Welcome to my new website...this site refresh is my first major one since 2008...!
I wanted to take a minute to re-publish the only post I'm porting over from my old blog. Back in 2008, Blackberries were the iPhones of the day, IoT wasn't yet a thing and compliance drove infosec spending. And oh -- it was 'infosec,' not 'cybersecurity.' But even in a recession year, RSAC attendance was growing 'exponentially (a fave and much overused flack term)." According to a 2008 SC Mag article, 375 vendors and 17,000 attendees were expected to attend. I'm sure at least that many vendors were there, but the buzz on the show floor was that attendance was lower than expected due to the recession.
Either way, below is my sole RSAC 2008 post. For the record, the video was shot with a camcorder and edited on an IBM Thinkpad using long extinct software. That, and the fact I was totally winging it, are why the production values are so poor.
Fear and Loathing on the Expo Floor
The buzz on last week’s RSA Conference is that as big as it was, and despite a large and diverse agenda, with DLP, PCI, and virtualization as the clear topics du jour, the show seemed be missing its usual intensity. Exhibitors were out in full force, yet the turnout seemed to be less than last year -- unsurprising given the acknowledgement towards flattened or decreasing security budgets. Not to mention the gala was met with a thumbs down by a surprising amount of people.
That said, the RSA Conference is still the preeminent security event of the year, and there is still plenty to be had for those looking. Ericka Chickowski of Baseline Magazine and I were definitely looking, and decided to drum up a little hype at the industry’s biggest hype-fest. Who better to join forces than a PR person and a journalist to poke fun at the marketing frenzy that is par for the course on any expo floor but times ten at RSA.
We hit the floor, camcorder it tow, looking to have a little fun with vendors around their irritating habit of inundating the press with pitches explaining how they could have prevented headline-worthy breaches. We decided to offer them a prime opportunity to weigh in on the Hannaford breach and specifically, how their solution could have prevented it.
Some fell for the bait, and some were either onto us or knew how to work it…
To the credit of just about all the people we interviewed, the conversation took on a deeper tone. Because Hannaford was PCI compliant (or were they…?) the conversation ultimately became focused around the ongoing conundrum caused by security and compliance still being mutually exclusive. While the ambiguity of SOX might have caused a certain amount of needless investment, PCI is a data security standard, which would imply that investing in PCI would result in a more secure infrastructure. Is that really the case? To check out the the unedited interviews, click here
Check out the video below...and before you cringe over the production values, this was filmed with a JVC camcorder, edited with....some video editing program for Windows, in the press room, done in a couple of hours....