RSA 2019 Day 1: Going Beyond the Basics

An actual sign above urinals at the Moscone Center

A quick dispatch from the first full day of RSA 2019.

Once in a while, the universe sends you a sign. In this case, it was a business-card sized, engraved warning not to drink the toilet water at the RSA show. Yes, you actually need a sign to keep you from refilling your water bottle in a urinal. (who knew!) This warning was an apt reminder of what we are all dealing with at RSA. I don’t know who is behind the placement of these signs, but I suspect it was a lawyer. It’s a risk management strategy – what if someone drank the reclaimed water from the toilet and got sick? Then, they could sue RSA, the Moscone Center, the City of San Francisco…  uh huh…

That’s cybersecurity for so many companies, however – checking off boxes and doing things that are as useless as they are obvious. Fortunately, the security field seems to be finally moving beyond these kinds of practices. The same old stuff doesn’t work any more. So, let’s stop doing it. That’s what I’m seeing this year. The industry – and its customers – are finally starting to move in the right direction. No more investments in the security equivalents of toilet water warnings.

Rather, CISOs are taking a broader view of risk, working at the board level to secure funding for programs that are ambitious, but grounded in reality. Solutions are evolving as well, offering more pervasive risk mitigation, more continuous and dynamic threat prevention. That’s my impression on day 1.