RSA Conference 2015

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
My employer was kind enough to provide me with a full conference pass this year, although I've spent a good portion of the time at the expo halls. It feels like the vendors laid on the marketing buzzwords especially thick this year. Every other booth has a big screen with a threat map.

It's very difficult to simply look at a booth and figure out what the vendor is trying to sell. Can you spot the Next Generation Adaptive Cyber Threat Detection and Response hotness?









Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/

Comments

  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,827 Mod
    I agree with you. One of the things I do is participate in vendor web conferences and demos, and participate in the POCs for vendors we move forward with (I'm actually running the RSA ECAT POC for our team). I've become jaded against all of the flashy marketing and buzzword bingo. I'm all about first maximizing what you already have, getting people trained up and working with the vendor to make sure you're squeezing 100% usage of all of the existing tools' capabilities first, then pursuing products to meet remaining needs and take care of any remaining gaps. However most people are blinded by the new shiny things.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
    Nice pics...my new boss is out there right now...
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,909 Mod
    It's like the whole UTM vs. NGFW crap. Last year I had a blast seeing a presenter go crazy for 10 minutes on how the industry adopted NGFW instead of the "better" UTM term. Seriously dude? Marketing and tech, a marriage made in hell.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    As security professionals, our job is to Detect, Contain, and Mitigate against Advanced Cyber NextGen Threat Synergies which are over-hyped, over-promised, and under-delivered by vendors. When I have a vendor meetings, I have three rules:

    1. I don't care what Gartner says.
    2. I don't care what NSS Labs says.
    3. I don't care who your customers are.

    This removes a good bulk of the slides that the sales team likes to establish their credibility with. It also allows me to maximize meeting productivity by getting straight to the engineering. Almost no vendor solution is magic to me anymore. Once you understand and see the moving parts, you can scrutinize with the right line of questions.

    Being able to see through the [insert your four-letter buzzword here] and understanding the limits of a vendor solution requires insight, training, experience, and certain amount of rigorous squeezing by asking the right questions. Every vendor has their limits. Every single one. Sniff them out and be better prepared when negotiating that first price quote.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,827 Mod
    Docrice, your three rules are awesome. I need to use that going forward so we can skip the fluff and get straight to the engineering.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■□□□
    I wonder did they discuss multimillion bribes that RSA accepted to make their cryptography products easier to hack? Seriously, if your product is robust enough, why not weaken it and earn some additional money that will certainly help top management to retire early.
  • ITHokieITHokie GXPN | GPEN | GCIH | GPYC | CISSP | CEH | MCSE | CCNA | Others Member Posts: 158 ■■■■□□□□□□
    docrice wrote: »
    1. I don't care what Gartner says.
    2. I don't care what NSS Labs says.
    3. I don't care who your customers are.

    I love this and I work for a vendor. You're the exception, though. Most decision makers do not have your skills and experience, or they don't have or listen to trusted advisers who do. They want shiny products that offer turnkey magic solutions.
Sign In or Register to comment.