As this week’s RSA Conference 2016 wraps up, I’m struck by the transformation of this security conference over the past 10+ years. First, the enormity of RSA Conference, with early projections of more than 39,000 participants, is staggering compared with attendance 10+ years ago that was less than half that number.
Another striking difference is the people attending this conference today. In the early to mid-2000s, RSA Conference drew a very technically savvy crowd. Typical attire was relatively geeky t-shirts (with hysterical technical statements), jeans, and “Chucks.” The security professional at that time was personified in the media and within organizations as “the Chicken Littles” of IT. Unfortunately, our “sky is falling” attitude didn’t garner the type of attention we needed to help executives understand that cyber risks were inevitable and they needed to pay attention – NOW.
Fast forward to 2016: today’s crowd is still dressed in t-shirts, jeans and “Chucks,” but you also see plenty of sport coats, khakis and suits. Not only are security professionals here to learn about the latest technology, but they’ve brought their IT management teams, business management teams, and C-level executives. These teams “get” that because cyber risks are business risks, they need to learn more about how to both avoid and address those risks. In addition, vendors are explaining their amazing technology here at the RSA Conference, using “Risk” as a shared concern and bridge between technical teams and executives.
Executives know that the digital technology strategies they’ve employed to grow their organizations have also introduced some level of risk. And they understand now more than ever that in order to be successful, they need a unified view of risk that factors in both cyber and business risk to drive their strategic business decisions. Coming to terms with the reality of today’s complex and changing risk landscape, security professionals, IT teams, executives and business management all understand that everyone within the organization must own risk.
Security teams now have a seat at the management table, as well as the attention of their executives. While I know all of us old school security folk try very hard not to pull out our “I told you so” card from “the sky is falling” days, we’re witnessing a revolution in “risk ownership” and it is evident here at RSA Conference 2016.