The seen and unseen scene at RSA Conference 2020

Welcome to the RSA Conference 2020 in beautifully sunny downtown San Francisco, California.

While this event’s growth as a trade show continues and is expanding into the many new buildings of the Moscone Convention Center, it still finds ways to be relevant.

This year, concerns about the Coronavirus raised questions about whether attendance levels would take a hit. Yet, a steady flow of traffic is filling the show floor — as well as the streets outside, where finding an available Uber or Lyft can be a challenge.

So, despite the complaints we hear each year from attendees who are turned off by the crowds and the noise of the conference, they are still turning up in big numbers.

RSA has become the conference that no one in the industry can ignore; it may indeed be too big to fail.

The first couple of days of the conference saw government and policy leaders talking in broad strokes, with day one highlighted by leaders of the US Department of Homeland Security’s Cyber and Infrastructure Security Agency (CISA) telling the audience to “…shoot for the moon and make some real progress in cyber security” — a reference to the White House’s National Cyber Moonshot initiative focused on developing a “whole of nation” approach for a safer, more resilient internet to deliver government and critical infrastructure services by 2028. CISA director Chris Krebs on the main stage said: “8,800 individual voting jurisdictions in the US; 2,500 engaged in information sharing.” Doing the math, that is less than a third.

CISA spoke at the RSA Conference 2020.

Day two featured some stirring keynotes, with RSA president Rohit Ghai telling people to do things that engender “trust in technology,” with the three-part mantra to 1) reclaim the narrative, 2) reclaim our defense and 3) rethink our culture.

We also heard a focus on “the human element” of security, with actor/author/activist George Takei speaking eloquently about the importance of embracing diversity as a way to address the cyber workforce shortfall – a theme that also reverberated at the Cyber Future Dialogue event in Davos last month.

We’re also seeing representation from a variety of geographies and organisations, ranging from the UK’s National Cyber Security Center (NCSC) to the US city of Augusta Georgia, woven into to tapestry of corporate booths.

RSA Conference 2020.

Another recurring theme here at the RSA Conference 2020 is resilience as a goal — with Ghai discussing the need for a mindset shift away from security to one focused more on detection and response to limit the damage of potential cyber attacks. The lesson: Due to the inevitability of an attacker somehow gaining access to your organisation, security is a loser’s game. Resilience is a winner’s game.

With regard to technology trends represented on the show floor, some of the most prevalent are API security, DevSecOps, identity, IoT security and “always on” technologies.

And this is just day one! In my next report from the conference on Friday, I’ll take a deeper dive into the changing economics of cyber security.