Welcome to my new website...this site refresh is the first one I have done since 2008, making it way overdue.
While there is a new post coming (first in a while), I wanted to take a minute to re-post two ten year old posts (almost!) from when I first started consulting, as they are the only two I'll be porting over from my old site.
Back in 2008, IoT wasn't yet a thing, the CISO role (as opposed to CSO) was just emerging, and regulatory compliance was the main driver for new information security investment. And...infosec was referred to as infosec, it had yet to become "cyber"-ized. And while I never got actual attendance numbers, in light of the recession, 2008, RSAC attendance was believed to be lower than usual....likely the last time for a long time that that will be the case - thanks to the endless parade of mega breaches, cyber security has hit the mainstream...
But that's another topic for another post. For now, saved for posterity, here's my RSAC 2008 post:
Fear and Loathing on the Expo Floor
The buzz on last week’s RSA Conference is that as big as it was, and despite a large and diverse agenda, with DLP, PCI, and virtualization as the clear topics du jour, the show seemed be missing its usual intensity. Exhibitors were out in full force, yet the turnout seemed to be less than last year -- unsurprising given the acknowledgement towards flattened or decreasing security budgets. Not to mention the gala was met with a thumbs down by a surprising amount of people.
That said, the RSA Conference is still the preeminent security event of the year, and there is still plenty to be had for those looking. Ericka Chickowski of Baseline Magazine and I were definitely looking, and decided to drum up a little hype at the industry’s biggest hype-fest. Who better to join forces than a PR person and a journalist to poke fun at the marketing frenzy that is par for the course on any expo floor but times ten at RSA.
We hit the floor, camcorder it tow, looking to have a little fun with vendors around their irritating habit of inundating the press with pitches explaining how they could have prevented headline-worthy breaches. We decided to offer them a prime opportunity to weigh in on the Hannaford breach and specifically, how their solution could have prevented it.
Some fell for the bait, and some were either onto us or knew how to work it…
To the credit of just about all the people we interviewed, the conversation took on a deeper tone. Because Hannaford was PCI compliant (or were they…?) the conversation ultimately became focused around the ongoing conundrum caused by security and compliance still being mutually exclusive. While the ambiguity of SOX might have caused a certain amount of needless investment, PCI is a data security standard, which would imply that investing in PCI would result in a more secure infrastructure. Is that really the case? To check out the the unedited interviews, click here
Check out the video below...and before you cringe over the production values, this was filmed with a JVC camcorder, edited with....some video editing program for Windows, in the press room, done in a couple of hours....