RSA Conference is officially upon us. The Security Practice at PAN has been hard at work prepping clients for the show, engaging with media for pre-show and on-site briefings on behalf of SMEs and ramping up for an exciting week of trend discussions, vendor announcements and meaningful connections made. PAN is not only supporting technology companies in the security space, we’re also pleased to support the presence of a global IT analyst, research, validation and strategy firm during the show: Enterprise Strategy Group (ESG).
As the firm prepares for the journey to San Francisco, the analysts from ESG’s cybersecurity team took a moment to sit down with PAN to preview the trends they’re most excited to track, discuss new technologies they’re predicting to hit the scene, and – perhaps most importantly –share some inside tips on how technology vendors and PR teams can best engage with analyst firms ahead of the show.
Jon Oltsik, senior principal analyst & fellow, Cybersecurity: It’s funny you should mention this. I’ll be participating in a session with ISSA about “The Life and Times of Cybersecurity Professionals” which will tie directly to this theme of “the human element.” The session will preview new results from the fourth annual ISSA/ESG report where we’ll explore the challenges cybersecurity professionals faced in 2019. We’ll be looking at the impact of the increasing importance of cybersecurity and what this is doing to the workforce in terms of the demand for cybersecurity professionals that wrestles with an ever-growing skills shortage.
From an industry perspective, we can also look at the human factor as it relates to developers, wherein developers are making decisions on what’s going into complications deployed in production (open source, APIs, Function as a Service). There’s a big human element here in thinking about the developers making these important tech decisions.
Doug Cahill, vice president & group director, Cybersecurity: We’ll also see the corporate vice president of Microsoft’s cybersecurity solutions group present her keynote on this very topic, focusing on the human spirit. Humans are the best line of defense against cyberthreats, and motivated people are the best tool when you’re up against a breach. The nature of bringing the cyber community closer together opens many more tools to facilitate this sense of community and sets IT leaders up for success.
Jon Oltsik: We’ll be watching for major vendors announcing market-shaping news. In terms of what they’re announcing, we certainly have some ideas from pre-briefings, but we’re predicting automation will be a huge one, spanning areas such as formalized automatic security processes, operations and automated penetration testing (aka “red teaming” for the masses). Looking at the past year in general, there’s been a wave of advancement in automation, but I’m thinking there will be a curve in this recent progression. I’m seeing many IT leaders speaking out about best practices, people hiring automation managers for security, and the tools themselves are starting to mature – it will be a big trend for RSA 2020.
Threat intelligence platform providers will have a lot happening at the show, too. While people want more threat intelligence to prepare and build risk strategies; unfortunately those skills aren’t quite prevalent or as well developed as they would like. We’ll be interested to see if emerging technologies coming from the show will look to address these shortcomings. We’ll also be keen to know of big announcements in cyber risk management, deception technologies.
Doug Cahill: Our group will also be looking to co-cover trends in identity access management, focusing on cloud-driven identities and any massive adoptions of cloud services for re-identification. There’s going to be some big spend and some big changes here that are showcased at RSA. Adoption of serverless functions should be front and center, as well. Our research has shown that those organizations already consuming containers are far down the path on consuming serverless functions as part of their primary application architectures. I’ll also look to see if there will be news on identification as an enabler, a newer digital transformation angle that gets vendors closer to their customers.
Dave Gruber, Senior Analyst: I’ll have a close eye on XDR – detection and response that goes beyond endpoints. We’re expecting a bunch of movement and announcements from endpoint security players who are using the show to announce they are entering the cloud security world. Also, email security alliances with endpoint security players are near and dear to me.
John Grady, Analyst: Personally, I’m looking out for network security vendors shifting to the cloud, as well as anyone talking about software defined perimeters – notably how they’re looking to kill the VPN. I’m also curious about what the conversations will be like surrounding “Zero Trust.” This was a huge topic at RSA 2019, so I’m curious what this year will bring.
Doug Cahill: To be honest, getting your briefings in ahead of time and beating the rush of the show go a long way. We look to build out our meeting schedules with clients and partners within three to four weeks of the show, and unfortunately that leaves about only 5 percent of our schedules open for those PR meeting requests.
John Grady: The bar is going to be high for our last remaining meeting timeslots, so the best way to capitalize on your news is a successful briefing after the conference.
Dave Gruber: If you’re trying to get ahold of us during RSA Conference, keep your emails incredibly short and concise. We’re going to be walking around and it’s a challenge to stay on top of things.
Jon Oltsik: There are so many early-stage cybersecurity companies looking to make their news heard. We’re looking at go-to-market success proof points, and “stories of hope” in the market. Things like “I’m a small guy announcing a big partnership” or “I’m putting out this really interesting new thing that benefits the enterprise.”
Doug Cahill: For those we are able to meet with at RSA, our analysts are most interested in meeting with VPs of marketing, CMOs and VPs of content, who tend to be our first points of contact at vendor organizations. If you’re looking to set up meetings with a chief technology officer, a chief data scientist or chief researcher, you’re best putting those folks in front of media. At the end of the day, analysts are using RSA to drive meetings with those who we can grow relationships, forge new partnerships and discover interesting new clients with whom we can collaborate.
Many thanks to Doug Cahill, Jon Oltsik, Dave Gruber and John Grady – we’ll see you at the show!