with one presenter openly saying they thought one way several years ago and now have changed sides.

Listening to the privacy discussions from the panelists gave me more to think about when it comes to balancing our right to privacy and the need to be protected. Can we actually have a world where data is masked from the defenders in the interest of protecting your privacy? I’m sure this debate will continue.

Of course my favorite event was the Security Shark Tank®. This was my second year participating and it was even better than last year, if that could have been possible.

The Security Shark Tank® introduced some newer companies with innovative concepts to wrestle the security conundrum. Getting that many CISOs in a room (more than 20) from varying backgrounds and vertical markets made for an interesting line of questioning that both challenged and engaged the vendors.

I’ll be excited to track these new players on their journey and a few lucky companies may be able to solve some of my own security pain points.

The conference really gives time to reflect on so many security-related topics and the opportunity to speak with people you may not normally have time to speak with. I also think the exhibit floor was overflowing with emerging ideas, start-up companies, some of the oldies but goodies and some that may not make it on their journey, all in one place. I’m already looking forward to what next year will bring.

Leave a Reply