As I reflect on the RSA Conference, a few thoughts come to mind. It was only a couple weeks ago, but given current events and the Coronavirus pandemic, it feels much longer. There were all the trappings of a traditional trade show. Walking the show floor was as usual, full sensory overload, with each carnival barker clamoring for your attention with much fanfare—”Come see the one-eyed snake,” “Hercules battling the greatest of threats with the greatest of ease”—you know it when you see it. There is also the choose your own security adventure between the Innovation Sandbox, the tracked sessions, the keynotes, and of course the expo halls.

What’s often difficult to see with any clarity is what are the threats. The RSA Conference will have you believe it is everything—everything is a threat. Not only that, but to be responsible you must both have everything, and you must do everything. Why else would all these organizations spend all this money and time to be in San Francisco?

Sometimes we need a face for a threat, sometimes for the simple fact that you need an enemy if you want a fight. We like to say it’s the Russians or the Chinese as if a foil is necessary to draw the lines between what is black or white. What I am finding to be a greater challenge when I am walking through the streets is perhaps the real threats are the ones we ignore not through ignorance (as we all know what that is), but through conscious acceptance of risk and doing nothing anyways.

So, what do we do? We can look to the future. Artificial Intelligence (AI), and Machine Learning (ML) is the topic du-jour. While I don’t disagree with the potential benefits both as a practitioner and consumer of these technologies, I struggle with the labels we use. Calling something both artificial and intelligent based on a questionable belief that we can somehow teach a machine to learn better than we can teach ourselves seems like we have the potential to once again place too many “eggs” of belief in tomorrow’s basket.

Don’t get me wrong. These technologies can do a lot, but we should be careful putting our faith into false idols. One thing I did take away from the 2020 RSA Conference is the power of bringing people together. While we might not all be going in the same direction, so many of us are in the same boat (whether we like to think we are or not). The theme of the event was the Human Element this year and given the carnival atmosphere, made more real through all the dizzying applications and ways we choose to connect digitally. I know we won’t lose sight of the connection that must be formed when a whole bunch of people from a whole lot of places come together with a common purpose. Sometimes we need to focus on rising the tide and not making more boats.

It’s important to remember that you can’t prevent 100% of attacks. There is no such thing as total protection. There are lots of tools available, but effective cybersecurity still requires human beings—and having the right expertise to identify and prioritize issues.

Ryan Berg
About the Author
Ryan Berg

As Fellow Data Science Engineer for Alert Logic, Ryan engages with customers, the industry, and internal product deliver teams to advance the state of the art in security analytics and machine learning. Berg holds 17 patents and is a speaker, instructor, and author in the fields of security, risk management, and secure application development. Prior to joining Alert Logic, he was Chief Scientist at Barkly (acquired by Alert Logic in 2019), Chief Security Officer at Sonatype, Chief Scientist and cofounder of Ounce Labs (acquired by IBM in 2009), and Principal engineer and cofounder of Qiave (acquired by WatchGuard Technologies in 2000).

Related Post

Ready to protect your company with Alert Logic MDR?