Now that we've had a few days to digest our respective experiences at the recent RSA Conference, what did we learn?
On the lighter side, we learned that astrophysicists can be really, really funny. And if you don't know what I'm talking about, you must have missed Neil deGrasse Tyson's keynote, during which he managed to make obscure facts about the cosmos as entertaining as a night at The Improv. The prevailing theme of his talk was that "Albert Einstein was a badass" — need I say more?
Actually, as true as that proclamation is, it shortchanges the profound words Tyson slipped in about Americans' total obsession with winning and success. They were words every IT security professional would be wise to absorb through osmosis.
"The culture needs to get accustomed to the idea that failure should be celebrated as a consequence of stepping where you've never stepped before," he said to much applause. (That reaction was not surprising given that approximately 82% of the people in the room had probably seen a startup go down in flames from close range.)
Speaking of which, we learned that there are a lot of people calling for more risk-taking innovation and less me-too competition in the security space, as organizations find themselves facing new, increasingly sophisticated threats designed to exploit fast-growing platforms like mobile and the Internet of Things.
"We have 13 companies attacking every single problem. Maybe we should rethink that," said Bob Ackerman, managing director and founder of Allegis Capital, during a venture capital panel discussion at this year's Innovation Sandbox . "The next wave of innovation comes when people get smart, they get creative, and they start working on solving new problems."
Minutes after Ackerman said that, 10 of the hottest security startups provided evidence that they've gotten the message, demonstrating (in three minutes or less) how they've been busy innovatively applying analytics, artificial intelligence and new encryption strategies in an effort to catapult organizations into 21st century security models.
Later in the week, we learned during a panel discussion on "immersive security" that the security world is in need of new visual approaches to security that borrow from the world of gaming in order to attract fresh, young talent. And that a young company ProtectWise, has come out with a new security solution that features a game-like interface that presents an organization's security footprint as a three-dimensional cityscape.
Naturally, we also learned that the bad guys are innovating just as fast as the good guys. For example, during the SANS Institute panel that has become an RSA Conference tradition, we heard from the always-compelling Ed Skoudis about creative new ransomware approaches, such as crypto ransomware, and about the creative ways attackers are using the IoT.
And we are early in both cycles, Skoudis said.
"If ransomware were to change the infrastructure of the Internet of Things, we have a problem," he said.
Meanwhile, the same themes — innovation, analytics and artificial intelligence — were all on display on the sprawling exhibition floor of San Francisco's Moscone Center. Amid the throng of vendors, there were those pushing security analytics for websites, email, the IoT and employee behavior. And there were AI-powered solutions for securing everything from infrastructures to application development environments.
There was also an anti-steganography solution from a British company called Deep Secure that counts defense departments and intelligence agencies among its customers. (I had to turn to Google to learn that steganography is the practice of concealing data within other non-secret data, and that it's become a very popular attack method in recent months.) Deep Secure's technology isn't technically artificial intelligence, but it one-ups the AI-inspired art of image recognition by isolating data hidden within an image.
If that's not innovation, I don't know what is. And I guess that's really my answer to our initial question: I learned that innovation in the world of cybersecurity is alive and well, and that you, the professionals charged with protecting the IT assets of the world, will be well armed in 2017 and beyond. As always, however, the success of your security programs will depend on what you do with that technology.
Here's hoping that you took something home from RSA Conference 2017 that will help you win the lion's share of your cyber battles. And just when you think your adversaries might be catching up with you, you'll be back here, getting re-armed at RSA Conference 2018.
See you next year.