Top 5 Takeaways from RSA 2020

Last week, I attended the RSA 2020 cybersecurity conference in San Francisco with colleagues from NTT Ltd. It’s an impressive event. With more than 500 sessions and 29 keynote presentations, the event is impossible to capture in a brief post. Let me instead share what were my own top 5 takeaways:

  1. Cryptography. As president and CEO of a research organization that includes a Cryptography and Information Security (CIS) Lab engaged in joint research with other academic and research organizations, it’s no surprise that I was attracted to a panel discussion filled with some of the leading minds in cryptography, namely: Whitfield Diffie (famous for the Diffie-Hellman key exchange), Arvind Narayanan (Princeton), Tal Rabin (Algorand Foundation), Ronald Rivest (MIT) and Adi Shamir (Weizmann Institute). Moderated by RSA CTO Zulfikar Ramzan, this session is one of many that RSA has posted online. If you’re looking to catch up on key topics in this field and hear from a collection of top experts, listen to this 45-minute talk.
  2. Social events. Conference sessions and keynote addresses are good ways to deliver information to many people in large auditoriums. But plenty of value is found in less structured events – in the corridors, on the exhibit floor and at parties. I like to socialize as much as the next tech executive. In our case, we had several special opportunities for one-on-one interaction, including a party at the DNA Lounge that recent NTT Security acquisition WhiteHat Security co-sponsored, and another more intimate event sponsored by WhiteHat, Cisco and NTT at the Chase Center in a suite overlooking a game between the Sacramento Kings and Golden State Warriors. These were great opportunities to engage with friends, clients and colleagues.
  3. NTT Security Division. Seeing NTT colleagues on various panels was another bonus. A highlight from the parallel, one-day Cyber Risk Forum was an interview between NTT Security Division Global CISO John Petrie and Richard Clarke, former national coordinator for Security, Infrastructure Protection and Counterterrorism for the US National Security Council. This was a good match-up, as Petrie’s distinguished career includes being a graduate of the Defense Intelligence College and charter member of the Marine Corps Intelligence Association. Another event, sponsored by the Cloud Security Association, featured WhiteHat Security CTO Anthony Bettini on a panel addressing ever-timely topic of “Preparing and Responding to a Breach.”
  4. Human Element (a). Attendees at industry conferences typically pay little attention to the event’s official theme. This year’s RSA conference seemed different. I saw a lot of “The Human Element” theme played out in exhibits that focused on human behavior and habits, security implementations at smaller (more human) scale businesses, and an emphasis on cybersecurity as a widespread and common concern at all business levels. In that light, another keynote that RSA has made available was delivered by Wendy Nather, Cisco Head of Advisory CISOs. Her topic, “We the People: Democratizing Security,” addressed a trend that goes back to Bring Your Own Device (BYOD) and the rise of shadow IT. Cybersecurity can be an arcane and top-down subject, but this talk was a reminder that users in many ways have become the drivers.
  5. Human Element (b). If the above is true, that raises the question of how to discuss security. Dr. Jessica Barker, Co-CEO of Cygenta, put it this way in another keynote address: “Can I talk about cybersecurity and not scare people?” This is not an idle question. Some say cryptography itself is the process of reducing trust in infrastructure and other people. (Why else would you need it?) That may not matter in basic research; but talking about cybersecurity only in terms of threats generates limited returns, as Dr. Barker explained, drawing upon psychology, behavioral economics and other “human-centric” fields. Alternative approaches are to bolster your audiences’ confidence, recognize their bias for optimism and take advantage of social proofs. This is useful insight, especially when your talk is directed at users or potential clients.