You can't secure what you don't acknowledge.SM

Thursday, March 1, 2012

My final takeaway from #RSAC

I said my farewell to the RSA Conference Tuesday evening but had some final thoughts about the show that I wanted to share with you.

In addition to the keynotes I talked about, I attended a mock trial session involving malware, a digital certificate acquired for ill-gotten gains, and a healthcare company that ignored all things HIPAA (heard that a million times!) as well as a session by HP's Jacob West (an excellent presenter if you ever get a chance to see him) on mobile application security. Both were very well presented.

I had a chance to mingle with long-time colleagues and clients (many of which I met in person for the first time) on the show floor. It was also neat to see my book in the RSA bookstore - very humbling seeing it mixed in with some of the big sellers in our field.

Here's my big takeaway from everything that I saw and's something you've heard me say before and I'll continue saying it until I retire. It was echoed in every presentation I attended and every bit of marketing literature I read. Be it the overall network, databases, mobile apps, people - whatever - you cannot secure what you don't acknowledge. And so many of us are not acknowledging all the things that matter. So step back, see the big picture, fix the low-hanging fruit (the home-runs), put the proper tools and processes in place and then dig in further over and over again...never letting up.

Overall a really cool've got to go to the RSA Conference next year if you can.


  1. hi Kevin - i just picked this up from the Twitter sphere. My colleague who is based in the US ( I am in the UK ) attended RSA this year. His main take-away was that there does not seem to be anything really new in the world ( in our niche of authentication ). He said that if the hackers attended the same show that he did - then they would be smiling. ! His impression was that the same old vendors ( and some new ones) are just re-packaging old solutions in shiny new clothes. Tokens, dongles, SMS OOB, soft tokens and so on. So yes there are solutions for BYOD's and as you say - you can't secure what you don't acknowledge - well i do think that enterprises are starting to understand and accept that mobiles and laptops are coming in and they need to secure them. But i would be interested to understand if you shared his view in general ??
    Ross Macdonald

  2. This comment has been removed by the author.

  3. Thanks Ross. I agree, lots of repackaging of the same old stuff. I honestly believe that if folks followed the common practices/recommendations for information security and stayed on top of things like we know we should, there'd be a much smaller market for the latest gizmos and gadgets. But therein lies the problem.