Jay Schulman
blockchain
general
April 24, 2015· 2 min read

RSA: Are We Talking About The Right Things?

RSA's focus misses the mark, overlooking key issues like nurturing security talent, expanding the workforce, and measuring program effectiveness. Let's reshape the conversation for next year's event.

RSA is wrapping up today. I’ve been watching a lot of what people are talking about and what is being presented. There are definitely a lot of vendor announcements (see my employer’s announcement here).

But are we talking about the right things? I think there are three big problems in information security today and I didn’t see them on display at RSA.

Growing security executives

We continue to talk about the role of the CISO but we aren’t talking about the people who fill the role. Do they have the appropriate skill sets to fill the *changing role *we keep talking about?

I think few security people can effectively communicate with the business and Board of Directors. Few can measure their programs (see the last issue). Few can help grow the talent they have. We should be talking about how to grow security talent, how to help security managers better articulate risks and how to grow security people.

Growing the security industry

We have a shortage of security people. It results in a cascading set of issues. And we love to talk about the shortage and what it means for salaries, jobs and software people buy in the hopes they don’t need an extra person.

Why aren’t we talking about how to get more people into the security field? Why aren’t we working to create a career path for developers to become application security professionals. How do we get colleges and trainings to include security basics? RSA could be a great place to build sponsorship for programs to increase the number of security professionals.

Measuring the Program

There was one presentation on metrics. There is always one. Let’s start talking about how to measure our processes, vulnerabilities and risks into something the business can understand and the organization can get comfort (or not) around how security is being handled.

Everyone should start with this awesome book on security metrics from Caroline Wong.

Next Year

I’m sure RSA picks the best presentations based upon what is submitted. Let’s change the dialog by submitting a new generation of topics next year.

Need Enterprise Solutions?

RSM provides comprehensive blockchain and digital asset services for businesses.

More Blockchain Posts

July 01, 2024

Wallet Backups: Protecting Your Funds

In our ongoing journey to demystify the world of blockchain and digital assets, we've covered the ins and outs of Hierar...

October 25, 2024

Exploring the Use Cases of Zero-Knowledge Proofs Beyond Cryptocurrencies

Hey there, blockchain enthusiasts! In our last post, we dove into the exciting world of DeFi and how zero-knowledge proo...

May 04, 2024

Distributed Ledger Technology: The Backbone of Blockchain

In our last post, we discussed the key differences between centralized and decentralized systems. Today, we're going to ...