Today was a frustrating day at RSA. The crowd seemed more surly than previous days. As the week rolls on, the drinking, talking, posing, eating, and tweeting starts to take their toll on the #RSAC crowd. As the tweets roll along you can just feel the buzzword exhaustion and outrage burnout. Indignation has turned to bitterness, fear has turned to desperation and even the self-proclaimed gurus and luminaries are beginning to wonder if they will ever amount to anything.
Down on the expo floor the booth bunnies are growing restless and uneasy. All the Five Hour Energy drinks in the world are not going to cure their hangovers. The pleasantries are gone. They grab at your badge without even asking, holding their breath as they wait for that magical vibration that releases them from the awkwardness of being within such close proximity to your nipples. All the good swag is long since handed out. All that remains are those horrible pens and squishy balls scattered among Hershey kisses and business cards with indecipherable messages like “call mb for ttr and poc.”
Even the keynote addresses have begun to feel tired and forced. CA’s presentation was cringe worthy. HP’s Bushido presentation was a fumbling cacophony of mixed metaphors and half-baked marketing cleverness. Intel’s presentation was dry and lifeless. Fortunately, Sal Kahn left us with some inspiration at the end.
RSAC fatigue is everywhere. By 6pm Twitter was filled with goodbyes as the bigshots headed back to their Fortress of Solitude to recharge their ego tanks with more feelings of self worth. The meetups, mashups and hookups are over. A years worth of memories tossed into the recycle bin along with that tiny little booklet with all the session names. The big shots can get back to their regular job of telling people how stupid they are and coming up with clever names for security functions we already have.
As I walked the streets of San Francisco, I can feel the sneers from the locals. They only had to endure us self-absorbed nerds one more day. Then they could get back to staring at their iPhones and tapping out their daily outrages in vowel-less texts to other digital natives. As they downed their morning soy latte, they could ponder the eternal mysteries of life, such as what color skinny jeans goes well with facial hair.
At some point I wandered off to a quiet corner of Moscone Center and had an unobstructed view of the Expo floor. As I wrapped up a client call, I thanked my new customer for their business and told them how important it was for us at Anitian to serve local firms. I reassured them they would always be a priority to me and my team. After I hung up, I spend a long moment, Bluetooth dangling from my ear, staring out at the abyss of RSA. And in that moment I felt the weight of a thousand security projects around me. Of penetration tests, PCI assessments, firewall deployments and encryption implementations stacked up around me like dusty books in a library.
After 17 years as an information security consultant, here I was still spending my time serving my customers and thanking them for their business. I was using my experience to reassure them that there are practical, pragmatic ways to manage risk. That security technologies are better than ever and we can make a difference. I also reminded them not to worry about hacktavists, big data or advanced persistent threats.
I felt the contrast between this moment and the language and spectacle of RSA 2012. I recalled Art Coviello standing on the stage practically begging the audience to feel sorry for him because they got hacked. I recalled the buzzword bombardment of Enrique Salem’s talk, fumbling to define a generation that neither needed nor deserved such attention. And I pondered the palpable emotion that David Brooks injected into his inspiring presentation.
Security is none of this. It’s not big data. Its not hackers. It’s not firewalls. It’s not Anonymous. It’s not the spectacle of hacking insulin pumps. And it’s not a war. It’s the trust between people. It’s reassuring people that we can build systems that foster trust and make them able to innovate.
Security was that moment where I told my customer they were important to me, and that I would work hard to help them.
Anitian is a small company, and I like that we are small. I don’t care about being big. I don’t care if we did not sell enough security appliances last month. I don’t care about some vendor’s quarterly sales quota. I care about the people my company helps.
I care about that moment when I can help people trust their systems so they can innovate. My job as a security consultant is not to sell you anything. It is to help guide you through that Expo floor to the quiet corner where we can talk, learn and come up with a plan to make things better.
Security is too much spectacle and noise and too little reflection. RSA 2012 has taught me that real trust lies in the moments with individual people. The crowds, the parties and meetups are just distractions that avoid those moments where there is nothing to look at on your iPad and no new Tweets to read.
I was born with a philosophers name, which somehow left me cursed with foreknowledge of the future, and the inability to get anybody to believe me. That is called the Cassandra Complex and it is emotionally draining.
Mark my words RSA, you cannot build trust on the backs of spectacle and hype. There is too much mistrust in that process. Get small, get intimate and get simple. There is immense power in small moments with just a few people. You do not need 10,000 people staring at a 50 foot screen to get a message across. You only need to seed a few people with good ideas and the passion to propel good practice.
Art Coviello spoke of a war and battle we are in. This is not a hot war, but a cold one. The winner will not be the side with all the weapons, but the people who can outlast the blowhards and build real, lasting infrastructure that empowers innovation. War destroys trust. We do not need a war, Mr. Coviello. We need peace: quiet, reflective and rational peace that is free of fireworks, banner waving and spectacle.