Saturday, March 05, 2016

Post RSA thoughts

I returned from San Francisco late last night. What a week. 50,000 of my closest friends and I shared
parties like you wouldn't believe, and some great security talks. I wonder if it was a mistake that I mentioned the parties before the security talks? Not really, no. You see, this year (at least for me), the theme was all about analytics and threat. We've been hearing this for a couple of years now, but the tech and associated messaging are maturing, and now it's big data analytics, presenting the pretty picture and inching ever closer to the God Box.. you know, the one that can heal the rift in the universe, bet successfully 100% of the time on the stock market and predict every lottery number with complete accuracy weeks in advance.. that God Box.

I snapped pictures of dozens of analytic portals, desktops, and mobiles representations. And you know what? THEY ALL LOOK THE SAME!

And the data that they collect? IT LOOKS THE SAME TOO!

So my question is this.. are we happy knowing that SOOOO many intelligence providers out there are simply gobbling up as much open source crap as they can, pre-chewing the food and spitting it back out so some unsuspecting CISO with a board-endorsed checkbook can gobble up the now diluted food without thinking about it, or tasting how bad it really is. Is this where we're headed??

Not me.

I stayed at the Metropolitan Club this week. The Met is a private women's club outside of the Moscone area --across the street from the Marine Corps Club if you know where that is. Everything else was full up, and the Met offered reciprocity with the Harvard Club of Boston --my home club. When you check in, you're required to sign a "guarantee of privacy" that ensures no business will take place in the club, and that any conversations that happen in the club, stay in the club. The place was a safe haven for weary overstimulated guys like me who, by the end of the day, could take no more. And so every night, I'd retreat back to my private, woman's club, like crawling back to the safety of my mothers arms, and think.  What'd I think about? Better ways of doing things.

I think about the idea that a board doesn't care if we reverse engineer, what the threats are, or if spies are stealing stuff. They care that the stock price moves and if the CISO isn't doing the right things to keep the stock price up, they'll be held liable.

I think about the fact that the CEO's are measured on the profits, growth and goals, and report to the board; and beyond the scope of those factors, the CEO doesn't care what ports are left open and exposed.

...and I know that when I showed Cyberwatch(R) at a party on my last night there, I went from being a middle aged, balding overweight white guy to being the prettiest girl at the dance... and everyone wanted a demo. I gave them until my phone died.  One guy told the crowd that it was the best thing he'd seen all week. Another talked about the fact that such a simple idea solved a really hard problem --cutting across the language barrier between levels of management and enabling (finally) rudimentary predictive analysis.

Why so much excitement? We represent security data like the market shows dollars. I talked about this a bit last week, but we filed patent paperwork on a process that shows the effects of security intelligence, peaks and valleys on a company's stock price.

So there's a 100% chance that we didn't get it right on the first try, but the model works --keeping it simple stupid and presenting intelligence in a meaning and actionable way.

The site is currently at it's "minimal viable product" form but it works... not much documentation up there yet, but enough information to get customer feedback.

Want a demo? Drop me a note. I'd be happy to set one up.

Until next week,
Have a great weekend!
Jeff