Join the podcast as we dive into a fascinating conversation with Britta Glade, the Vice President of Content and Curation at RSA Conference. Discover the world of "people's trends" as Britta sheds light on her team's meticulous analysis of 2,400 speaker submissions from influential practitioners in the industry. Get an insider's perspective on RSA's technical session selection process, where industry experts and data science come together to uncover valuable insights and emerging trends.
Host Paul Shomo raises an interesting point about the scarcity of industry reports capturing these practitioner trends. The discussion takes an exciting turn as Glade and Shomo geek out over the submission trends for 2023. From the Russia-Ukraine conflict and the vulnerabilities lurking in open source software to the intriguing concepts of shift left and shift right, quantum computing advancements, and the evolving landscape of SBOMs driven by the recent White House executive order, this episode covers it all.
Connect with Britta Glade on Twitter @brittaglade or find her on LinkedIn at linkedIn.com/in/britta-glade-5251003. Share your feedback and join the conversation with host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn at linkedIn.com/in/paulshomo. Don't miss out on this informative podcast episode that offers deep insights into the ever-evolving world of cybersecurity.
Join the podcast as we dive into a fascinating conversation with Britta Glade, the Vice President of Content and Curation at RSA Conference. Discover the world of "people's trends" as Britta sheds light on her team's meticulous analysis of 2,400 speaker submissions from influential practitioners in the industry. Get an insider's perspective on RSA's technical session selection process, where industry experts and data science come together to uncover valuable insights and emerging trends.
Host Paul Shomo raises an interesting point about the scarcity of industry reports capturing these practitioner trends. The discussion takes an exciting turn as Glade and Shomo geek out over the submission trends for 2023. From the Russia-Ukraine conflict and the vulnerabilities lurking in open source software to the intriguing concepts of shift left and shift right, quantum computing advancements, and the evolving landscape of SBOMs driven by the recent White House executive order, this episode covers it all.
Connect with Britta Glade on Twitter @brittaglade or find her on LinkedIn at linkedIn.com/in/britta-glade-5251003. Share your feedback and join the conversation with host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn at linkedIn.com/in/paulshomo. Don't miss out on this informative podcast episode that offers deep insights into the ever-evolving world of cybersecurity.
So that wouldn't even honestly make it into the program committee's eyes for review. So yeah, we have a healthy blend of practitioners who are presenting and vendors. The dataset that we're looking at, though, that then is driving these trends is both it's coming from all parts all facets of the of the ecosystem, maybe goodness. There's policy makers who are contributing into this. There's lawyers who are contributing into this. So it's a little bit of all corners of the industry. That's one of the things that's kind of interesting about this. Obviously, if you go on the show floor, you're getting all the marketing messages and that's of a communication from tremendous number of vendors. But this is a big dataset you said 2400 submissions. And this is what the practitioners what people in government agencies are thinking and you're doing the analysis on that. And I don't I don't know that there's another it's not like we have a Gallup polling that's pulling practitioners and doing focus groups. So this is one of the better datasets if you want to get your finger on the pulse of the practitioners I feel like. I would agree. And you know in my perfect world, if we're going to geek out on data together, what would be interesting then is to cross compare this to the body of descriptions of vendors on the show floor to cross compare that to all of these submitters for our innovation sandbox. That was actually you know that was also a record number of submissions that we had this year. To look at you know what seemed to be early indicators? Are we seeing, are we seeing early horses in the race from what comes through from cough or speakers or ISB or expo floor to kind of triangulate some of those things together? The genealogy of cybersecurity is a new kind of podcast. Here we'll interview notable entrepreneurs, startup advising cisos, venture capitalists, and more. Our topic, the problems of cybersecurity, new attack surfaces, and innovation across the startup world. Welcome. I'm your cybersecurity analyst, Paul shomo. Okay, so I am Britta Glade. I am vice president of content and curation for RSA conference. And I have been lucky enough to be working on the RSA conference content side for goodness. I think I'm at year 7 or year 8 now. If it was a child, I could tell by how tall the child was at this point, right? Or how far they are in school. So it's a really, it's a fun opportunity to work with people from across the industry. I came out of an analyst relations background. So I'm lucky that I get to continue engaging with a lot of these great industry analysts and such too. As we continue on our journey in cybersecurity together. Absolutely. And we met last year. We talked and geeked out a bunch about this amazing deal. Yeah. So we both have this same passion of going meta behind behind trends and trying to find where's the really good high fidelity data, not the noise, essentially. And so I was really surprised when you told me because you do put out this blog post over here. But when you told me what is behind it in the work you're doing with the data, I got really interested in you, put your report every year on my calendar, so I look it up. So could you talk about that a little bit about the dataset behind it? You bet. I love a fellow geek with the data because there's always there's a story, and there's a story behind the story, and there's probably several other chapters to the story with any time we look at data. So this year's dataset exploded Paul. We had more than 2400 submissions to speak at RSA conference, which is an all time high. And that is that's the fundamental dataset that we use to look at these trends. And some of it, so there's a pre read