Takeaways from RSA Conference 2020

Image for post
Image for post
Photo Credit: Kaitlyn Bestenheider.

I just came off another successful RSA Conference (where more than 40,000 cybersecurity and privacy professionals descended upon San Francisco to discuss today’s pressing privacy and security issues and swap insights on how to address them): 5 days, 1 panel, 1 roundtable, 4 dinners, 7 networking socials, 3 lunches, more than a dozen meetings, several sessions and keynotes, and even more cybersecurity and privacy peers connected with!

Wow, writing that brought a wave of momentary exhaustion and excitement. Following RSAC 2020, I took the time to recharge and to reflect on some of my overarching takeaways.

Takeaway #1: Privacy was on the rise at RSAC 2020

Image for post
Image for post
Jules Polonetsky delivering his keynote on navigating privacy in a data-driven world and treating it as a human right.

Each year I attend RSA Conference, the number of times privacy gets highlighted at the conference keeps rising, and this year was no exception. This year, thanks to Susan Lyon-Hintze and Angelique Carson, there was a robust privacy track with two keynotes focusing on privacy (one on genomic privacy and another on privacy as a human right). Privacy topics like GDPR, CCPA, the NIST privacy framework, and privacy engineering were commonplace.

While the intersection between cybersecurity and privacy seemed clear from the program and its attendees, it was surprising to witness when practitioners on either side were unable to articulate the difference between the two domains. This just means that we still have more work to do to bridge the knowledge gap between the two areas of expertise.

Takeaway #2: The rise of privacy tech, in particular, was evident

Image for post
Image for post

The rise of privacy tech, in particular, was evident, from the expo hall to the winner of the Innovation Sandbox contest and even at RSA-adjacent events. Privacy tech companies such as BigID, OneTrust, 1touch.io, Privitar, Fasoo, Startpage, Integrisio, TrustArc, Immuta, Clarip, and Spirion, amongst others, were showcased at the expo hall. We also saw Securiti.ai win the Innovation Sandbox contest for its privacy operations platform, Privacy.ai. At RSA-adjacent events like SPJ GTM ‘s Sky Lounge series, privacy and encryption startup, StrongSalt, held a lunch and learn session exploring privacy and encryption problems and their proposed solutions. Along with these startups were investors interested in the rising privacy tech market, with several VC firms hosting dinners and adjacent events on privacy topics like privacy engineering.

Takeaway #3: It’s time to leverage privacy in the cybersecurity space

It was pleasantly surprising yet simultaneously alarming to witness startups leveraging privacy as a competitive advantage at RSAC 2020.

On one hand, I am huge proponent for recognizing and utilizing privacy’s value and have dedicated my work to helping startups do this. During RSA week, in particular, I worked with cybersecurity startups on exploring how privacy can be good for business. I pointed out how privacy is being used by the biggest brands-including enterprise cybersecurity leaders like Cisco and Palo Alto Networks-as a competitive advantage and a sales enabler. And as I’ve previously written on, privacy affects the bottomline and helps unlock the value of personal data. It also provides a market opportunity to innovate. In other words: privacy is no longer a compliance checkbox; it’s a long-term business strategy.

Image for post
Image for post
Sales delays tie to a company’s privacy program maturity.

On the other hand, I was alarmed to see a handful of startups trying to break into the privacy tech space without, in my opinion, sufficient privacy strategy. After talking to these startups’ representatives, it surprised me that some of them have not thought about their own internal approach to collecting and using personal data or to setting a culture of privacy within their own companies. It’s analogous to being a cybersecurity company with terrible or lacking security controls. It’s failing to walk the talk.

The positive thing is that many of them recognize that they need help understanding the field that they’re looking to break into. And there is a strong network of highly experienced privacy professionals who can help them do this.

Takeaway #4: Coronavirus fears increased conference safety precautions (harkens back to pre-GDPR era)

Image for post
Image for post

Cybersecurity and privacy hygiene aside, it was interesting to witness how coronavirus fears (fueled by media reports of the outbreak, the RSA sponsors pulling out at the last minute, and other conference cancelations) ended up increasing the safety precautions at RSAC. The conference organizers themselves made available plenty of hand sanitizers and water for hydration throughout the conference sites. Some attendees self-reported increased vigilance by avoiding handshakes and unnecessary physical contact, staying hydrated, prioritizing self-care, and skipping evening events.

Oddly enough, this reminded me of the pre-GDPR era when only an internal privacy incident or breach (or a similar one close to home, within the same industry) could increase privacy budgets and raise privacy prioritization within a company. Thankfully, gone are the days of waiting for privacy fears to materialize close to home before companies decide to take action to prioritize privacy.

Takeaway #5: The Human Element was out in full force

In alignment with this year’s conference theme (the “Human Element”), my favorite part about RSAC 2020 were the people I collaborated with, met, and learned from.

I was thrilled to hear from and catch up with so many fellow privacy practitioners: Susan Lyon-Hintze, Lydia de la Torre, Angelique Carson, Joseph Jerome, R. Jason Cronk, Denise Shoeneich, Jonathan Fox, Peter McLaughlin, and Jules Polonetsky.

It was equally lovely to catch up with my cybersecurity folks, such as my old team from Palo Alto Networks, including from colleague, John Kindervag, the father of Zero Trust.

I particularly loved working with cybersecurity startup leaders from Qohash, NoviFlow Inc., Flare Systems, Inc., Securicy, and ISARA Corporation, along with the Canadian Technology Accelerators. I am grateful for the amazing collaboration with Thierry Lu, Safia Morsly-Fikai, Christine Lee Shun, Sophie LaPointe, Guy Veilleux, Tim Kline, Dominique Jodoin, Darren Gallop, Matthieu Lavoie, and many others. Their openness to exploring privacy as a business strategy made my RSAC week particularly fulfilling.

Image for post
Image for post

I also thoroughly enjoyed meeting entrepreneurial leaders like Steve Erbst, PJ Johnson, Ed Yu, Raymond Choi, and Amy Hermes, amongst others.

It was a treat to explore data ethics and data ownership with folks like Davi Ottenheimer.

RSAC week wouldn’t be the same without my brilliant co-panelists, Michelle Dennedy & Hilary Wandall (both pictured above).

On top of these amazing people, it was particularly delightful to meet PrivacyPupper and her human, Kaitlyn Bestenheider.

Image for post
Image for post
L-R, Top: Lourdes Turrecha, Hilary Wandall, and Michelle Dennedy. Bottom: PrivacyPupper. Photo Credit: Kaitlyn Bestenheider.

I appreciate each person I connected with during RSA week, some of whom are highlighted here, along with others I may have omitted. Suffice it to say that the human element was out in full force last week!

Bonus Takeaway: The Human Element is Inherent to Privacy

Last but not the least, I wrote separately on the how the human element is inherent to privacy in a previous post.

If you attended RSAC 2020, what were your key takeaways? What privacy topics would you like to explore next year?

Follow me on Medium to be the first to read my posts.

Image for post
Image for post
Image for post
Image for post

Enjoyed that read? Click the ❤ below to recommend it to other interested readers!

Written by

Founder & CEO @PIX_LLC @PrivacyTechRise | Privacy & Cybersecurity Strategist & Board Advisor| Reformed Silicon Valley Lawyer | @LourdesTurrecha

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store