Saturday, March 05, 2016

Post RSA thoughts

I returned from San Francisco late last night. What a week. 50,000 of my closest friends and I shared
parties like you wouldn't believe, and some great security talks. I wonder if it was a mistake that I mentioned the parties before the security talks? Not really, no. You see, this year (at least for me), the theme was all about analytics and threat. We've been hearing this for a couple of years now, but the tech and associated messaging are maturing, and now it's big data analytics, presenting the pretty picture and inching ever closer to the God Box.. you know, the one that can heal the rift in the universe, bet successfully 100% of the time on the stock market and predict every lottery number with complete accuracy weeks in advance.. that God Box.

I snapped pictures of dozens of analytic portals, desktops, and mobiles representations. And you know what? THEY ALL LOOK THE SAME!

And the data that they collect? IT LOOKS THE SAME TOO!

So my question is this.. are we happy knowing that SOOOO many intelligence providers out there are simply gobbling up as much open source crap as they can, pre-chewing the food and spitting it back out so some unsuspecting CISO with a board-endorsed checkbook can gobble up the now diluted food without thinking about it, or tasting how bad it really is. Is this where we're headed??

Not me.

I stayed at the Metropolitan Club this week. The Met is a private women's club outside of the Moscone area --across the street from the Marine Corps Club if you know where that is. Everything else was full up, and the Met offered reciprocity with the Harvard Club of Boston --my home club. When you check in, you're required to sign a "guarantee of privacy" that ensures no business will take place in the club, and that any conversations that happen in the club, stay in the club. The place was a safe haven for weary overstimulated guys like me who, by the end of the day, could take no more. And so every night, I'd retreat back to my private, woman's club, like crawling back to the safety of my mothers arms, and think.  What'd I think about? Better ways of doing things.

I think about the idea that a board doesn't care if we reverse engineer, what the threats are, or if spies are stealing stuff. They care that the stock price moves and if the CISO isn't doing the right things to keep the stock price up, they'll be held liable.

I think about the fact that the CEO's are measured on the profits, growth and goals, and report to the board; and beyond the scope of those factors, the CEO doesn't care what ports are left open and exposed.

...and I know that when I showed Cyberwatch(R) at a party on my last night there, I went from being a middle aged, balding overweight white guy to being the prettiest girl at the dance... and everyone wanted a demo. I gave them until my phone died.  One guy told the crowd that it was the best thing he'd seen all week. Another talked about the fact that such a simple idea solved a really hard problem --cutting across the language barrier between levels of management and enabling (finally) rudimentary predictive analysis.

Why so much excitement? We represent security data like the market shows dollars. I talked about this a bit last week, but we filed patent paperwork on a process that shows the effects of security intelligence, peaks and valleys on a company's stock price.

So there's a 100% chance that we didn't get it right on the first try, but the model works --keeping it simple stupid and presenting intelligence in a meaning and actionable way.

The site is currently at it's "minimal viable product" form but it works... not much documentation up there yet, but enough information to get customer feedback.

Want a demo? Drop me a note. I'd be happy to set one up.

Until next week,
Have a great weekend!
Jeff

2 comments:

Unknown said...

Sounds like a successful trip! Glad it was a hit :)

-Randy Peterson

Unknown said...

Fascinating analysis of RSA. Glad it went well!

As a guy who consumes the pre-packaged vendor salad, I sympathize with your assessment. Everyone is starting to do the same thing... What was once the realm of a few notable shops, namely the aggregation of forum data/etc, is now very commonplace. What all of these solutions lack, in my opinion, is the lack of analysis that links events together -- that says "here's what person X is talking about, here's where that falls in with a trend we're seeing, here's what geopolitical events could be doing to influence this activity, etc."

I would love, love, love to read material that links events like that. Moreover, I'd love for people to be interested in those things so I could write about those links because I think it's important. I think it's important, for example, to know about how a domestic policy in Brazil is influencing the local economy and motivating threat actors to do X, or Y. Or knowing about how a political crisis (again in Brazil) is creating a free-for-all atmosphere where hacktivists all divvy up the spoils, and cybercriminals have room. What about discussing how the ISIS conflicts in the Middle East are influencing regional and extra-regional actors to conduct attacks against each other?

All of those things matter for orgs that do business in more than one place around the world -- it's just too bad that more execs don't care. Like you said, Jeff: the execs are driving shareholder value regardless of what risks exist.