RSA Conference Asia Pacific & Japan kicked off in Singapore to a packed audience. This being my first RSA experience, I was expecting fireworks - and I can say that I wasn't disappointed. I had a front row seat to a view of what were some of the most articulate visions I have heard re: what the security domain may look like in the coming years.
The line-up for the first day - all keynote speakers - was no doubt intended to set the tone for the session-heavy days that follow. Amit Yoran, President of RSA; Raimund Genes, CTO of Trend Micro; Ken Allan, Global Cyber Security Leader, Ernst & Young; and Phillippe Courtot, Chairman and CEO of Qualys Inc., were the keynote speakers, each delivering a crisp 20-minute session.
I think it fair to venture that I will see this theme reflected in much of the material that is going to be presented in the next two days
Yoran's rousing opening keynote, entitled The Game Has Changed (video), brought forth the issues facing the industry today, decrying the existing legacy mindset. The message was unambiguous and very direct: Security needs to change. Quickly.
Drawing from examples from the year past - counting back from OPM - Yoran said that while change was hard, the cost of maintaining the status quo comes at a far greater cost. "In a world being reshaped by sophisticated adversaries, the industry is still selling the perimeter as the primary line of defense," Yoran said.
Genes' keynote titled 'Targeted Attacks, APT's & Cyberwar - A MKT Buzz or a Real Business Threat?' (video) was my favorite of the day, treading that fine line of packing a punch while managing to keep things light. A 30-year veteran of the industry, Genes stressed on the need go beyond the marketing buzzwords, which he believes are spreading more confusion in an already confused market. [See exclusive interview: Moving Beyond the Buzzwords]
"Do not confuse an APT with a targeted attack," he said. "None of the high-profile breaches in the recent past were APTs using a zero-day - they were all targeted attacks." Genes went on to dissect the doomsday scenarios that the mainstream media has painted about ATPs and cyberwar, questioning if the world really is falling apart.
Allan was next, and happens to be my second-favorite keynote in this lineup. In his session, titled Getting Ahead of Cybercrime (video), Allan asserted that every organization will be breached if it hasn't already - they just don't know it. The best remedy is to accept that breach will happen and prepare for it. "Cybercrime is an industry with a value chain and a supply chain," he said, "and the focus are your business assets, not the technology."
Allan said that practitioners today are not even sure what to spend the security dollar on anymore. He stressed the need to properly define the outcome that the industry is looking for - profit, innovation, or the greater purpose of enabling a society increasingly dependent on technology.
The final keynote was by Courtot - to me, an undoubtedly visionary keynote - titled Cloud Without Borders: Paving the Way for Global Security and Privacy'(video), which actually attempted to paint the picture of security 20 years from now, in 2035.
Courtot's premise is leveraging cloud as a new foundation for cybersecurity, which he illustrated by describing 2035 as a year in which this has already happened and what the landscape looks like, before bringing the audience back to 2015 - giving some sense of what needs to be, or could be done to achieve it, including designated IPV6 at birth and a bitcoin driven economy.
Keynotes are a bit like prophecies, I like to think. Only the most credible, charismatic and, of course, visionary leaders ought to be allowed to give them. The speakers I heard at RSA Conference didn't disappoint, despite a few hiccups. The themes discussed were forward looking. The need for change in the existing security paradigm is the major underlying theme that runs common across these visions.
I think it fair to venture that I will see this theme reflected in much of the material that is going to be presented in the next two days of the event. And if these keynotes are anything to judge by, I also expect to enjoy the ones to follow.
What were your impressions of the opening keynotes? Comment below and let all know.