It is incumbent upon IT professionals to keep their skills current. This is tough because, while there are basic principles that don’t change, the shelf life of technology-specific skills gets shorter each year. The good news is that most conferences are designed specifically to inform attendees what’s new.
For example, the RSA 2015 security conference is in coming up in April. Like any conference, big or small, near or far, there ways to get the most out of the time that you invest in business travel and professional development. While you might say that, when it comes professional development and conference attendance, half of the battle is just showing up, the other half of the battle requires a bit of homework.
Regarding the “just showing up” part, our recommendation for professionals who want to get the most out of a conference like RSA is to spend a day in the Expo hall. Once you’re onsite, go into guerilla networking mode, make as many of those contacts as you can, and then follow-up with people afterward.
While you’re there, don’t ignore the social aspect: make it fun, go out to dinner and have a drink or two with your new found friends. Sales (and don’t kid yourself; everybody – including you – is selling something) don’t happen on the Expo floor, but they do happen over drinks afterward.
Regarding the “homework” part, create a list of contacts that look interesting: anybody with a compelling technology/solution, something you might want to evaluate, someone you might want to poach, someone you want to sell to, or a company you want to get to know further. How to prioritize? Develop a sense of what the hot buzzword technologies are and form your own opinions regarding their pros and cons. With an open mind, test those opinions whenever you get a chance.
Cheat Sheet: Security Technology Trends for 2015
Buzzwords can be annoying, but they’re also useful as a trailing indicator of industry trends, and industry trends are very relevant when it comes to staying competitive, both as a company and as an individual. With that in mind, here are some security technology trends to dig into.
One security technology trend of 2015 to keep an eye out for is Incident Response (IR). If you work for a company that offers information security services, or one that realizes that it’s been hacked, then you already recognize the capability gap that the whole industry is facing. Another clue about this trend was that polarizing security luminary Bruce Schneier joined Co3 Systems to help develop their IR Management offering. A third indicator: ask any employee of a major IT security professional services firm what they’re spending their time on. The answer is probably IR-related.
IR will have a big impact for several reasons. One, the front-page hacking disclosures of the past few years are just the tip of iceberg: no firm discloses a breach unless they’re legally obligated to, and anecdotal evidence indicates that security breaches are becoming commonplace. Two, security incidents encompass acts by trusted insiders, competitors, and governments. Thus, IR tends to entail a realization of massive business risk. Three, IR results in blowback on all other aspects of IT security operations (see also our Four Tenets of Security for a useful model):
- Authentication and authorization: if you have a static password anywhere, this is the actual reason you were hacked. It also is the hardest problem to solve (but see also People and training, below).
- Data encryption: this is the most common red herring. Compliance and security are not actually related, but see also Governance, Risk Management, and Compliance (GRC) as a related trend area.
- Auditing, or SIEM (Security Information Event Management): this is an area where most of the big enterprise software vendors are competing.
- People and training: you can learn more about this component of IR strategy in our article The Human Element of Cybersecurity Monitoring.
A second important security trend for 2015 is mobile-to-cloud data protection. The mobile-to-cloud data protection trend is similar to the IR trend in that the security technology industry is responding to a big shift in enterprise IT operations. Some things haven’t changed: mobile and cloud computing have been around for decades, as have data loss prevention (DLP) products.
But scale has fundamentally changed. For example, access to enterprise email from mobile devices is essentially ubiquitous. Further, rather than adopt so-called hybrid cloud strategies, IT managers have shown an “all or nothing” preference for per-service cloud migration. That is, if any component of an information service – including those that are mission critical – is going to live in the cloud, might as well run all of that service there.
Therefore, mobile and cloud data protection aren’t just about traditional DLP. They entail Mobile Device Management (MDM), investments across the Four Tenets of Security cited above, and impact to business risk that must be analyzed (see again the GRC reference above).
Want to talk more about 2015 security trends? Please seek us out at the JW Secure demo table at the Trustworthy Computing Group Training session on Monday, April 20 at RSA (i.e., in Moscone Center in San Francisco). We’ll be demonstrating our StrongNet Secure Admin solution. If you miss us on Monday, we’ll be present in the RSA Expo hall all week. If you’re practicing guerilla tactics for conference attendees, please keep us on your list!