Like a lot of our fellow information security professionals, we’re once again attending the RSA Conference, being held this week in San Francisco. What’s different this year is the understandable air of mistrust over RSA security stance and the scrutiny of data security practices in general.
We thought long and hard about attending this year’s RSA event, and even took at look at the intriguing rival event, TrustyCon. Based on our big questions and planned conversations with the masses at RSA, we felt it was our place to attend the big Moscone Center event. In the spirit of disclosure, we wanted to share what we hope to hear during this big week for the infosec set.
Matt Little, VP of Product Development, PKWARE
1. I want to hear RSA’s defense. Similar to how the NSA chose the Blackhat event last summer as their security industry outreach, I want to see who will defend RSA. I want to hear them. I want to speak with them. As is often the case (the Target breach, comes to mind) – we are quick to judge who failed, in what way and for which reasons. Looking deeper we often find that things were actually done correctly but that rarely makes for a sensationalist headline. I want to hear the words of those that would step up to defend.
2. No company who actually knows anything about cryptography was actually using Dual EC DRBG in their products. RSA even told everyone to stop using it several years ago. (Note: Again, in the spirit of disclosure, here’s our encryption alert in the wake of the RSA/NSA news.)
3. We have confirmed PRISM participation by our incumbent operating system manufacturers. If I cannot trust Microsoft and Apple (a mistrust that must be extended to their development tools and compilers) and I cannot trust Skype (everyone’s favorite communication tool), I want to meet and discuss problems and solutions with my peers. So, even if there’s an air of doubt about recent headlines about the vendor, RSA’s annual conference is where they gather.
Joe Sturonas, Chief Technology Officer, PKWARE
1. Really interested to see how the intersection of surveillance and security are going to play out. Hopefully, it carries more of an international perspective instead of just a U.S.-centric perspective.
2. Wondering if there will be more talk about the conspiracy around whether Dual EC was compromised by RSA in exchange for compensation from the Federal government, prompting speakers to drop from the RSA conference. We’ll be watching the nearby, rival TrustyCon event, especially if it blossoms in its second year.
3. Will there be any buzz about the recent NIST Cybersecurity Framework? The framework is broad and drawing mixed reviews. We like it as a jumping off point, though there’s plenty of work left with filling in the security details – and with how security vendors work to translate the framework with interested businesses.
4. I fear we are going to hear about the Retailer breaches, but I hope the focus is on comprehensive defense in depth, rather than a “silver bullet.” Are we just going to hear dozens of silver bullets with comprehensive messaging around defense in depth?
We’ll report back on what came out of this year’s talks at the biggest U.S. security event. Of course, we’re curious your questions and what prompted your decision to go (or stay home). Share on Twitter or in the comments below.
Matt Little – VP of Product Development
Matt is a technologist at heart and has more than a decade of experience in the IT industry. In his role as VP Product Development, Matt oversees planning, development and lifecycle management for next generation PKWARE offerings including Viivo and vZip. Matt also plays a critical role in setting and driving product strategy and go-to-market activities for these products.
Prior to his current role, Matt held jobs as MIS/IT Director and IT Manager for PKWARE. Prior to PKWARE, Matt worked for Compuware and Johnson Controls. Matt graduated from Marquette University with a BS in Computer Science.
Joe Sturonas – Chief Technology Officer
Joe Sturonas has been developing commercial software for over 25 years, and at PKWARE he drives technology strategy across their entire product portfolio. As Chief Technology Officer, Joe is responsible for product development, including software engineering, documentation, quality assurance and technical support. He has extensive experience in data security, data center optimization and artificial intelligence. Mr. Sturonas holds a BS degree from Miami University and an MS degree in Computer Science from DePaul University.
