It's hard not to return from the RSA Conference and not think of that whole "firehose of information" metaphor tech folks love to trot out. Because that's what the RSA Conference quite literally is: a firehose of information.
Whether you get there early to take advantage of pre-conference tutorials, prefer to start things off with the annual Innovation Sandbox Contest, or arrive just in time to catch the opening keynotes, from those first moments until you return home at the end of the week, it's one new concept, strategy or perspective after another.
Each RSA Conference brings its own wrinkles. Every year, there are new trends, groundbreaking technologies and unique storylines that are changing the nature of what cyber security professionals do. And every year, tens of thousands of those professionals descend upon San Francisco in search of fresh ideas, new tools, or expert advice on what deserves their focus.
They also come to network, to feel the buzz of a community of like-minded peers, and, of course, to party. (Just ask anyone who was lucky enough to be standing in front of the mixology demonstration at the RSAC Bash on Thursday night this year. Those guys made some seriously awesome drinks.)
And the best part of all of this is: No one leaves disappointed, by any of it. Ask any RSAC attendee as they're leaving the Conference, and they'll tell you they learned a ton, met some amazing people and had a good time.
So what takeaways made the 2018 edition of RSA Conference unique? For starters, there was the constant background topic of Europe's soon-to-take-effect General Data Protection Regulation (GDPR). Just about every session at this year's conference had some thread that tied back to GDPR. Security concerns related to international business? Check. Hampered by data quality? Check. Trying to make sure your organization doesn't find itself in the privacy debate crosshairs? Check.
Of course, most people acknowledged that their organizations were far from ready to fully comply with GDPR, so collectively obsessing on the topic a bit made perfect sense.
There was also the ever-present specter of artificial intelligence, which is about to become as big a deal in security as it is everywhere else. And depending on who you were listening to at any given moment during the Conference, AI is either getting ready to transform cyber security teams into do-everything ninjas able to stay one step ahead of security incidents, or it's a hacker's dream tool that will enable bad guys to maintain their seemingly endless advantage.
Regardless of which reality ultimately proves truer, it's clear that AI is on the minds of security practitioners, and that presents a significant challenge given how little time CISOs and their lieutenants repeatedly said they have to spend on evaluating new technologies.
One of the reasons their time is spread so thin is that they're more occupied than ever on the privacy front, which was another theme of this year's gathering. Specifically, there was much discussion of how privacy and security have become increasingly inseparable, and how organizations feel more of a responsibility than ever to protect the personal information of their customers and employees.
That means they want to shore up holes that enable insider threats; they want to be better about how they store sensitive data; and they want to engender trust among their customers and employees. More than anything, they don't want to be the next Facebook and find themselves in the headlines and testifying before Congress.
But as important as GDPR, AI and privacy are, there was another topic that might supersede all of them, and that what Patricia Titus, CISO and CPO for Markel Corp., repeatedly referred to as "negative unemployment" in the security industry. Simply put, it's a nightmare trying to find qualified and talented cyber security workers and the problem is reaching epidemic proportions.
CISOs made it clear in multiple panels that they're having to get very creative to find prospects, and that the talent shortage is hampering cyber security teams' abilities to keep up with multi-front war they're fighting on a daily basis. Here's hoping that a few of them found the people they were looking for just by showing up to RSA Conference.
Next year's attendees will certainly find that new issues have taken hold, that the market place is filled with another generation of innovative technologies and that new regulatory hurdles have taken shape. And they will no doubt still be in need of good security talent. And for all those reasons, RSA Conference 2019 will once again be the place to come for that firehose of information in the form of insights, strategies and peer perspectives.
Oh, and fun. Let's not forget about that, because if we're not having fun working in one of the hottest sectors on the planet, what's the point?