The Mako Group @RSA Day 1
This is certainly not the first trip to RSA for The Mako Group, but personally my first time attending. I thought it would be fun and interesting to capture my experiences and share them. I am excited to learn, network, and attain some swag for my 6-year-old who said I could leave only if I promised to bring him some “cool stuff back”.
My week started with an early Monday morning flight out of DTW. I ran into a friend I’ve known since 1st grade, Nate Labadie. Nate was also on his way to RSA and works for a company called Exabeam who is doing some cool things in relation to SIEM and user behavior analytics. You can check them out here:
Arriving at the Moscone Center was somewhat bittersweet. I used to follow the Steve Jobs announcement events religiously. This is where the first iPhone was introduced and where I’ll be spending the next 72 hours.
Next up was the Cloud Security Alliance’s CSA Summit. The summit had many interesting speakers on all things cloud. At The Mako Group we are big believers in the CSA CCM (Cloud Control Matrix) and use it regularly. I enjoyed hearing other good experiences from using the CCM.
Some nuggets I found useful from the CSA Summit:
Passwords are going away, what will replace them is TBD.
Don’t assume your industry is “different" and won’t be attacked.
Why do cars have brakes? To slow down? No, cars have breaks to go faster, and security should be thought of the same way.
Security doesn’t have to be a Big Bang, it can be a journey.
Starbucks - used the CSA CCM to start its cloud security program. They then mapped those controls back to the NIST CSF for the entire organization to measure maturity.
CISO Panel at the CSA Summit:
One of the most valuable parts of the CSA Summit was the CISO panel discussing journeys to the cloud. Our friend Jerry Archer from Sallie Mae was on the panel, and he was as entertaining and insightful as ever. Jerry mentioned the next step in cloud security and optimization was introducing artificial intelligence into the process. It will be interesting to see how that shakes out. Our team caught up with Jerry after the panel and it was great to see him.
I was graciously invited to participate in a roundtable discussion put on by CMMI and ISACA. It was mainly a discussion around measuring maturity and risk. One good note from the roundtable:
We need to start reducing the ROI for an attacker to try and penetrate your network. If they can’t find or get to the valuables, maybe they will move on.
The roundtable also contained a short demo of the new cyber maturity tool they have released. If you’d like to hear more about the tool, please reach out.
You can’t imagine the size and real estate covered of the exhibitor floor until you see it. I walked around for 45 min and still didn’t see it all. I plan on doing some more targeted visiting tomorrow.
That’s all from day 1, looking forward to day 2.
Shane O’Donnell – 3/4/19