A recap of RSA 2017
In my blog piece in January, An advance look at RSA 2017, I wrote of what attendees could expect in advance of the RSA 2017 conference to ensure they made the most of their time there.
I wrote of the importance of wearing comfortable shoes, as there’s a lot of walking at RSA. With events in the south, north and west Moscone Center buildings and also two blocks away at the Marriott Marquis, combined with the long expo floor aisles; I am surprised podiatrists didn’t set up shop outside the convention center.
Like everyone, I left the conference with extreme information overload, sore feet, and much more educated about the current and future states of information security.
As each conference gets larger, with significantly more attendees and exhibitors, the perennial question is - will there be a bust in security growth? Can the industry sustain the year over year growth with more vendors at the conference?
At the California Israel Chamber of Commerce reception on the first day of the conference, I spoke with Gadi Tirosh, Managing Partner at Jerusalem Venture Partners, an international venture capital firm. Tirosh thought that given there is more and more attackers and adversaries appearing on the horizon, there’s no reason to think that the industry can’t sustain this growth.
With that, I think his sentiments reflect the overall positive mood of the industry. A key takeaway from the conference is that information security has arrived and is a pivotal aspect of today’s society.
As to the conference itself, there’s many reasons to attend. Aside from the countless t-shirts and other giveaways, the real value are the sessions. A challenge is determining which one to go to, given the plethora of fascinating topics being simultaneously covered. I was able to attend a number of them, and some of the more interesting ones I attended were:
- hands-on interactive lab exploring ransomware and how to defend against it by Jessica Bair, Eric Hulse and Joshua Reynolds of Cisco. In the lab, we used Maltego and the AMP Threat Grid tool for ransomware analysis. Ransomware is an insidious problem that won’t be going away anytime soon.
- Nir Valtman of NCR Corporation spoke about the challenges large organizations face when trying to secure applications from hundreds of vendors. He shared his experienced on developing a product security strategy based on his firm’s strategy, development methodology and pipelining tools, and product types
- Cindy Compert of IBM gave a great talk on Charting the Course to GDPR: Setting Sail. The General Data Protection Regulation (GDPR) is a European Union regulation intended to strengthen and unify data protection for individuals within the EU. This is a massive regulation and her talk on a framework for 5 phases to readiness was quite interesting. GDPR goes into force in May 2018. While it’s over a year away, for firms that need to be GDPR compliant, it’s a massive undertaking.
- Elie Bursztein is an anti-fraud and abuse research lead at Google. The title doesn’t do justice to how incredibly smart he is. The tools his team uses stops hundreds of billions of attacks every week. He spoke of how SMTP strict transport security is the next big milestone in messaging security, and gave examples of security tools from Google that are available to ensure those uses their services utilize all the security capabilities available.
Next year in San Francisco.
Due to Moscone Center scheduling, the next conference won’t be in its regular February slot, as it’s being pushed to April 2018. That means it has two extra months to grow even bigger and better. See you there.