Among the waves of noise, mutterings of threats, analysis, BYOD demands, the Great Fear of IoT, and the hyper-ptui of sales blather, I saw something at RSA. Call it a security crocus, that first brave flower of people paying attention.
There are a smattering of hardened security professionals at RSA. They’ve seen it all, watched as secure data was opened like a can of old anchovies, and smelled just as bad. You can see it in their eyes, mostly: Skepticism mixed with scar tissue, thick skin, and I-told-you-so, with a short attention span and nary a smile.
+ MISS RSA? Catch up with all the news from the show +
From the top of the management stack wander the CISOs, pronounced SeeZos, looking pretty paranoid, eyes wide open, shorter attention span still, waltzing the aisles looking for specific keywords. Something they’re missing. Something that’s caught their attention. Something on their agenda. There are occasionally minions surrounding them, taking notes, or colleagues, huddled together in animated discussions.
Coders are there. They talk a lot. It’s rapid-fire, and in a language most English speakers wouldn’t understand, so riddled with jargon and constructs as to be a full-on verbal salesperson assault. Coders are so fun to talk to. They join this API and that, then ask questions like: why does your product pass (fill in this blank) then return a (WTF). There can be three eye-rolls in the same sentence.
Security isn’t just in the USA, it’s everywhere. Whole countries are worried about their assets, their crown jewels, now that things are being put online. Decades of union bureaucracies are being slowly retired, paper trails now morphed into data trails, and incredible barrages of attacks on that newly-minted data appearing hourly, every hour of the day, every day of the week. They’re dressed well. They walk very, very quickly, a cell phone in one hand while talking into another at their ear.
These are the weary people.
There are happier people.
Two guys at a table, sitting across from each other, have notepads. They’ve just finished a plan. The salesguy is weary, but has a smile. The other guy sits back, has a far-off look in his eyes, nodding his head affirmatively, to himself. He reaches forward and shakes his hand. He’s outta there, a widening smile on his face.
I’m standing watching a demo of some stream monitoring software. It looks at the streams of data going through a sensor. It’s an interesting product, agnostic, not unlike the deep packet inspection stuff that I loathe for its potential privacy injury. A guy alongside me, another random conventioneer, suddenly gets a lightbulb moment. Oh, expletives deleted, he says slowly as the mechanics and implications of the merit of the approach are dawning on him. More hushed expletives as he watches in certainty that this fixes one of his problems.
Another professional, a woman that looks like a dead ringer for one of my early English teachers (with the same, “I’ll melt you into the floor if you ever, ever confuse there, they’re and their even a single time”), finally extracts the singular nugget of fact from a salesperson she’s been questioning, as I listen. I think the salesperson expects bolts of lightning at any second. That’s what I needed to hear, she says. Why didn’t you say that in the first place? The salesperson is rattled. Suddenly, she beams. A priceless “whew” sort of expression crosses his face. She wants to license. I hear him audibly exhale as I walk on.
Much of this conference and exhibition was like this, unlike last year’s psyche.
Feet being held to the fire. Asbestos socks doing their job.