RSA 2015, the year security goes mainstream

Pre-show on the third day of RSA I watch TV with amusement as U.S. House Representatives struggle to enunciate cyber terms trying to get them read into the record on cyber amendments on sharing incident information. This is in sharp contrast to a few years back when they could scarcely pronounce them, and that same sense seems to pervade the halls of RSA – people are starting to consider security mainstream in their conversations. No longer the purview of those with questionable hygiene and aspirations to someday move out of mom’s basement, security has made it to the boardroom – even if they don’t quite understand what it means just yet, they know it matters. No longer is security a sideshow process only tangentially related to your core business; in many cases it IS your business – or at least it means people understand that if you have a cyber incident, you have a big problem that matters.

I scoured the halls for hacker types. In fact, I mean, aside from some obviously identifiable show-goers with hacker garb, the displays targets more the manager sorts who talk about things like risk mitigation and less about grepping logs and tweaking regex to do your bidding. Security is changing. Sure, the swag is good this year, and though (by last count) my hacker shirt count hovers around 100 (minus a few hacker t-shirt casualties at the hands of the washer), but aside from squishy balls and flashlights, many vendors here target customers willing to spend $100K to make hackers just go away from their networks — customers who never intend to touch the command line and dig in themselves.

RSA 2015, the year security goes mainstream