RSAC 2016 Recap – Short on Security Skills, and Funding…

Last week brought me and 40,000 of my best friends together for the annual RSA Conference. As always, RSAC is a good barometer of what’s going on in the security industry. Here are some of my key takeaways.

1. Cybersecurity Talent Shortage Makes the Keynote – I have been talking and writing a lot about the security skills shortage which I feel is one of the most critical challenges facing our industry. (You can refer to my article on Dark Reading for more on this). I was pleased to hear this topic raised by several of the keynote speakers. The lack of women in security was also mentioned – this is a great point as one way to increase the talent pool is to tap 100% of the population as opposed to just 50%. Male or female – intelligent automation of security processes is key to getting more done with your existing teams.

2. Detection vs Prevention – it was interesting to hear from both the detection and prevention camps, obviously fueled by vendors with products rooted in one camp or the other. So which approach is better? The one that assumes you can never stop everything so you have to develop good incident response capabilities? Or maybe the one that assumes you can never deal with all the alerts so the solution lies in prevention? The truth, as it does so often, exists somewhere in the middle – and organizations are going to have to get really good at both to stay out of the headlines. And as for the two camps – well the meme below sums it up for me.

3. Platform versus Point Products – Another interesting vendor battle. The large vendors are pitching that only a platform which employs the full stack can provide true protection, whereas smaller products are claiming best of breed is the way to go. Once again, there is no right or wrong. It’s true security organizations deploy way too many security tools, but it’s also true that better mouse traps will keep popping up and organizations can’t always wait for them to be acquired and integrated by their favorite platform vendor. Moreover, several CISOs I spoke with do not like it when vendors only try to sell them the full stack of products, and prefer vendors with integrations into other products which offer choice and flexible deployment options. Like it or not, you will have heterogeneous environments with multiple tools until… well probably forever. In the meantime – you must ensure your processes can cope with this complexity.

4. Security Funding Cooling Down – after several years of unsustainable investments in security, which resulted in an unbelievable number of new security vendors, the investor talk at RSA has flipped. Investors now display much more scrutiny before investing in new or emerging companies, and are wisely waiting for the dust to settle and winners (and losers) to emerge. As a company who is self-funded and profitable since inception – it’s really nice to finally align with market trends that now favor profitability and sound business practices over unsustainable pursuit of growth at all cost.

See you at RSAC 2017!