I don't know about you, but I always find myself swept away by the momentum of a big event like the just-concluded RSA Conference, but when it ends, brother, do I get a conference hangover.
For what seems like days after I return home, my brain is mush and I can fall asleep on a dime. If anyone in my house so much as whispered the term "information security" during those first days back, I'd cut off the Wi-Fi.
But by the end of the weekend, both my body and mind are returning to normal, and I can properly assess the barrage of ideas, anecdotes and prognostications that assaulted me for days.
With enough time having passed since the curtain closed on RSAC 2016, it's time to look back at the blur of takeaways, from the surprising to the expected. Some of what I learned may sound familiar and thus provide a helpful refresher course. As for the rest, here's hoping it's interesting stuff you'd have missed without being privy to my first-hand descriptions.
1) Sometimes the most obvious thing is also the most indicative. And it's hard not to draw a lot of conclusions from the mass of humanity that was RSAC 2016. Attendance was reportedly up 15 percent, to 40,000, but it sure seemed like more. Sessions (of which there were a ton) were fuller, hallways were tougher to navigate, and the exhibition floor was packed all day. And don't even get me started about the escalator lines.
What does the crowd mean? On the surface, it sure looks like good times for the information security industry. Demand for the technology is up amid the unprecedented pace of attacks, vendors are cranking out innovations, and interest in startups is through the roof. Then again, there's also a sense of urgency among security professionals that they need to stay a step ahead of the bad guys at all times or risk their company's systems and reputations, not to mention their own careers.
1a) Most of RSAC's attendees are there to hear, above all else, about the new security technologies that will soon be in their tool belts. So it must have been a shock for them to hear RSA President Amit Yoran essentially tell them during his keynote that technology is not the answer to today's security woes. "You are how you behave" was Yoran's keynote refrain, and it was certainly food for thought.
2) As I predicted in my pre-show post, the Apple-FBI standoff dominated discussion all week. In fact, I'm pretty sure the topic came up in every session I attended. It is very clear the security and privacy worlds believe that a) this case is an important one for the future of privacy; and b) the FBI, while well meaning, is overstepping its bounds.
3) Not surprisingly, given the nature of the Apple-FBI case, feelings around encryption are hot. Not only is the industry rallying around Apple out of fear the case could establish a precedent that threatens the strength of encryption technology, it is also clear that encryption is seen as the most important tool InfoSec teams will have at their disposal over the coming years.
4) With the future of encryption somewhat uncertain and so many of the traditional perimeter-focused security technologies being eschewed as the focus shifts from systems and applications to protecting data, some exciting new technologies were introduced, especially during the annual Innovation Sandbox.
Still, as fascinating as I found Bastille's efforts at securing the Internet of Things' wireless protocols or Illusive Networks' approach of fooling intruders by creating a dummy network topography to deceive them, the top prize went to Phantom for its solution that automates manual investigation and response tasks. If that doesn't indicate that the biggest priority of security teams today is to make their jobs a bit less overwhelming, I don't know what would.
5) Perhaps the biggest surprise for me was the complete absence of talk about the upcoming presidential election. I guess that security execs don't think the differences between frontrunners Donald Trump and Hilary Clinton will mean much for them. At least they got a good political joke courtesy of consultant and former NSA chief Mike McConnell during the privacy keynote panel on Thursday. McConnell shared this gem he said he'd heard the previous night at dinner:
"I hate political jokes. They always get elected."
6) While security and privacy executives may not care who runs Washington, they certainly care about what happens there. In particular, they care about efforts to rethink legal definitions and protections of privacy for the digital age. As Brad Smith said during a powerful keynote speech Tuesday, "We can not continue to govern twenty-first century technology with laws that were written for the adding machine."
Which brings us to the most important takeaway of all: With voices such as Smith and Yoran leading the way, the mantle of security is in good hands for the coming year.