Search Results



The moment we have dreaded for nearly six months has finally arrived. Dell, our most pervasive technology provider, have begun an invasion of the RSA Conference, and this time, there may be no stopping them.  Like a dark force lurking in the shadows, crawling through the cracked façade of Moscone, and singing a capella beat-boxing about coffee and hacking, Dell’s influence was palpable, but not obvious.

dell borg

Day two of RSA is when the drones come alive and try to suck your individuality out of your head.  What does not assimilate you, will make you more cynical.  So, lower your shields and surrender your NGFW. We will add your anti-virus and SIEM distinctiveness to our own. Your information security will adapt to service us. Resistance is futile.

Keynote Amit Yoran, The Sleeper Awakens

Last year, Yoran’s keynote was lively, dramatic, and inspiring.  I walked away in 2015 with renewed hope for not only information security, but for RSA as well.  Yoran proved he was one of us: a hands-on security practitioner with vision and passion.

Oh, what a difference a year makes.


This year, Yoran’s keynote kicked off with cringe-worthy musical number. Eyes were rolling and faces were palmed all throughout Moscone.  What followed was an awkward, but subversive talk from Yoran.  The passion has obviously drained from Yoran, replaced with something far more cynical.  Is “our guy” Amit Yoran becoming a Dell drone?

There was plenty of fear and froth in the first part of the presentation.  However, Yoran’s real intent did not emerge until about mid way through.  At the 12 minute mark, after a walk through infosec history, Yoran flippantly described a meeting he had with Michael Dell soon after the EMC acquisition.  Yoran said how he has “fundamental problem understanding the employer / employee relationship.”  I know he meant this as a joke, But I do not think he was joking.  He even nodded and said “true story” immediately after this sentence while the audience chuckled.  Yoran was being honest.  He does not want to be a Dell drone.

Yoran went on to make light of the fact that Michael Dell wanted him to push more products.  Which is decidedly meta, because that is exactly what Yoran did.  He called their new behavioral analytics module, “Security Magic.”  I know he thought this was clever, but it actually undermines the technology.  This was the first of the subversive subtext in Yoran’s presentation.

The sleeper that is awakening here is Yoran himself.  He looked tired and worn out.  His subversive tone was revealing his real intentions.  He wants out of Dell.  His arguments that followed would simultaneously hit the mark, and miss as well.

Yoran launched into a discussion about how security continues to fail.  He said  “our problem is not a technology problem…our problem is that our adversaries are more creative.”

Not sure I agree with you there, Amit.

He is partially correct, we do not have a technology problem.  We have ample technology to protect our enterprises.  Our problem is not that our adversaries are more creative.  They do not need to be creative.  They are simply more persistent.  Our problem is that our people do not care.

We put our people into organizational structures that tell them that lying is acceptable, change is bad, and bullying the weak is admirable.  Everyday, we tell brilliant people that they cannot do the right things because it does not align with our internationally accepted framework of security controls.  We tell ethical people to go hire checkbox auditors and lie about security so we can get PCI and HIPAA issues off our back.  We stifle ingenuity with leadership that puts the needs of the leader ahead of the needs of everybody else.

Is it any wonder that this country is seriously contemplating electing a brash, loud, bossy, business man as our president? We are not lacking creativity, we are lacking any concept of the greater good.  We are a selfish culture that only cares about getting what we want, and crushing the spirits of those who are different.  We do not want change, improvement, or growth, we want to be like everybody else, mindless marching along with our Dell, Apple, or Android branded implants sticking out of our heads.

No, we do not have a technology problem, we have a crisis of leadership.

Yoran sees this, he just cannot quite articulate it.  I suspect the reason he said those things about Michael Dell, is because he is caught in the middle of a crisis of leadership.  His ingenuity, passion, and desire to do the right things is being suppressed, repackaged, and reformatted into another Dell-branded piece of commodity crap.  The subtext of Yoran’s presentation is a cry for help.

Yoran continued to address the lack of talent in the industry.  He said we need to build hunters to catch the attackers. He is spot on that people are naturally curious, and we (as leaders) need to get out of their way, and let that natural curiosity flourish.  What is really going on here, is more subversive subtext.  Reading between the lines, Yoran is telling Michael Dell exactly what he wants – get out of my way.  You sly son of a gun, Amit.

Yoran continued with a direct endorsement of Apple’s battles with the NSA and FBI.  Most of RSA was behind Apple on this one, so this is not a controversial position.

Yoran then wrapped with asking us all to keep this creative spirt alive, giving plenty of praise to the smart people behind RSA.  Again, this was a not so thinly veiled plea to keep Dell off his back.

At first, when I left this keynote, I was uninspired.  I found the entire effort weak and lacking in substance.  However, the more I peel back the layers of subtext, I think Yoran was really struggling for his own soul up there.  He wants to do the right things, but the institution is telling him to push product and accept cheesy music routines as “fun.”

Godspeed, Amit.  However, I am not sure you can win this battle.  I hear Cylance is hiring.

