Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Morning. How are you doing? As you can see, I am back in Ottawa from RS A 2018 down in San Francisco. Um, this week, as you can tell with the show has been a little kind of up and down and all around.
I learned some lessons, uh figured out some challenges to kind of identi or identified a couple of challenges I need to tackle um in the next week or so. Um But overall all good and I'll get, I'll get to that at the end of the, this segment.
Um But what I want to talk about was the actual conference. So RS A USA um is always one of the biggest infosec security conferences. Um It happens generally in the spring. Um You know, it was a little late this year in mid April.
But um it's basically where a lot of uh North American, a lot of European security folks come over as well. Um But it's uh sort of the, you know, everyone's there. So it's a, it's a good litmus test about what's going on in the industry.
Um It's a crazy busy hectic week. You can tell I'm a little dazed. Um, if you've been following me online, marknca, um, you probably realize that it's, uh, it was nuts this week in a good way, in a positive, positive way.
Um, so a couple of questions and convers came up in conversations this week, which I think were really, really good. Um, and I wanted to address them here on the show, um, just to give an overall view and it really started out with, um you know, the classic question and normally every year there is an actual answer to this one is, what was the theme of RS A?
Um Well, this year, there really wasn't a particular theme that jumped out. Normally you can walk along the expo hall and go. OK. This year's theme is A I or this year's theme is big data or it's deception technology or it's um IP S or it's next gen whatever.
Um This year, there wasn't really one theme that jumped out and I thought that was really interesting because it showed that security uh the community and the V landscape and the market is really acknowledging that there's a lot of problems to be tackled.
But from my perspective, I'm really disappointed that one particular problem wasn't tackled and that's the basics. There was a lot of vendors there with overall portfolios, that's great. There is a lot of specific security control.
Um like we do this one thing and this one thing. Um well, or we try to do it well. But uh you know, and that acknowledges that security is a problem on many, many fronts. And that's OK.
That's a very good thing. That's a good step forward. But I think we as a community have year over year failed to realize how much emphasis we need to put on the basics. It's too easy to start looking and going.
There's all this cool stuff, there's really, um you know, all this cutting edge things that we need to dive into and that is interesting. I am from a security um hat, from an engineering hat, from a nerd hat.
I love that stuff too. Um But at the end of the day, uh businesses and organizations are still struggling with the basics. So um deploying patches and automatic updates, um teaching uh users or educating them about security decisions and context, especially things like phishing and email security.
Um These are areas where we really need to double down and triple down our efforts to get the basic hygiene up before we start diving into the other stuff. And it's unfortunate because most of the teams I talk to um in organizations that are defending, they say, oh no, we're, we're doing all this crazy threat hunting stuff because we've already got the basics locked.
You. No, you don't because it still takes six months to get a patch out there. Um Because you're still forcing to change uh users to change their password every 90 days, you've done stuff that is comfortable, but you haven't done stuff that's effective.
And I think that was really the takeaway from a lot of the conversations I had was that, um, people outside of the security community are hungry for real tangible education and they want help, they want to make this better.
And the way that we do that is focusing on the basics. Once that's in place, then we can extend. And I'm not saying you don't need all these crazy security controls. Obviously, I work for a vendor. I wouldn't work there if I didn't believe in the quality of the controls and the quality of solutions provided.
That's a piece of the puzzle. I think we as a community need to make sure that we see the overall puzzle because if we're, if we're just looking at one piece and we're not looking at the holistic challenge, we're going to really, really shoot ourselves in the foot.
So the way I explained it to somebody the other day during our conversation, we were talking about data analysis and data analytics. I said in general, security is a very myopic view of things. So we look at the perimeter and if we were looking purely at inbound network data and saw a huge amount of unexpected traffic coming from a variety of IPs the security concept is that's a DDOS attack.
If you go back one layer and talk to your application guys and they see their applications scaling out. Um but they don't know about anything before or after. They'd probably say, you know what that's unexpected. That's probably a bug.
And if you talk to the business guys who are only looking at the transactional data in the back end, they see a lot of transactions coming in. They're gonna go, hey, this is a fantastic day like we are doing good business today.
Um The problem is any one of those could be true, they could all be false. You need to look at all three sets of data. You need to look security data, the application and stack data and the business data all together holistically to make an accurate assessment.
And that's a challenge in security for data. That's a challenge in security for approach. We need to get our butts and gear, we need to flip into educator mode. So on that note, um obviously had some challenges this week with the show, had some wins too.
So I took, I did not take my Macbook, I only took my ipad Pro and I was reminded gently by the performance on the ipad Pro that it has custom hardware in there. So it was rendering videos.
Um So after I do the live stream, I render the video and put it up on youtube, it was rendering the graphic overlay in the beginning um way faster like 10 X faster than the uh my Macbook pro and they're both the same generation and that was really frustrating.
I was like, wait a minute, there's custom hardware in the ipad. So I would love to be able to go from my Macbook to render on the ipad to put it back on my Macbook. Um But anyway, I learned that that was great.
So, mobile video editing, I was using a tool called Luma Fusion as well. Um It's an expensive app. It's about 30 bucks for the ipad, which is expensive, but it's amazing. Um So three track video editing that worked really, really well.
What didn't work so much was time zones. Um I was on the west coast, so three hours behind my normal time, uh first day or two, you know, I was up and it was easy. Then I started to adjust um better to the time zone and of course meetings started piling up.
So it made it harder. Um And I, I don't think that's a bad thing. Being decently consistent is good. The challenge is letting you folks know. Um So I need to figure out a better way to notify when I'm gonna broadcast or when I'm not going to be on air on a day.
Um just given the nature of schedule changes and I think, you know, the vast majority of weeks, I'm gonna go five for five travel weeks, you try to hit, hit five for five. But even if you go three for five.
That's not bad, but I need a better notification mechanism. So a couple of quick learnings, couple quick lessons, a couple of quick things to work on. Thankfully A w announced a super cool feature in medias live streams in that they can output to RT A MP now.
So I can actually implement the surve design. I wanted to for streaming. So I might be playing with that over the next couple of days won't change the end product to you, but it will change the number of mediums you see it in.
So anyway, great week at A RS A. Um Lots to think about. Um What did you think? Did you follow the conference from afar? Were you on site? What were your takeaways? What do you think about security switching its role to more of educational and helping provide the context needed for users?
Um Do you think security should just stay as it is where it's a perimeter? It's gating. Do you find that effective in your organization? Let me know online marknca comments down below as always. I hope you have a fantastic Friday and I will talk to you all on Monday.
