RSA Conference 2016: The infosec glass house?

Raj Samani, VP and CTO EMEA at Intel Security

A couple of years late to the party, but I finally made it to San Francisco with a real sense of excitement to attend what was described to me as the “Super Bowl of the Security Industry.” Working with the analogy, there certainly were plenty of cheerleaders waving their pompoms for companies all claiming to do threat intelligence, and of course let us not forget machine learning.

The repeated visual bombardment of dashboards, presenting graphical interpretations of data garnered from what appeared to be the same fire hose, left me in a bit of a pessimistic mood.

This however didn’t prepare me for the marketing ploys to capture personally identifiable data of RSAC delegates, who seemed all too willing to share this for very little. I wrote a couple of years ago about how the general public were giving their personal data for chocolate was a step a little too far, but this was almost exactly the same ploy being used by security vendors to capture the personal data of delegates at RSA Conference.

For example, one particular vendor was offering boxes of hot noodles and spring rolls in exchange for ‘quick scan’ of attendee badges. Judging by the long lines for these delicacies, the cybersecurity world’s finest were more concerned with addressing their short-term hunger than with weighing the long-term value of exchanging their personal data, without any review of a visible privacy policy (detailing such things as how data will be used). This was a transaction without the transparency these “professionals” claim to hold so dear.

This of course was not the only ploy to scan delegate badges, but based on the comments from the original article about consumers giving away data, are we as an industry really setting the best example by which we expect society to be more hard-nosed about preserving individuals’ data?

Indeed, as Dick Whittington made his way for the streets paved with gold in London, we can argue that San Francisco has an even more precious commodity, namely business cards littered like confetti all across the temporary carpeted floors of the Moscone, outside on the street and inside the nearby coffee shops.

There is little doubt that the security industry is clearly an industry, but do we really have any right to educate society on the preservation of their own data when we ourselves are so loose with our own data?