RSAC 2018 Recap


By Lauren Hillman

RSAC week is one of the most exciting events for those in infosec. Last year, the conference featured more than 700 speakers, housed 550 exhibitors, and hosted over 43,000 attendees, and I expect those numbers grew this year.

After attending RSAC for seven years running, I’ve learned a few things about how to survive and maintain sanity throughout the event:

  1. Wear comfortable shoes.
  2. Pack granola bars and raw almonds wherever you go.
  3. Never underestimate the power of caffeine!
  4. Plan ahead. You won’t be able to hit every interesting session/networking event.

One of my favorite activities during this week involves walking the show floor to check out new market entrants. Yes, it’s impressive to see the massive 20 x 20 booths and all their bells and whistles (I believe I actually saw therapy puppies at a booth this year), but I am more interested in hugging the outskirts of the expo halls, where the new startups set up shop and hope to be noticed. That’s often where the real innovation lies, in my opinion.

So, among the innovative players, what bubbled to the top and what can we expect to see from this massive industry throughout the rest of this year and beyond? Here are a few themes to keep an eye on:

Cloud Security
Let’s face it, operating via the cloud is now the new normal, and if your business has not undergone a mass migration yet, it is on the way. But up until now, information security teams have been hesitant to replace their legacy tools with purpose-built cloud solutions. Everyone knows that resources must be put behind cloud security, but no one is willing to give up their current tools or take the time to educate their teams on how requirements and protocol differ in the cloud. All this said, it is encouraging to see new entrants into the cloud security market make a splash at RSAC this year. Greater awareness, paired with exciting innovation, will help to ease the transition for companies large and small, without compromising security.

Security training/awareness
According to this year’s DBIR, phishing and pretexting represent 98 percent of social incidents and 93 percent of breaches. What’s more, email continues to be the most common vector attacked, at 96 percent. These findings illustrate the undisputed need for employees at all levels (from admin to the C-suite) to better understand how to spot and avoid email security attacks, and perhaps more importantly, when to invest in defense tools. While the onus has historically been on security teams to keep their organizations safe, sophisticated education and awareness training should be a requirement for all organizations, in a variety of industries. This year’s RSAC not only highlighted this need, but also presented new ideas for how best to stay ahead of nefarious actors. Companies like Barracuda Networks, for example, corroborated this need by announcing new approaches to security training and awareness.

Security and agility
DevSecOps — the idea that “security is everybody’s responsibility” across the software development pipeline — gained steam again at this year’s RSAC. Security executives have historically had a bad rap for being seen as a roadblock to development or innovation, but at this year’s conference, much of the conversation circled around security as a catalyst for agility, not a hindrance to innovation. This idea is so important today that and Security Boulevard hosted their fourth (and largest) annual DevSecOps Day on Monday of RSAC week, drawing in speakers from top companies like Fannie Mae, Federal Reserve Bank of New York, Under Armour, and more.

Government intervention
While there are many security regulations in place today, discussions at RSAC circled around the need for better federal and state rules that address today’s most advanced security threats. Although some believe the European Union is on the right track with its General Data Protection Regulation, many see it as a logistical nightmare, and a mandate that has gone too far. As bureaucracy in the U.S. continues to move at a snail’s pace, it remains to be seen whether more regulations will come or what they will look like. Despite that, conference attendees believe that today’s breach-a-day society needs regulations to better address and thwart attacks.

Emerging Tech
AI, blockchain, IoT. Which technologies are smoke and mirrors and which are poised to transform this ever-changing, ever-evolving industry? Opinions on both sides of the spectrum were flying throughout the conference, but everyone agrees that while many current technologies miss the mark, we are due for disruption that will better protect users and enterprises. The good news: there are many at the show working on that!

Every year, I am surprised by the changes this industry makes and the rapid pace at which innovation is accepted and implemeted. I expect this year to be no different.

Lauren drives day-to-day strategy and execution for Offleash’s cybersecurity practice, and has been driving successful PR programs for B2B technology PR programs for the past six years. She also works on Offleash’s social responsibility team, Offleash.CARES. Contact Lauren at