Connect with us

Hi, what are you looking for?


Management & Strategy

Never a Dull Moment – RSA Conference Afterthoughts

RSA Conference 2020 - San Francisco

There’s Never a Dull Moment in the World of Security 

RSA Conference 2020 - San Francisco

There’s Never a Dull Moment in the World of Security 

After the disruption caused by the last-minute cancellation of Mobile World Congress, there were some mutterings as to whether RSA Conference 2020 (RSAC) would still happen. The media were suspicious and several sponsors withdrew in the weeks preceding the event. Nonetheless, the RSA bandwagon continued rolling with more than 36,000 attendees who made their way to the Moscone Center for their annual fill of cybersecurity updates and developments.

Before I share my thoughts on this year’s event, however, it’s worthwhile to reflect on how RSAC has developed since the first time I attended in 2011. As we know, this industry is ever-evolving – and one of the year’s largest security trade shows is no exception to change.

Blast from the Past

I remember 2011 as the year of the cloud; or, more specifically, security in the cloud. This was the hot topic of the time, as plenty of sessions covered it not only from a technical perspective, but from a legal and privacy standpoint. Cloud was not new in 2011, but it had matured to the point where even government agencies were starting to look at adoption, creating a critical need to protect and regulate data.

With cloud adoption underway, the logical next step was Big Data. A focus topic for RSA Conference 2012, the underlying concepts continued to mature, as more organizations moved into cloud services over the coming years. Initially, conversations were focused on how to make the best use of these vast data-lakes with predictive analytics. But, very quickly, the topic shifted toward how do we protect the data, with the realization that it was of such high-risk for attackers looking to either prevent access to, modify or delete corporate data – and then resell or ransom information to the highest bidder.

During the second half of 2016, the Yahoo! breach occurred, exposing more than one billion user records. Despite hearing more tales of caution about the need for IoT security, this attack was driven by the Mirai botnet that had been responsible for the DYN cyberattack in October of that year. This meant the focus during RSA 2017 was twofold, with sessions on how to better protect data and ensure privacy, as well as ones focused on the need for IoT security, given it had experienced such a gain in notoriety.

Fast forward to 2018 and data was still a big topic at RSA, but this time for different reasons: the EU General Data Protection Regulations (GDPR). There were many keynotes and sessions held in this area, as organizations worked to understand how they would be affected by the GDPR, including how it was relevant to non-EU organizations. 

Advertisement. Scroll to continue reading.

No Time Like the Present

Bringing us up to 2020, the theme for this year’s show was ‘The Human Element.’ Many presentations were focused on understanding the hacker point-of-view and how they see opportunities with un-patched, or un-addressed, software and network vulnerabilities. 

This year, I noticed a big uptick in companies talking about technology that uses Artificial Intelligence (AI) to leverage and understand analytics, and not always in the ways that we might expect. The winner of the RSA Innovation Sandbox Contest was a company called, which is focused on AI-powered PrivacyOps. Considering just a couple of years ago we were still debating what needed to be done, this is an exciting development.

Several vendors also presented on different authentication methods, from the traditional two-factor authentication that we’re all used to now, to new technology from Pindrop with Deep Voice 3 that aims to recognize an individual’s voice as quickly as three syllables. Of course, authentication also raises the issue of facial recognition and how this is being used in some countries for law enforcement. As commercial solutions, such as video-doorbells, take hold, does this introduce privacy issues? Or, could the data be leveraged for covert surveillance? This is a question I’m certain will return in 2021.

Key Takeaways

This then leads me into an area of personal interest: networking and career advancement. This is an often under-reported part of the conference, but one that is of critical importance as we know there are just not enough people entering the industry today to meet demand. There were some solid conversations around the value of certifications, whether we focus on recruiting from the right educational backgrounds for cyber and the importance of promoting diversity as key to improving recruitment numbers. A few key takeaways: 

• Do we need more clearly defined career paths for cyber?

• Should we be looking to recruit from non-technical areas?

• Does today’s gamer make a good cybersecurity professional?

Overall, even with the concerns about Coronavirus that may have reduced overall attendance, RSA Conference 2020 was very much worthwhile to attend. We’ve seen a shift away from ‘common themes’ across the event to real development in plenty of new areas that truly advance cybersecurity. There are still too many solutions out there vying to be heard, but this is not a terrible thing. It at least means that people are learning about existing risks, new risks and future risks.

When it comes down to it, we are all professionals. Our responsibility is to ensure that our customers, colleagues and businesses are well-protected against current and future cyber-attacks. As such, conferences like RSA are invaluable in offering conversations, identifying new technologies and promoting new ideas to achieve this.

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem