It’s remarkable that in the face of the most sophisticated espionage threats, the most capable cyber-criminals, and the most severe compliance requirements ever experienced, the cyber security community cannot muster a single, new idea.
Certainly the conference circuit has lost the plot. It cannot even think dream up an innovative slogan. The theme at this year’s RSA Conference was sharing and learning. Compelling stuff! The theme of Infosecurity Europe was business enablement. Old ideas that fail to deliver in practice.
Walking through Infosecurity Europe was a dull experience: no buzz, lacklustre sessions, no new ideas, and no gee whizz technologies. The only visible change this year was the size of the stands which looked to be a metre higher.
Real security is dead. Speeches, products, training and university courses are building on a failed legacy of ISO standards, risk assessment and compliance. We need to kill this monoculture and replace tick-box security with creative problem solving. More importantly we need to persuade executive boards to trusted and empower CISOs to take hard decisions, rather than pretending they are there to enable business operations.
But we are a long way from achieving such these aspirations because they are not recognised or supported by the cyber security community.