Gotta love technology, I am writing this blog at 30,000 feet as fly back to Boston from the RSA Conference.  All in all, it was a good week – attendance was up at RSA and there were real security professionals present, not just technology vendors.  Here are a few final thoughts about RSA and my week.

1. President Obama was in town last night, meeting with a bunch of industry mucky mucks in Palo Alto.  The president is promoting a program to emphasize science and technology to prepare the US economy for the future.  I hope the President’s dinner banter included a plan to fund cybersecurity training and education programs since there is a growing skills shortage.  I also hope that the President leaned on industry fat cats to bolster internal cyber supply chain security processes as well.
2. It was nice to see federal integrators like CSC, Northrop, and SAIC at the RSA Conference.  These firms do big cyber supply chain projects with the US government and critical infrastructure.  We need more of their brainpower in the industry at large.
3. While I wouldn’t characterize identity management as a major RSA theme, everyone was talking about it.  User identity, device identity, VM identity, and brokering identity to the cloud.  I expect a “behind-the-scenes” boom for PKI to support all of these initiatives, but the geekiness of PKI makes it taboo for general discussions.
4. I spent a memorable hour with Raimund Genes, CTO of Trend Micro, discussing the current threat landscape.  He took me through some data about the threat landscape and the cyber underground.  I was surprised to find out that fake AV software continues to be the leading on-line scam.  There is a funny twist here.  The scammers charge people around $50 bucks to buy their phony software.  They tend to keep this money and then sell the identity information (i.e., credit card numbers, names, addresses, etc.) to others.  Talk about kicking your victims when they are down!
5. I keep thinking that the full-disk encryption market is fully saturated but it is not.  Vendors say they continue to grow share and prices remain relatively stable.  Encryption isn’t the hook anymore, now it is all about managing an army of encryption clients.
6. I can’t tell you how many security vendors referred to attacks emanating from Facebook.  In my view, Facebook views security as a business/public relations problem and really doesn’t care about the safety of its users.  Facebook really has to step up.
7. I agree with my friend Chris Christensen from IDC, the RSA Conference is composed of too many suits and not enough security professionals and researchers.  Thank goodness for Black Hat.

Hopefully, some of the success of this year’s RSA Conference was driven by the recognition that we really need to do more–like train more security professionals, improve security and risk management processes, and invest in effective safeguards.  I’m cautiously optimistic that this is the case.

Related posts:

1. Attention RSA Conference: Let’s Not Dwell on Cloud Security!
2. Final Thoughts on the RSA Conference
3. Is Facebook Sacrificing Privacy for Profits?
4. Random Thoughts from the RSA Conference
5. New ESG Research Report Points To Security Vulnerabilities In the US Critical Infrastructure

Tags: Black Hat, CSC, Facebook, full-disk encryption, Northrop, President Obama, SAIC, Trend Micro