This year’s RSA Conference promises to be just as huge, chaotic and informative as previous years. Keynote topics include trust, cryptography, privacy, emerging threats, threat intelligence, security awareness and cloud security. Many other topics also will be presented at break-out sessions.
We wanted to find out what cybersecurity experts and IT professionals expected to be the biggest draws, and what they want to get out of the conference themselves.
Ed Skoudis, a fellow at SANS Institute who has taught cyber incident response and advanced penetration testing techniques cybersecurity professionals, expects the emerging threats to be a major draw, as it has been for many years. As part of a SANS Institute panel who has presented this topic at RSAC for more than a decade, he knows this from experience.
“When we first started doing it, we’d get 200 or 300 people, but a few years ago we were up to 1,000 and had to book a bigger room,” he said. “Then it was 2,000, and then 3,000. Now we’re on the keynote stage with 8.000 people in the room and 20,000 people streaming it. That’s how much people want to know what the bad guys are doing, what they need to know about it and what they can do about it.”
The topic is on track to be just as important this year. In addition to the SANS presentation, the conference will feature an emerging threats seminar with more than 20 panelists, including security researchers and scientists from some of the biggest and most influential organizations including Microsoft, McAfee, Cisco, Global Cyber Alliance, Symantec, U.S. Dept of Commerce, and White Ops.
Another major trend is bound to be artificial intelligence and machine learning. While it has stirred interest at past shows, many believe this will be the year of AI at RSAC.
“This year, there are actual solutions that work with machine learning and AI. People really started to figure out where it fits in,” said Johannes Ullrich, dean of research at SANS Technology Institute.
Anthony Ferrante, global head of cybersecurity and senior managing director at FTI Consulting, agreed. “We’re just starting to see the tip of the iceberg because we now have the computing power to process the vast quantities of data that exist,” “More and more researchers and data scientists are discovering data and how to process that data and are doing different things with it, and I think we’ll see some interesting products at the show.”
Candy Alexander, an executive cybersecurity consultant and virtual CISO for the Information Systems Security Association (ISSA), believes that issues related to privacy will hold more interest for many attendees this year.
“We are almost a year into GDPR and the U.S. is seriously considering federal legislation to pre-empt the California Consumer data protection law,” she said. That makes privacy particularly relevant today. In addition, she sees a growing interest for tools related to privacy. “Whether for cookie compliance or data tracking, it is all necessary to help facilitate what technologists need to pay attention to.”
Cloud security promises to be another area of broad interest, with its own track at the conference. Skoudis expects to see some innovative and interesting technologies that use machine learning and AI algorithms in the cloud to help secure data.
“Because you have so much data in so many places in the cloud, you often don’t know what you have and where it is. It’s so vast that you need machine learning to find and figure out where the most sensitive data is and then start looking to see if it’s being accessed in a reasonable way or outside of normal patterns indicating a possible breach.”
One area mentioned by a number of IT professionals is the human factor—both the cyber skill shortage and the changing careers of security professionals going forward.
“We’re seeing more interest in how effective we are at using humans; how we bring them on board, train them, validate their skills and effectively employ them,” said John McCumber, director of cybersecurity advocacy at ISC2. “
McCumber also sees big changes in security-related careers, due to trends like AI and machine learning. “We’re seeing that some functions, like entry-level pen testing, vulnerability management and assessment and security operations will become automated,” he said. “That will make a dramatic difference in who is employed at what jobs, which is something that should be important to all IT professionals.”
These are just a few of the topics IT professionals brought up over and over. Other topics expected to be big draws this year include cryptography, 5G, governance/risk/compliance, and Internet of Things (IoT).