It's a bit hard to believe, but our little Securosis Guide to the RSA Conference turns 7 this year. And the RSA Conference folks are throwing our guide a party, with tens of thousands of their closest friends. Oh, how quickly our children grow! It seems only yesterday we were talking about cloud, APT, and compliance as the hot new trends you'd see at the show.
Huh. Maybe the security industry changes... not all that fast.
For those of you new to this guide (The RSAC-G for short, because as security weenies we have to use acronyms, and we're non-conformists so they can't be three letters), it's when the Securosis analyst team steps back and... oh heck, let's just flash back from last year to catch everyone up.
"The RSA Conference is the single biggest event in our industry. Love it or hate it, there is no better place to put your thumb on the security industry and get a sense of where things have been and where they are headed. But navigating such a large event and filtering out all the BS only gets harder as the event continues to grow. The goal of this RSAC-G is to help you better plan for, and take advantage of, the event.
Over the years we’ve learned that RSAC, not December 31, is the best time to take stock of the security year. It’s the delineating event that many vendors plan their entire marketing cycles around. So this guide has evolved from a simple overview of a conference to an in-depth annual review of our industry. At least that’s what our enormous egos tell us."
This is the second year the RSA Conference itself is posting the guide. First as a series of draft posts on the conference blog, and then the full final PDF file that makes everything look pretty and adds a plethora of borderline-inappropriate memes. Last year we assumed someone would be fired for such an irresponsible decision, but somehow we were invited back. Although suspiciously by a different editor. Correlation may not be causation, but we're taking credit anyway. (These posts are copy edited, but we have an open mic on content).
In previous years the RSAC-G followed a consistent format. An overview of top-level trends and themes you would see at the show, a deep dive into our coverage areas, and a breakout of what's on the show floor. We decided to change things up this year. The conference has grown enough that our old format doesn't make as much sense. And we are in the middle of shaking up the company, so might as well update the RSAC-G while we're at it.
This year we'll still highlight main themes, which often set the tone for the rest of the security presentations and marketing you see throughout the year. But instead of deep dives into our coverage areas, we are focusing on projects and problems we see many clients tackling. When you go to a conference like RSA, it isn't really to learn about technology for technology's sake—you are there to learn how to solve (or at least manage) particular problems and projects.
This year our deep dives are structured around the security problems and projects we see toping priority lists at most organizations. Some are old favorites, and others are just hitting the radar for some of you. We hope the new structure is a bit more practical. We want you able to pop open the Guide, find something at the top of your list, jump into that section, and know where to focus your time.
Because let's be honest—FUD and misdirection in the security industry are hitting epic new levels, exactly when we really need clarity and honesty. It is, frankly, embarrassing. But it isn't also about to change—just look at all the advertisements for 'traditional' home security involving ski masks and broken windows.
Don't buy the hype, and don't let some lazy marketing tempt you over to the Dark Side of budget black holes and new tools with conveniently located exhaust ports (right below the main ports). Know the issues you need to fix, find tools to help, and don't expect any magic hydrospanners to solve them for you.
Okay, it is possible we watched the new Star Wars a few too many times.
As always, we’d like to thank all our Contributing Analysts who pitch in on this massive project every year: David Mortman, James Arlen, Dave Lewis, Gunnar Peterson, Gal Shpantzer, and Jennifer Minella—and our ever-vigilant editor, Chris Pepper. And this year we’d like to thank the RSA Conference team for, once again, taking such a big risk in letting a bunch of snarky analysts post whatever we want on their official site.
— Rich, Mike, and Adrian
Check out the complete series: Introduction
Theme posts: Threat Intelligence & Bothan Spies, R2DevOps, Escape from Cloud City, The Beginning of the End(point) for the Empire, Training Security Jedi, Attack of the (Analytics) Clones
Deep Dives: All Threats, All the Time..., Data Security Deep Dive, Cloud Security Deep Dive