RSA CONFERENCE 2023: what security leaders need to know
Published By
Adam McCarthy
May 2, 2023
3 min read.

If there’s one thing I’ve learned as the CEO of an Australian cyber security company, and a former soldier, it’s the constant need to be ready for change and adapt quickly when it happens. After recently attending the RSA Conference 2023 (RSA2023) in the United States – arguably the largest security conference in the world – I can see some big changes looming for our industry, which I wanted to share.

During the next 12 months, I predict many of the companies that I saw at #RSA2023 this past week will be acquired or taken over by larger organisations wanting to keep pace with technological innovation and move to a centralised ‘one tool to solve all’ security approach.

Software companies are diversifying.

RSA2023 had a big focus on Extended Detection and Response (#EDR) and Managed Detection and Response (#MDR) services – areas in which we specialise at ParaFlare. Most Software as a Service (SaaS) companies are now offering their own Security Operations Centre (SOC) in a sure sign many are looking to diversify into services. History is littered with examples of distracted businesses trying to do both, so time will tell if these businesses can execute the services element in a manner that both benefits their customers and maintains good alliances and partnerships with managed services providers. The drive toward more SOCs is a clear result of customer demand and a sign that more businesses are starting to understand the importance of response and recovery – critical elements of cyber resilience.
It’s clear the industry is booming, with literally hundreds of new companies solving challenges that affect every country in the world. In many ways, this is encouraging. But it also left me wondering how these new companies are different within their respective sectors, and how focused they are on the specific needs of their customers.

Our industry is sharing knowledge around the globe.

Overall, I was struck by the quality of the people that work in our industry and the shared challenges we face across the globe. Everyone was open, and happy to exchange ideas and share views on trends – from industry partners, through to the national security and local Information Security communities. I spoke with former members of the Five-Eyes Special Operations and intelligence communities who are now focused on cyber, bringing the same perspectives of the pervasive threats that Frank Santucci and I brought together when we founded ParaFlare.

Around the world, the industry is aligned in its goals, and constantly innovating in the fight against hacktivists, criminal groups and state-sponsored threats.

For ParaFlare, it was about meeting with key partners.

One of the most interesting and surprising aspects of RSA2023 was the sheer number of non-conference related events held by vendors on the fringe of the conference, and the lack of actual customers in attendance. Every morning, lunch, and evening there was a different vendor event, and it was impossible to attend them all. I felt as if the whole conference was focused on vendors selling to vendors and partners, with most CIOs and CISOs laying as low as they could to avoid the incessant targeting and selling.

For ParaFlare, meeting with key partners was a big focus, but also some deeper engagement with our customers – even over some coffee, a drink, or a Clam Chowder by the Bay at Bubba Gump Shrimp Co. I always prefer those genuine face-to-face conversations and the opportunity to connect on our shared challenges one-on-one.

Who could forget about AI?

RSA2023 would not be complete without a comment on AI. I was aware of a running joke throughout the conference that if you just tagged “AI” at the end of your company, then the value of your company would increase tenfold. There was a huge number of companies leveraging some form of AI technology. Companies that have used OpenAI Large Language Models (LLM) are so numerous, that if you’re a vendor and not using LLM to streamline report writing, information presentation or alike, the chances are you will be left behind in this new revolution of human to machine interaction we call AI.
With 70,00 people from across the cyber security industry attending RSA2023, I was but one of many hundreds of CEOs and founders scattered across San Francisco, networking, engaging, sharing, laughing and all reinforcing our shared commitment to securing our way of life. It’s safe to say that I truly caught the RSA bug.

I’ll see you in 2024 San Francisco. 

You Should also read

Inetcache: exploiting from within

The impending confrontation with adversarial LLMS

XDR, SIEM AND SOAR convergence.

Attack lifecycle detection of an operational technology breach