As the RSA 2014 conference progresses, I'm realizing, much to my chagrin, that the buzzword cybersecurity is gaining...
traction. It started in the keynotes and has continued session after session since then. Check out these session titles from the second day alone:
- "Implementing a quantitative risk-based approach to cybersecurity"
- "Why cyber incident response teams get no respect"
- "To regulate or not to regulate cybersecurity: That is the question"
- "An overview of the EO cybersecurity framework"
- "Cybersecurity the old-fashioned way: Pass known good content"
- "Why we need a cybermilitia (and how to get one)"
And those were just the morning sessions! Blech.
More RSA stories
View all of our RSA 2014 conference coverage
So why all the love for "cyber"? Is cybersecurity the future of security? Does information security need rebranding? It could be argued that we're off course, but is it really going so badly that we need to follow the course of what local officials do by renaming streets that have a bad name? Or of what federal politicians do when rebranding their failing political causes?
People in our industry keep drinking from each other's Kool-Aid, but this rebranding is further isolating outsiders -- especially management, who already doesn't "get" us. We have an identity crisis enough as it is.
Here's my point: Don't fall for the hype, the vendor fodder. Even if RSA has further legitimized cybersecurity in 2014, stay the course you were on with information security and managing information risks. We can rebrand our field until the end of time, but I think it's only hurting us.
People are always looking for something new, something better, something faster, something cheaper. Some people obviously believe that cybersecurity will offer these things and more. Me? I'm not so sure.
Don't let marketing hype steer you in the wrong direction. Understand what it is you need for your network in the context of your business. Only you know best how to manage your information security risks.
About the author:
Kevin Beaver is an information security consultant, expert witness, author and professional speaker with Atlanta-based Principle Logic LLC. With more than 25 years of experience in the industry, Beaver specializes in performing independent IT security vulnerability assessments of network systems and applications. He has authored or co-authored 11 books on information security, including the best-selling Hacking for Dummies as well as Implementation Strategies for Fulfilling and Maintaining IT Compliance. In addition, he's the creator of the Security on Wheels information security audio books and blogproviding security learning for IT professionals on the go. You can reach Kevin through his website, www.principlelogic.com, follow him on Twitter at @kevinbeaver and connect to him on LinkedIn.