Waiting for the RSA Conference is a bit like counting down the days until Christmas. And RSA with a full conference pass is the security and risk version of the Toys”R”Us “Big Toy Book” but better — my only limits are good time management, a realistic assessment of logistics, and a pair of comfortable shoes. As I flip through the catalog pages, here’s what I’m adding to my wish list:
Sessions I Favorited For Monday, February 24
8 a.m. — FAIR Institute: A FAIR Approach to Cyber and Technology Risk Measurement, Moscone West
Confused about what cyber-risk quantification is? Don’t worry, you’re not alone. Cyber-risk quantification is mathematical modeling to render the business impact of cyber-risk exposure in financial terms. As strategic investment in cybersecurity programs increases, security and risk pros need to communicate the ROI of their efforts in a language the business understands: financial terms. To learn more about cyber-risk quantification, check out my report, “The Forrester Tech Tide™: Governance, Risk, And Compliance Management, Q4 2019.”
1:30 p.m. — RSAC Innovation Sandbox Contest, Moscone South
We hear from Forrester clients time and again that they’re looking for innovation from their vendors — yet when innovation comes knocking at their door, CISOs are too often reluctant to take on the “undue risk” of working with startups or early-stage companies. To help you navigate the third-party risk of working with younger technology vendors, read “Capturing Innovation In Your Security Program” or find me at the Innovation Sandbox checking out the latest and greatest in security and risk technologies.
What I’m Hoping To Find
Horse-powered engines, not faster horses. Henry Ford said it best: “If I had asked people what they wanted, they would have said faster horses.” With governance, risk, and compliance (GRC) technology adoption at its highest levels in almost a decade, many vendors have become so closely aligned with the needs of a subset of customers that they’re neglecting the needs of the broader market — or are too deep inside their echo chamber to see that they’re misaligned with where the market is headed. With that, I’ll be scouring the exhibit halls looking for innovation, usability, and technologies that know where to find data that already exists in the enterprise (hint: your data center, payment systems, contract systems, and HR technologies, among others). Take it a step further to pinpoint the tech that then connects these disparate data points and funnels them right into GRC technologies. Don’t make me ask a third party for data you already have. Don’t make me fill out questionnaires with information I just gave you. Automation is not workflow with a dozen clicks — it’s a process that respects my time and my attention span.
If you think your product is a needle in the haystack, tweet me your booth number @AllaValente, and I’ll stop by.
Safe travels to all, and I’ll see you at RSAC!