I couldn’t get across to the RSA Conference in California this year. I did originally think it would be a well-timed platform for my new book on Managing the Human Factor in Information Security. But there is little space at RSA for the “softer” security issues, and not a single stream devoted to human factors.
With hindsight it looks like I missed very little. Media coverage was very thin. Incredibly, there appears to have been nothing new in a high-profile, fast-moving field that’s recession resistant and, at the same time, witnessing emerging discontinuities in both strategy and practice. That’s a huge disappointment. It seems that the vendors and government speakers that dominate the keynote programme have nothing new up their sleeves.
Let’s hope that we can rattle a few cages at Infosecurity Europe in London next week. There’s certainly potential for some heated debates. And the emphasis is more on practicalities and business reality, rather than technology. I shall be trying my best to be controversial, of course, and will be contributing to five sessions. Hopefully we can get some challenging and imaginative points across.
And that’s important because we seem to be heading for an imminent discontinuity in information security. We certainly can’t carry on in the same way without witnessing major catastrophes to e-Business. And we haven’t yet experienced the full strength of the potential threat to business operations and assets. Innovation and new ideas are badly needed to establish a long overdue new direction in security. How difficult can that be in a profession that attracts millions of workers?