process with me and my colleague, Casey circus, and doctor Hugh Thompson, who's our program chair, we read every single submission that comes in. For a couple of reasons, right? We're looking at it for, well, we're looking for, is this a high quality submission? Because we want to make sure that everything we pass on to our program committee for review, you know, passes that basic muster. If there's time, we go back to the submitter if we see gaps if we see something that maybe they could do a little bit better because we want to make sure everyone's best foot is put forward. So we're doing that. And in the course of that read, we're keeping track of what, what seems to be rising to the top. And sometimes it's a little tiny things. It's onesie twosies with, wow, I've never heard this word before, or this description. For this sentiment before, or whatever it is. And sometimes it's and sometimes that is driven by a vendor with a point that they're trying to get across other times it's coming from many, many different sources. And those are the interesting trends that really do bubble to the top and really give us a view of what's on the collective mind, if you will, of the industry. Some of it is some of it is reflective on the past and some of it is looking toward the future yeah. One thing I wanted to get a little clarification on. So in general, RSA favors practitioners over vendors. Is this more practitioner dataset or vendor dataset? What does that look like? RSA conference, yes, the selections that are made. It really is we've got lots of fantastic vendors who do present there's a lot of really talented vendors who are employed across the industry. Now, they know when they're on the RSA comfort stage that their job is to be neutral in educational. So that is that that's the necessary bar that all submissions are held to, is this educational? Is it neutral? Meaning it's not pushing a particular product or solution as this is the only way to solve this issue that we've just laid out is blah, blah, blah, blah product from XYZ vendor. But I really like this dataset because it's one of the few places where you could really reach into it's not even just practitioners because it's going to be the more influential practitioners. Exactly. You tend to get some of the you know fortune 1000 folks when you have someone like ADP, for example, which is presenting on our dev sec ops track, talking about a specific program that was implemented. In a pretty big form, Netflix, similar kinds of things. So you get these big influential companies talking about experiences they have. And we see you know what gets what goes into this trends analysis, this trends work that we do. Let's use it. Let's use an iceberg analogy if we will. Everyone uses iceberg analogies, right? So there's the part of the iceberg above the water that you can see. I would equate that to the session title of the session abstract that gets printed. You can go to the RSA conference site right now. You see that information for the lucky folks who were selected to present. But the other part of the submission that comes through that we're looking at for trends, the under the water piece of the iceberg, if you will, is the session detail. So there's a very there's a longer portion of these submission that that's the submitter talking directly to us as the program committee in their words with a whole lot more detail. Which is important detail to help the program committee differentiate between potentially like submissions on similar kinds of topics. So that's where you really peer into the heart and soul, if you will, of the submitter, you really understand what are the things they're struggling with? What are the things that they are overcoming? What are challenges that they have faced within their deployment of identity? For example. And that's those are the things that bubble up, I believe, some of the less obvious trends, some of the wow, let's watch this space for a while that might not come up in the 400 characters or less abstract that you see on the RSA conference site. Great point. So if you were to scan your agenda and I think some people do this and they get a feel for what the approved and talks that actually got approved, you might feel like you're getting a feel for what the trends are. But probably what another 1500 words that was submitted behind that to describe the actual content. 2,500 actually, yes. Almost double that policy. There's a lot of richness behind that, exactly. And also that you have something on open-source. That's always been beat up a bit this year or a little more than a year for vulnerabilities. But you might not know that 20 submissions were for that. And you only let through two, whereas another talk came through, you might have only gotten one in that area. So you're kind of waiting that as well, right? Exactly. Exactly. So that is the challenge of the program committee when they're looking at, gosh, I'll say you know, the first topic of the trends blog this year that we looked at was Ukraine versus Russia. No surprise there. Right? What was interesting there? I mean, goodness, we could have had a full track just on the analytics intelligence and response angle of the Ukraine versus Russia. If we wanted to. And the program committee struggled with that. They're like, gosh, there's all these really good submissions. Can we please add? Can we so all of those things you know, what turns into the RSA conference agenda? All of these factors and we're weighing and we're debating and we're wrestling between program committee members with trying to figure out how much real estate does any particular topic have the analytics intelligence and response team was challenged with they have to figure out how much weight are they giving to any particular topic because they're looking at 300 other submissions that are in their purview for selecting 14 total sessions, if you will. So you look at Ukraine versus Russia, there's a couple of the deal with the intelligence piece of it, the analytics. So that side, there's a couple more sessions that you've got very interesting high ranking diplomats of policymakers speaking about how did we work together? You have yet another group. There's one very interesting one on the fraud prevention track. It's looking at it from the side of a bank. And just to be clear, too. So you're talking about you have data scientists working on the full set of submitted data. But