This post is part of a multi-part series about the Securosis Guide to the RSA Conference (download the RSAC-G PDF). Please scroll to the bottom for links to other posts in the series.
In the United States there's a clearly defined line between amateur and professional athletes. And in our wacky world of American sports, we have drafts, statistics, hefty contracts, trophies, and rings to demonstrate an athlete's success.
In other sports and other parts of the world, the lines between amateur and pro athletes can be a bit murky. Take rugby, for example, where club teams compete in a bracket system to earn their spot up (or down) the ranks of European rugby series. Imagine the Seahawks moving down to a lesser series next season as a result of their 2015 Superbowl loss, and you start to understand the blurred lines of some professional athletes.
But in the security world the pressure runs both ways. Our entire profession no longer needs to prove the world has a security problem—the headlines scream it nearly every day. And while some people still think they are playing club security, it turns out they moved up to the World Cup and never really noticed. In the matter of only a few years, our entire industry rocketed into the majors, like it or not. And to further muddle our metaphor, no fair few armchair quarterbacks are in the big leagues and now need to put up or shut up.
All right, maybe we pushed that a little too far. Here's the situation: information security is on the front lines of protecting our economies and infrastructure. It's a level of validation many security professionals have wanted for years, but now that it's here it exposes personal and professional weaknesses. There is massive demand for pragmatic security pros who can get the job done, but not enough of us to fill all the positions. It is a scarcity that must be filled, despite the skills shortage. This creates a revolving door as people pop up to positions of trust, fail to meet the requirements, and get pushed back down.
You'll see this skills shortage play out throughout the conference. On the floor it will show as more and more companies offer services and emphasize automation and reduction of operational costs. In presentations it will manifest as professional development and making do with less. Behind all of it is the challenge: how can you go pro and stay there? The answer isn't easy, but it isn't a mystery. Follow our going pro advice, and your rankings will soar.
Seek these five I's to "Go Pro" at RSAC:
- Integration: Create more value by connecting data points for automated actions and defense. You'll see a lot of talks and solutions touting integration this year at RSAC. Seek out and soak in anything that could help your environment.
- Iteration: Explore continuous improvement through DevOps and Agile methodologies. Things that build security in, rather than trying to protect things from the outside.
- Intelligence: Effectively applying threat intelligence will boost your abilities. Out of the 350 breakout sessions at RSAC this year, it seems like 178 involve threat intelligence, so you have plenty of opportunity. As Michael Jordan says, "Talent wins games, but teamwork and intelligence wins championships."
- Innovation: Show you can go pro by sifting through marketing fluff and find the real innovation at RSAC. Oh yeah, it's there, hiding in the haystack, and around the perimeter of the show floor.
- Information: Don't just consume it—give it back. Just remember that data is valued more than opinion. Opinions are like…well, you know the saying.
RSAC is the Goliath of information security conferences. Despite our critical raised brows at many of the vendors' sugar-coated crap, the truth is there's a huge opportunity to learn and teach throughout the week. If you can't find some value on your path to going pro—that's your problem.
—Jennifer Minella, Contributing Analyst, Securosis
Check out other posts in the series: Introduction
Theme posts: Change; Internet of Things; Professionalism; Compliance; Big Data; Bonk; DevOps
Coverage Area Deep Dives: Overview; Endpoint Security; Network Security; IAM; Cloud Security; Data Security; Security Management;
Download your copy of RSAC-G