Aaaaaand the RSA Lifetime Achievement Award Goes to…

RSA! Art Coviello is not a bad guy, but giving him a lifetime achievement aware came off as self-serving.  Whatever.

Brad Smith, Microsoft

Next up was Brad Smith, a lawyer from Microsoft.  He looked like your typical Volvo driving Seattle guy.  I am sure his morning eggs are organic and cruelty free, but his presentation was lifeless and punishing.  Torture some chickens on stage Brad, it would be more entertaining.

Smith committed what I consider one of the most egregious sins of presentations: a pointless comparative history lesson.  Can you believe stuff was different in the past?  People rode in trains and did not use iPhones!!!  NO WAY, BRAD!!!

This is an amateur presentation move.  It also does almost nothing to advance a point.  It merely fills space to elicit incredulousness from the audience.  These kinds of presentations stoke that indignation security people just love to flaunt.

The real lunacy moment came when Smith told us about a guy in Paris last November who blew himself up, killing a bunch of innocent people. Okay, Brad, and what policy should I put in my next-generation firewall to stop that from happening?  This was the worst kind of fear pandering. Yeah, the world is cruel, Brad. And there is exactly squat me or a Microsoft upgrade can do about that.

Then there was some stuff about suing the government; a Microsoft sales pitch.; and some lame jokes.  Cue the house lights, I am done with this guy.

The Expo Awakens

I needed something positive to do, so I hit the Expo Hall.  Anitian’s Director of Security Intelligence, Adam Gaydosh accompanied me.


We checked out RSA’s booth, very red.  Wandered by Microsoft.  Managed to wind up over at the Forcepoint booth.  Forcepoint is the new name for Raytheon / Websense.  When I first heard their new name, I thought it sounded painful.  However, their booth was extremely cool.  Okay, you forced your point on me.

Zscaler had a creative booth.  They had a big glass booth filled with old appliances from companies like WatchGuard, Palo Alto Networks, and Cisco.  They also had sledge hammers and bats, so you could go “office space tech rage” on these devices.  It was a creative, and rather visceral way to get their message of “pure cloud” across.  Let’s be honest here, we have all want to take a sledge hammer to our WatchGuard, or Cisco, or Palo Alto device at some point.


The noise of the floor was overwhelming, so I headed off to the periphery of the hall to see some of the smaller players.  I find the smaller companies more interesting, since this is where innovate new stuff starts.

Unfortunately, the three I found were all oddly close to home for me.  The first was a managed threat intelligence company that was a lot like Anitian’s Sherlock (only with a much more confusing message.)  The next company was named SecureLink, which was the same name I had for a business in 2002 which I abandoned.  Then the third was a threat searching product, which was eerily similar to a product I did technical due diligence for las year.  It was time to move on to the afternoon breakout sessions.

Afternoon Sessions

The best session I attended was from the head of security awareness for Uber, Samantha Davison.  She grounded her entire presentation in science and anthropology.  That’s a credibility builder.  She then went on to show how to build a security awareness program using gamification.  Her ideas were creative and insightful, especially for the growing millennial workforce.  I was equally impressed at the speed she rolled out her program.  However, not everything was practical.  Her company hired the actor from Mr. Robot to give a presentation, something beyond the budget of most firms.  Also, some of her ideas were purely focused on Millennials.  She had nothing on how to handle the complexities of security awareness for a multi-generational workforce.  Nevertheless, she has good ideas, and Uber is fortunate to have her on their team.

An Ounce of Prevention

In the past, day two of RSAC was the high point of the show.  It did not feel that way this year.  Moscone has half of one side torn apart and under construction, and the whole show seems to reflect this.  Dell’s presence has, either intentionally or not, disrupted the normal flow of RSAC.

The trend this year I find most disturbing is the anti-prevention rhetoric: since we cannot stop all attacks, why try stopping any of them.  This is the wrong message.  Just because we cannot stop a fraction of the more sophisticated attacks with NGFW, endpoint AV, or SIEM, does not mean we throw these controls away.  Those technologies provide an invaluable baseline of control and automate much of the protection we need.

Moreover, these controls can be effective.  The problem is not the tech, it is the people behind the tech.  They are lacking the inspiration or ability to do what is right.  As such, these controls are being left in a default state, unmonitored, and useless.  Furthermore, we are not using these controls to get intelligence (not data) into the hands of leadership.  All the behavior-based tools in the world are not going to make a lick of difference if clear, actionable intelligence cannot go up the chain of command to people who can affect change.

I refuse to go quietly into the night and let the Borg take me.  We must draw the line here, no further.  I will not let the cynicism get to me.  Tomorrow, Marty Roesch from Cisco and Mark McLaughlin from Palo Alto Networks are giving keynotes.  I am counting on you two for some inspiration.  At least fight with each other, that’s exciting.  Oh, and do not do a hacking demo.  We do not need a repeat of last year’s Juniper debacle.

Also, tomorrow is Anitian’s reception event at Jamber from 6-8pm.  Email for details or to RSVP.  All are welcome, just no Borg.