Ok – so I haven’t been forthcoming with the updates. The wireless in the expo hall leaves something to be desired (ie: functionality) and I haven’t made the run to the north building to talk to their people about making the wireless work.
In all of it’s un-adulterated I-typed-this-into-notepad-because-I-have-to-use-windows-for-work glory, the notes I made for the last two days…
RSA Day One
Following up on yesterday’s posting, it’s been an interesting day at the RSA Conference and Expo – in that despite things not really getting rolling until the evening, there’s quite a lot of “back room” conversations going on – the hum of biznez is in the air.
Of course, I can’t actually tell you anything, but there’s a cautious optimism on the part of the vendors that the infosec money train is going to come in. I feel kinda bad as one of the potential clients telling them that the sell just isn’t compelling to business people yet.
Standing with one foot in the business world and one foot in the technology world, the box pushers just aren’t yet ready to deal with the real infosec problem. Soylent Employee.
RSA Day Two
Starting out late (I do have a day job and they apparently want some work out of me each and every day) I arrived at the 8am keynote at about 8:25. Saving myself from the horror of the actual keynote room, I’m skulking around the video keynote room in the south hall.
Bill Gates and Craig Mundie (Microsoft – duh) are speaking about the “Wow” — and describing a vision for a world without perimeter controls and with interoperable security.
I’m somewhat horrified to say that I have to add yet another item to the list of “Things Microsoft has done right.”
Currently, you’ll recall that the list stands at:
- Windows 2003 R2 is a pretty good operating system
- Microsoft OneNote is a useful application
- Letting Jim Allchin go so that he can talk about how great Apple products are
I’m going to add this one:
- Bill Gates “gets” next generation internetworking and computing infrastructure
Yup – that’s right. Bill is actually a really smart guy — he’s got some (apparently) interpersonal skills issues — but he knows this stuff cold and he’s got the necessary “greatness of vision” to do a great job of articulating the hows and whys of what will make the perimeter-free world actually work.
Onward – switching to liveblogging mode for a few moments…
The something something mumble old guy who is giving out the 2nd RSA Conference Award for Excellence in Public Policy — to the senator responsible for california’s disclosure law and some other person who he mumbled the name of for something mumbling.
Yup – that was 4 years ago.
WTF.
It’s too easy to make fun of these guys. I’m sorry.
They’ve got a good message, but honestly, the medium is the message and these guys do not have oratory skills necessary to get people up and running for them. When will people begin to work on the concept of delivery rather than just on the content of delivery.
Ok – President of RSA (a division of EMC) time.
He seems nice – he’s wearing the Madonna mike – and launches into the speech where he describes for us his (unholy) love of Bill and Vista.
Cut to Daily Show clip of John trying to get Bill’s password.
Cut back to President RSA guy talking about the horrors of how much information we create and what we’re sinking under (although his bosses at EMC are happy to sell you another frame for your Centerra).
Apparently we’re up for a “transformation” in the industry — no more “security only” vendors inside of 3 years. (And hey, wasn’t the spam problem supposed to be solved by now?)
Ok – now he’s regained his sanity – he’s preaching the “Sure, we’d love to help you with your business problem in a safe way” rather than the SANS party line “No.”
It’s all about the challenges rather than the threats — but we need a new motivation – the opportunity to:
- accelerate new ways of doing business
- step out of comfort zone
- link to business strategy
- information success is business success
- it’s not defense, it’s proactive
We’re supposed to be happy about all of the M&A that have been going on – we should only get security from his friends in giant business.
These are our new realities.
#1 – change in the kinds of threats we face – not a show off but now profit motivated
#2 – the potential for business to do more business online
#3 – the standard for care is now real – the demands are on us.
We – the infosec industry – need to change.
It’s not all about the technology – you can’t perfect it. We should be working to mitigate business risk.
(Will someone phone SANS and let them know that their curriculum is all wrong.)
Seriously, this guy is going to get mobbed by the hardliners.
“We haven’t implemented information security at all – we’ve focused on the perimeter around the information rather than the information itself.”
I hate liveblogging. It’s too hard to type while you’ve got the taste of vomit in your mouth.
Back later with more.
