No progress on the conference front

It’s remarkable that in the face of the most sophisticated espionage threats, the most capable cyber-criminals, and the most severe compliance requirements ever experienced, the cyber security community cannot muster a single, new idea.   

Certainly the conference circuit has lost the plot. It cannot even think dream up an innovative slogan. The theme at this year’s RSA Conference was sharing and learning. Compelling stuff! The theme of Infosecurity Europe was business enablement. Old ideas that fail to deliver in practice.

Walking through Infosecurity Europe was a dull experience: no buzz, lacklustre sessions, no new ideas, and no gee whizz technologies. The only visible change this year was the size of the stands which looked to be a metre higher.

Real security is dead. Speeches, products, training and university courses are building on a failed legacy of ISO standards, risk assessment and compliance. We need to kill this monoculture and replace tick-box security with creative problem solving. More importantly we need to persuade executive boards to trusted and empower CISOs to take hard decisions, rather than pretending they are there to enable business operations.

But we are a long way from achieving such these aspirations because they are not recognised or supported by the cyber security community. 

Enhanced by Zemanta

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Nail on the head David. Security conferences are full of security speakers telling audiences of security people about how important security is. Unfortunately, corporate leaders want compliance before security and so that's where the funding goes. We're run by legal departments terrified of falling foul of the law but who don't understand that in order to be truly compliant - and thus secure - means empowering the very people they are trying to reign in. Soul-destroying!