Connect with us

Hi, what are you looking for?


Management & Strategy

A Look Back at RSA 2017: 3 Things I Wish I Saw Less Of

Every year, the RSA Conference is an exciting opportunity to get the security industry together to debrief on the past year and look ahead toward how we can ensure more security in the coming months. This year, as always, I was inspired by the great work and technological advancements on display from a wide range of impressive security vendors.

Every year, the RSA Conference is an exciting opportunity to get the security industry together to debrief on the past year and look ahead toward how we can ensure more security in the coming months. This year, as always, I was inspired by the great work and technological advancements on display from a wide range of impressive security vendors. However, as I attend the event year after year, there are also some concerning patterns I see on a regular basis that are unfortunate byproducts of an otherwise great event.

Here are a few things I saw this year that I’m hoping won’t be making an appearance at RSA 2018.

Unreasonable vendor claims and silver bullets. Every year, countless security vendors roam the show floor at RSA, promising that their latest revolutionary tool is going to solve the entire world’s security problems. Don’t get me wrong – innovation in the security space is extremely important and a crucial way to ensure we are staying ahead of attackers. However, too often these organizations are overpromising and underdelivering, leading organizations to invest too much money into disparate security products that don’t actually make their organization more secure.

Silver Bullet

Let’s be honest, there are no silver bullets in security, and as an industry, we need to stop telling CISOs that they exist. Ultimately, an effective security program requires a more comprehensive approach to risk management, focused on integrating several different technologies and building a strong security team to manage these systems. 

The “spray and pray” approach to security has long been inefficient, and it’s disheartening to see organizations continue to capitalize on this trend.

Scare tactics as a selling tool. Along those lines, many vendors seek to sell their goods by scaring organizations into believing they need them. Highlighting the latest big security breach and claiming to have been able to stop it if only that organization had had their product isn’t a positive way to sell your wares. Additionally, scaring companies into thinking that if they don’t have one specific security component their entire organization is immediately at risk isn’t an effective approach to security either.

The truth of the matter is that most mature companies are not buying the fear, uncertainty and doubt being put out. If we as an industry continue to cry wolf about threats and attacks, I fear we will lose credibility and ultimately do a disservice to our customers. 

Advertisement. Scroll to continue reading.

We need to see organizations taking a cohesive, thought-out approach to security, not jumping at every new product on the market for fear that they’ll be compromised if they don’t.

Breach-shaming. All organizations have security risks. Period. While the industry works tirelessly to help organizations avoid being compromised, the fact is that breaches are going to happen. When they do, too often the company that was victimized is barraged by criticism from the rest of the industry, who say they should have implemented this product or this service or this response. This form of “Monday morning quarterbacking” benefits nobody; instead, we should be looking at companies’ past misfortunes as valuable learnings for the entire industry. The only benefit of a major breach is that it provides us with information that we can use to prevent something similar from happening in the future. Rather than shaming an organization who happened to be on the wrong side of it, we should be using a large-scale attack as motivation to continue to innovate and create better security for the future.

A promising trend: More collaboration. I don’t mean to be overly negative about what was otherwise a great event. There is one area in particular that was particularly motivating to see: more collaboration. It’s no secret that the threat landscape is continuing to evolve. Integrating technologies and sharing intelligence among the world’s leading security organizations is a crucial way to stay ahead of growing threats. Rather than allowing hackers to target multiple organizations, if each organization was aware of an attack as soon as it happened, the hacker would be stopped in his tracks before he could face his next target. Likewise, allowing organizations to integrate their technologies to provide customers with a more manageable and easily deployable security infrastructure is a great way to enhance security while minimizing extra effort on the part of the user. At RSA this year, I was inspired to see many organizations echo this perspective and make an effort to improve collaboration moving forward. As the dust settles from RSA, I hope we will continue to see much more of this trend throughout the year.

Overall, RSA was once again an inspiring and motivating event. I’m already looking forward to next year!

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.