With the Oscar award ceremony completed, the information security industry rolls out its own red carpet for its annual celebrity event, the RSA Security Conference, next week. I’ve written before about the pervasive “buzz” topics I expect to hear about next week. Here are 5 subjects I’d like to discuss: 1. Security software architecture. Enterprise software is based on technologies like transaction processing, middleware, and web services that allow individual applications to integrate into an enterprise architecture. To gain scale and efficiency, the next-generation of security software must be built on a similar software architecture foundation. IBM, McAfee, and RSA Security get this. So does Tibco which is why it acquired LogLogic. Will any other vendors talk about security software architecture at RSA? 2. Analytics algorithms. I am convinced that the industry is moving to an information-based model featuring big data security analytics. That said, CISOs don’t want to collect tens of terabytes of security data and then try to figure out what to do with it. The key to security analytics is a combination of stream processing, machine learning, statistical modeling, and nested algorithms. There is a lot of academic research in this area but little commercialization. Will vendors like Boeing/Narus, HP/ArcSight, SAIC, and Splunk get into this level of detail or hand out tee shirts instead? 3. Security visualization. Same thread as algorithms – security data visualization will move beyond pie charts and spreadsheets within the next few years. Oak Ridge and Pacific Northwest National Labs are doing a lot of work in this area. Will security vendors jump on the bandwagon? 4. The security skills shortage. I admit that I’ve done a lot of research around this topic so it is near-and-dear to me. Call me crazy but I believe this is a crucial issue that no one is talking about. I tried to do so myself by presenting my research at RSA but alas my proposal was rejected by the RSA mucky-mucks. I get it, this is not a sexy topic but an under-staffed, under-skilled cybersecurity workforce is as big a threat as anything. The bad guys are on the cutting-edge of cybersecurity offense while the defense lags further behind. 5. Hackers. This topic is better suited for Black Hat or Defcon but it should be an essential component of RSA as well. I expect cliché sound bytes describing how hacking is no longer the domain of adolescent whiz kids a la Matthew Broderick in WarGames (1983). Everyone gets this by now. What they don’t get is who the hackers are, how they are organized, and why they do what they do. Trade shows are trade shows so you have to expect high-level conversations, marketing hype, and generous distribution of alcohol. I admit I enjoy the lighter side or RSA but I hope that the fun and frolic is balanced by serious discussions on an increasingly ominous subject.
5 things I hope to hear about at the RSA Conference – but I’m not sure I will
The Curse of ComplianceNext Post
RSA Security Conference 2013: The Most Important RSA Ever?
A study shows that if the U.S. mandates backdoors to decrypt secret messages, there are hundreds of...
KDE's recently announced Linux distro, KDE Neon, seems like a questionable move that has the potential...
A prominent Linux kernel developer announced today in a blog post that she would step down from her...
As enterprises struggle to keep up with their internal demand for mobile apps, more are turning to more...
Amazon does a great job with infrastructure, but securing your cloud applications and environment is up...
Not quite 2:1 adoption rate for ACI like last fall, but close
When it comes to gripes about IT, CIOs need to go back to basics to address the needs of their most...