you also have you also have people to committees of experts that are independent of RSA and decide what goes in as well too, correct? Yes, yes. And that's well, they a 100% decide what go in, which is a very, very important piece of RSA conference. If you add up all of the different folks who are involved in our program committee function across all of the different activities, we've got over a 150 different folks that are donating their time donating their expertise to battle it out with each other to make the selections of what actually makes it onto the RSA conference stage. So those folks are looking their job is not analyze the trends and come up with the big collective things. Now, we do have a really, really it's my very favorite call that we do as part of this whole process. We bring the whole group together to speak about trends. They each have their own tree, if you will in the forest with their collection of submissions they've been given to review. And then we bring all of our trees together to have this forest conversation with what bubbled up. What matters a lot? Why do we need to make sure that our attendees at conference are exposed to? And when you get that mash up of perspectives of different areas of expertise that these folks are bringing together, sparks fly. And that that conversation does inform some of what lands in this trends blog, but very much so. And the other part of this trends block is that the quantitative data that's coming up from this dataset. Let's go over some of these big trends that you saw in your report here. So you already mentioned Ukraine and Russia, obviously, quantum, can you talk about that just from a very high level of what you saw there? This is a fun one you know. The joke had always been, oh, it's the year of PKI for many, many years. And quantum is kind of been in that same bucket where you were getting little tiny fringe submissions for many years. Many of those from the same individuals from the same organizations. And quantum just seemed to explode this year. And the question there is, why, right? And that's where, you know, in the post, we pointed to, you know, certainly there's the NIST algorithms. There were some Nobel Prize focus here. There's NSA requirements. So some of that as well, these are obvious indicators that have probably pointed us that direction. And it did you know it was reflected across many, many different submissions that came through. So there's going to be some great conversation there. There's going to be some great content that gets into things from quantum, both from you know the deep bits and bite side, if you will, but also the business applications and implications and such there. And then open-source is a big trend that looks like as well. Open-source is a huge trend. And that's an interesting one, Paul, because if you were to look at our agenda last year, you'd say, well, Britta, you had a whole track focused on open-source last year. You don't have it this year. Doesn't that just that seems backwards from what you're telling me? And the reality there was open-source is so pervasive at this point that we decided collectively with our group of it didn't make sense to bandit just to a single track because it really was pervasive everywhere. And that's exciting. And I think it's important that we're recognizing that as an industry. Because you're really talking about open-source use and the supply chain and software bill of materials also when you're referring to this general umbrella, right? Correct. And you know I love Allan Friedman who I'll always you know he's my poster guy for the whole SBOM world. He has a great LinkedIn post on this where he pointed actually to this trends book and true to some of the discussion here because, again, SBOM, you can look at as this is, you know, this is software bill of material. This is what's required of me because of the Biden administration executive order, but you look at how this is being internalized them into companies, right? They're having to approach development differently. They're having to producers of products or having to list things differently. Policymakers are having to keep track of things differently. So this is another one of those wow, the tentacles of open-source really have touched all parts of our ecosystem. Yeah, yep. Great. Great point. You also are shifting right and shifting left. This is a this is a big one. It's kind of hard for I think people to wrap their heads around because we're talking about software developers. Every company becoming a software company, tell us about that, what you saw there on that trend in terms of submissions. It is, and it's interesting because for so long, it was the shift right shift right. That was generally speaking the tone of submissions that was coming in. This year, there was a lot more on the shift left, and then there was discussion about shifting centers. So our words were having a little bit of fun here in the trends block, but this really is a process conversation, how are organizations approaching it? It is the people you know. I always look at things as process. People and technology. And this really does stretch across all of those. And certainly cloud is impacting this heavily speaking of pervasive technology. Cloud certainly is affecting everything everywhere. So there was a different sentiment to how this was being discussed. Well, undervalue the language, but when they're trying to get into a new field, one of the big things they're doing is learning what words to say and how to use them. So they sound like they know what they're talking about. So that's actually a much bigger thing that people realize. And so one of the things you're doing here too, as well as you mentioned in your dataset, you're pulling out specific words and terms and you're waiting. So when we're looking at these trends in your reports, you're pulling you're pulling out these phrases and these terms, these buzzwords as well. Correct. Correct. Some of the buzzwords being fully defined in the moment. Some of the buzzwords as being, huh, okay. I have, for example, if we go back to our S bomb conversation, there were sessions that talked about X bomb, H bomb, D bomb, P bomb, and sebum. There were so many letters put in front of bomb, which again is indicative of, wow, there's a stickiness to how an S bomb approaches being approached that has impact beyond just the software, the materials, if you will. Absolutely.