​Stop whining – RSA Opening Keynote

The Annual RSA Conference, held at the Moscone Center in downtown San Francisco seems to have a happy knack of coming around each year just as something juicy and controversial is challenging the security industry.

This year, it’s the Apple versus the FBI controversy that is playing out in courts across the United States.

During a private briefing before the official conference start, RSA’s CEO Amit Yoran said there was a potential “policy catastrophe” looming. As he spoke those words, a court in New York dismissed the FBI’s request to compel Apple to create a mechanism to bypass an iPhone’s passcode security in a case involving a drug dealer – a case that mirrors the headline-grabbing case in San Bernardino involving the murder of 14 people by a husband and wife terrorist team.

This year’s conference, the event’s 25th anniversary, began with a look back at the history of IT security over that time. Then, as the event traditionally opens, a musical item, performed by acapella quintet Pentatonix, created a cyber-security laden song. It was not as entertaining as William Shatner’s version of Lucy in the Sky with Diamonds from 2014.

Yoran then launched into his opening keynote, beginning with a look into the theft of personally identifiable information from ANTHEM to the Office of Personnel Management and Ashley Madison.

Preventative technologies, says Yoran, won’t work in the future as the number of data sources and end-points we have to protect will grow exponentially. Yet we continue to invest in the same protection solutions expecting a different outcome.

“Are you looking at security’s future or clinging to the past?” he asked the packed auditorium.

Amit announced RSA is releasing its own behavioural analytics solution this week, at the event. This has been prefaced over the last couple of years as the company has increased their focus on security analytics.

AI has, for many years, been considered a significant part of the future of security. But Yoran pointed out AI systems today are based on a common assumption – the rules and environment they operate in are fixed. But cyber-criminals aren’t constrained in the same way.

“We aren’t constrained by technology’” he says. The problem is a lack of creativity.

Countering the argument that the industry is suffering from a dearth of trained professional, Yoran gave the room the same advice he gives his children.

“Stop whining”.

His advice was to train hunters who were unconstrained by traditional, linear thinking and embraced free thinkers and curiousity to interactively seek breaches and block potential breaches.

“If your security program is focussed on compliance, you’re doing it wrong,” he added.

In responding to the increasing desire of law enforcement agencies to bypass security. “Weakening encryption is solely for the ease and convenience of law enforcement,” says Yoran.

Noting that the Attorney General, director of the FBI, many members of Congress and state governors, as well as international “security czars” are present at the conference this year, Yoran notes the importance of a constructive dialog in order to manage the needs of commerce, users and law enforcement.

Following Yoran’s opening, former RSA Executive Chairman Art Coviello’s long career in information security was recognised and rewarded with a Lifetime Achievement Award. The awards are given at the opening of each year’s conference but only when a recipient is deemed worthy of the award.

Coviello received his award from previous recipient and former RSA CEO Jim Bidzos.

“It’s time to put aside partisan bickery,” Coviello says. When the government gets it wrong, Coviello says the security industry must work towards educating.

Join the CSO newsletter!

Error: Please check your email address.

Tags keynote speakerSan Franciscocyber-securitysecurityPentatonixfbiAmit YorananalyticsRSA Conference

More about AppleFBIRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place