The human element in cybersecurity
Thousands of cybersecurity professionals and practitioners met to connect, share ideas and learn the latest happenings at RSAC 2020. TEKsystems Risk and Security experts weigh in on the latest and greatest from the conference.
March 11, 2020 | By: Mike Mulligan and Kory Patrick
RSAC 2020: The ultimate cybersecurity conference and as RSA puts it, “where the world talks security.” Recently, thousands gathered in San Francisco for a five-day cram session on strengthening your security chain. The theme? The human element—“the ones on the front lines, protecting not just data, but our most vulnerable people and every aspect of our lives—from election hacking to the weaponization of social media.” The reality is, reputation and revenue are on the line. We’ve asked our TEKsystems Risk and Security experts to sort through their notes and conversations to offer key takeaways from RSAC 2020 that’ll impact the business and industry.
The workforce evolution
In the spirit of the human element, a major topic from this year’s conference is properly growing and investing in people. From an innovation or automation standpoint, organizations seeking to build and implement a secured product struggle to find the right talent with employable skill sets to secure and sustain the environment within their company.
“The reality is that this is more than just a talent shortage. Many people want to break into cybersecurity or evolve their career in security, and yet, organizations are often looking at the wrong candidates to hire. The biggest challenge I see in the world of cybersecurity talent shortage is organizations setting an expectation to hire qualified cybersecurity professionals who already come with every single skill set needed. At best, this is a small talent pool they’re limiting themselves to; at worst, this expectation could be wholly unrealistic, believing that one or two people can accomplish something that requires a much larger team. The real opportunity lies within doing a better job of growing and investing in people.” – Kory Patrick
Community over competition
A resounding message from RSAC 2020 was that we need more of a coordinated, less competitive effort in both the public and private sectors. The information security segment is made up of an incredibly small, tight-knit community where people openly share information and support each other.
“Sometimes the community struggles with articulating the business value of security, privacy and compliance because information security is often mistaken for an information system where we expect minimal investment and a maximum lifespan. IT security, privacy and compliance are not a competitive advantage—it's a community. When sensitive information is breached, it’s not “advantageous” that the loss was by the competition or outside your industry. Competitive advantage is not the place when it comes to the brass tacks of protecting people and their data, because every breach impacts all of us negatively.” – Kory Patrick
Proliferation of tools
As customers search for solutions that reduce hardware spend, an increasing number of cloud-based tools and technologies are emerging in the marketplace. It’s essential for organizations to create a strategy built around the security products purchased. Otherwise, organizations run the risk of an out-of-the-box technology solution that ultimately doesn’t meet the needs of their business.
“Understanding all of the business requirements prior to choosing a tool is a best practice; if you miss this opportunity, it could result in stitching disparate products together—which creates a separate set of challenges. Without the right people with product-specific expertise, organizations create challenges they could otherwise avoid.” – Mike Mulligan
“I’ve also seen customers trying to make the wrong tool work. It boils down to perception. They were sold this tool that’s going to solve all their problems, but that’s just not the case. Tools are tactical, not strategic.” – Kory Patrick
You’ve got big plans. Let’s protect them.