A painful visual illustration of the generation gap in security YouTube

A painful visual illustration of the generation gap in security.

RSA 2015: The machines are coming for us

For future reference: When you hit the expo floor to look at vendors' booths and sit through demos, try to go after 5 p.m. That's when happy hour begins, and a lot of vendors are more than happy to hand you a beer or pour a nice glass of red. Just pencil that in for future reference.

The great thing about hitting the RSA 2015 expo floor was seeing where attendees' interests lay. Mobile security vendors, BYOD and cloud security booths often had traffic jams around them — even without the inducement of free booze — as did nearly every booth on security education or security analytics.

This was one way in which the contents of the show floor synched up with the contents of the keynotes on Wednesday. If the theme from Tuesday was "We need to change how we behave," the thread connecting all of Wednesday afternoon's sessions was best summed up by Art Gilliland, HP's senior VP and general manager of enterprise security products. He compared the evolving demands of the security profession to his 15 years as a Halo player: "There's the old-school game which is at the heart of what we have to do every day. And then there's the new-school game, which is what we have to adapt to what we're doing now."

And the message — from Gilliland, MIT's Andrew McAfee and Juniper Networks' Christopher Hoff — was that security professionals are now going to have to master the tricky task of protecting legacy systems while also grappling with a growing threat landscape.

Gilliland offered the most cogent answer to the question. Start thinking of your job in terms of old-school security: focusing on network fundamentals, good "hygiene" (how you set up and execute infrastructure), and making sure your people and your processes are not exposing you to risk. And then acquire the new-school mindset: According to Gilliland, the number-one question for a lot of security professionals will be "The data is moving. How do you encrypt data when it sits on someone else's platform?" Security professionals will have to figure out to secure the interactions between users and the many, many different ecosystems they (and their data) move through on a given day.

Or maybe the security professionals will leave that up to our new robot overlords. In a nice bit of scheduling serendipity, on Tuesday morning, RSA president Amit Yoran had launched his keynote by pointing out that many tasks formerly unique to human professionals are now being handled, well and speedily, by machines. And the final keynote yesterday by McAfee revolved around the premise that we're in the middle of a second machine age, one in which we need to recognize that the rapidity and quantity of machine-generated interactions will alter our computing landscape — and we had better be able to figure out how that works for us.


Some quick bullet points from yesterday too …

  • I had a chance to sit in on a Microsoft presentation on their newest features in the Microsoft Cloud. In keeping with Scott Charney's address on Tuesday, much of the focus was on transparency and control. Microsoft's reworking of its lockbox in Office 365 will let customers approve or reject Microsoft's ability to access their specific content — although controlling that access will also control the extent to which Microsoft pros can troubleshoot your account when things go pear-shaped — and by the end of 2015, the company is looking forward to providing encryption for every single item in your Office 365 mailbox; it's a finer degree of security than the mailbox-level encryption.
  • If you have a spare 25 minutes to kill, I highly recommend watching Juniper Networks' VP and Security Chief Technology Officer Christopher Hoff give the "Talkin' Bout My Next Generation" presentation — not only for the content of the keynote, but for how deftly he sends up product announcements, how graciously he handled his entire presentation going kablooey — and how vividly he illustrated the power of social engineering and how it can be used against overconfident IT professionals.

I have one more RSA wrap-up, this one focused on the job prospects of security professionals. Feel free to follow along on Twitter via the hashtag #RSAC.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.