The excitement at this year’s RSA Conference was palpable. Conversations were more intense, branding was bolder, and insights were smarter than ever. The week was filled with incredible keynotes, informative presentations, and great networking.
Like many others, my time was spent with customers, partners, and prospects. I also got to share the stage with industry peers, covering what’s what in cyber. In both instances, I found that topics like AI and post-quantum were top of mind and widely discussed.
I kicked off the week participating in a panel co-hosted by Keyfactor and Devo Security. Insight Partners managing director Steve Ward moderated a discussion about how CISOs can best navigate a turbulent enterprise landscape. Joined by CISOs from Devo Security, Avnet, and Semperis, our group explored the changing role of the Chief Information Security Officer and how emerging threats, new SEC regulations, and resource constraints are creating more hurdles for these security leaders.
What I found most interesting from that discussion was the division between the CISO and the rest of the C-Suite. It’s evident that CISOs can’t be everything to everyone across the business. Instead, these leaders must operate in a cross-functional role that secures the business. Bringing a risk-based, business-first mentality is key, while also relying on the more technical individuals to make smart technology decisions.
In anticipation of NIST’s post-quantum encryption standards, RSA was also a prime location for many cybersecurity professionals asking how to best prepare. As I told many of these individuals during 1:1 conversations, because quantum computing will significantly impact widely used security protocols and algorithms, preparing for “Q Day” needs to happen now. This is especially true since we’re seeing increased activity of “harvest now, decrypt later” instances where threat actors are harvesting and storing encrypted data with future plans to decrypt in a post-quantum reality.
As expected, the subject of AI was front and center throughout the week, ranging from the security vectors of GenAI through the lens of the cybercriminal to the ways AI is enhancing innovation from a product perspective. Much of the AI in cybersecurity talk is still rudimentary. Still, the promise and potential of AI remain, as do the potential threats it could present, and there are still opportunities for real-world application and true deployment.
RSAC 2024 was one for the books, and I am especially looking forward to next year. But for now, it’s on to preparing for Black Hat. I hope to see many of you in balmy Las Vegas this August.
