It’s worth penning how much was different from the last year at the RSA Conference Exhibits this year, hence this post.
Side events
For those of us who have worked in security for a while (I’ve always maintained identity is a part of security), RSA is both a large conference and a bunch of smaller meetups that happen around it. Like an overwhelming majority of attendees, I skipped the main sessions, and spent most of my time in the smaller meetings, and did a round of the exhibits as well. Notable among the meetings were:
- Cyber Entrepreneurship Summit: This one had a dinner and an “RSA Bollywood Party” after. Besides pitches from startups, it also had some expert presentations and “fireside chat” type conversations, all focused on cyber entrepreneurship. Great private conversations with high quality attendees, both entrepreneurs and large company executives
- Okta Identity 25 Dinner: I was privileged to be invited to this one, as I was included in their inaugural list. Amazing conversations over dinner on the personal trials and tribulations, as well as some triumphs of identity technology
Although I didn’t attend the BSides SF side conference, I heard good things about it and intend to check it out next year.
Notable absences
Among the RSAC exhibits, the shifting sands of security priorities once again was reflected in the makeup of the booths from new and old vendors alike. Here are a few major themes from last year that seem to have vanished / dissipated:
- API Security, which dominated the showfloor last year was more of a footnote this year. Possibly due to a lack of sales momentum? I heard the Noname acquisition was a bit underwhelming. Since some of the companies prominently exhibiting in this area last year were Israel based, I wonder if geopolitical events had an impact?
- MDR (Managed Detection and Response): Although I think under the covers this is still going on, it’s being spun as “intelligent monitoring” more than MDR now, with some AI language sprinkled in
- *SPM (Cloud Security Posture Management / Data Security Posture Management / other SPM): I think this too morphed into other language being used by the attendees, but the term CSPM / DSPM was no longer a headline - more like a feature of a broader value
AI everywhere
To say that AI was all over the RSAC Exhibits this year, would be an understatement. I can’t believe how much every exhibitor was pushing on AI related messaging. While I couldn’t make sense of all of it, a few interesting AI use cases I encountered are:
- Using Gen AI to analyze blogs or other news about security breaches, mapping them to known CVEs. and then correlating them to log / audit events found in an organization’s SIEM to determine vulnerabilities
- Categorizing with AI, which of your roles / groups may or may not be required by analyzing actual access logs.
PS: Do you recognize the typewriter-like machine in the collage? Hint: I saw this at the NSA booth. Just Google it if you don’t recognize it!