Friday, March 01, 2013

MAGIC BOXES and the RSA CONFERENCE


What an awesome week for me and for Red Sky at the RSA conference!  It was a privilege to be able to speak to some of the smartest people in the business and equally as flattering when they would see my shirt and say, “You’re with Red Sky?  I’ve heard of you guys.”  What an easy way to strike up a conversation and I’m leaving here with a renewed confidence that we are getting it right when it comes to the challenges we all face with APT and our adversaries.

If you’ve never been to the RSA conference the best way to describe it would be a 10,000 square foot shopping mall called the “Expo” shoehorned between overcrowded classrooms.   A place where almost everyone dooms their inboxes with eternal spam in exchange for a $20 remote control helicopter – if you’re lucky enough to win it!  No thanks.  A place where the line to have your picture taken with Darth Vader is fifty-feet long and the line to have your picture taken with the 49’rs cheerleaders is non-existent.  And no, I’m not making this up!

And all the while I was walking through the Expo, I kept listening to the vendor sales pitches and I got to thinking; all this technology being sold exists for one reason – to prevent or limit the damage to humans caused by humans.  No wonder we can’t secure our networks. We’re looking in the wrong place!  We’re taking devices that are programmed to act rationally and asking them to protect us from irrational human behavior.  Stop me if you've heard this before "Hmm….I think I’ll disable this anti-virus software because it’s making my streaming video slow!"

There is not a single device, yet, that can predict WHY someone will act in the manner they do.  And until one is programmed to understand the stresses of losing a job, or a client, greed, or the want to be famous or notorious, the concept of dropping a device in your network and thinking you’re protected is a losing proposition.  I’m not suggesting we don’t need firewalls, IDS, IPS, and DLP systems but what I am saying is simply this;  in all the hype about the next magic box that will save us from ourselves, the real force multiplier in solving this problem is often forgotten – people.  Simple right?  Let me give you an example.

At the end of a long day at the conference, I struck up a conversation with the IT manager of a mortgage clearing house with several billions, with a “B”, dollars on the balance sheet.  After a while, and when he felt comfortable talking, he shared with me that his network had been targeted, breached, and was most likely still leaking information.  His purpose for being at the RSA conference was to find a solution, a “magic box”, to make his troubles go away.  To be fair, not HIS troubles, but his boss’s troubles!  No wonder we’re losing the cyber war; unfortunately, this story is all too common.

Now, I could have sold him on what we do at Red Sky and gone into my elevator pitch etc. but what he really needed in that moment was the comfort in knowing that he isn’t alone, a sympathetic ear to listen to his problem and tell him that there are others in the same place he finds himself.  I told him very simply, “Take a deep breath. Break the problem down into small pieces. And put your plan to paper. And act.”  I handed him my card and told him if he ever had any questions to call.  Will he, maybe, not sure, but he wasn’t looking to buy anything and I wasn't selling.  He was looking for someone who would listen and who he could trust.  Besides, Red Sky doesn’t sell new bosses but we can make the smarter!

When I say people are the only way we’re going to solve this problem, this is exactly what I’m talking about.  Sometimes, you have to look beyond the sale by listening to the problem and offering your advice.  That’s not to say selling isn’t important, but at Red Sky, we believe people come first.  You build trust through communication, integrity, and genuine care for others. Do this first and the sales will take care of themselves.  How many vendors do this, listen to their customers as humans with real problems that need to be solved?  Many say they do, but think for a minute.  How do you build trust through the persistent and overwhelming noise on the floor of the RSA Expo?  Simple answer – you can’t.  This is why I can predict with overwhelming confidence that you’ll never see a Red Sky booth at a trade show!

Which leads me to a few closing thoughts. 

The leading principal we at Red Sky live by is first and foremost, we are a community. When people ask what Red Sky is all about, I always start by saying, “Red Sky is a community of really smart people with diverse backgrounds, talents, and expertises, helping one another solve the APT problem.” 

If we all know we can’t solve our problems with a magic box, isn’t it equally true that we cannot solve our problems on our own?  Sure, you can go it alone, but the point is, you don’t have to.  However, if you do and you solve the APT problem?  Well, now that’s a sales pitch I would pay to hear! 

If you’re interested in being part of the community or if you demand photographic proof that the 49’rs cheerleaders were being neglected, please feel free to email me directly: rgamache@redskyalliance.org