Dear Reader, 

RSAC 2023 has finished and becoming a distant memory, but we met with more than 40 companies over four days, including the CEO of RSA Security, Rohit Ghai.  During those meetings we discussed a lot of crucial subjects... as well as sat through briefings on lots of products and services that relate to those subjects.  Over the next few weeks we will be diving in to find the reality of all of them, such as…

TikTok —There is a lot of talk about the security issues but not much clarity. In truth, any social medium can create security issues for anyone not paying attention and serve as breach points for any  group, corporation and government.  But in the case of TikTok does Project Texas actually ameliorate  those issues.  If not, short of outright banning the platform, what can be done on legislative, cultural and personal levels? We have reached out to the company several times and are still waiting for responses and we have a lot gathered already.  But we are not sure we have the complete story.

Quantum decryption — China says they’ve figured out how to build a quantum computer that can break RSA encryption. Other experts say the excitement around quantum computing is exaggerated and resembles a bubble more than a genuine technological advancement. The industry says they have devised new encryption paradigms to protect against in.  The hacker community says they’ve broken those paradigms without quantum computers.  Meanwhile legislators are running around with their hair on fire.  As Lewis Black said, “Somebody make up your minds! I gotta eat breakfast”.

Generative AI — Is it the singularity? Is it overhyped? Is it a tool, a bird, a plane? Or is it just another tulip frenzy?  It was front and center at RSAC and even the focus of the RSAC keynote. We will be doing ongoing coverage of this subject.

Zero Trust — Lots of companies use it for a marketing buzzword, but it seems to be more a philosophy than a technology.  And the gate keepers of the term aren’t helping.  John Kindervag is called the father of Zero Trust because he coined the term “zero trust  model” when he was at Forrester.  But the concept of Zero Trust was first stated in 1994 in a doctoral thesis by Stephen Marsh.  So where does it really start and if it was Kindervag, doesn’t that just make it more marketing than reality?

API Security - we've covered this topic in the past, we even did an entire issue on it. And rightly so, in our eyes this is still one of the most underrated subjects in cybersecurity. So we'll continue covering this - and in this newsletter, we even like to highlight a webinar on the topic, by our friends from BLST security.

Board accountability — Cybersecurity awareness is, arguably, at an all time high.  But awareness isn’t understanding.  Now that corporate officers and board members will be held responsible it seems we are adding an entirely new level of ignorance to a crucial business practice.  How do we fix that?

The Dark Web — It seems to have become a common trop in thriller movies and science fiction.  But it seems that there are darker places than what can be searched in a Tor browser (which was developed by the CIA to track criminal online behavior). We’ll be looking into these areas for the next year.

Ethics and integrity in engineering — This is a new subject we are just starting to look into.  It is particularly near and dear to our chief editor’s heart as he was part of the effort in 1974 establishing a code of ethics for journalists.  We've discovered every popular consumer electronic product and software platform, including social media, has violated the codes of ethics for IEEE and ACM.  It seems to have been left to the cybersecurity industry to correct those lapses. How we bring the disparate tech industries into compliance will be a Herculean task.

SME security options — While certain technologies — like computers, mobile phones, consumer software — have hit market saturation, cybersecurity still has a long way to go. Most of the industry players are focused only on the Fortune 2000 companies that make up less than 20 percent of the available market for cybersecurity technology, while the industry pretty much ignores the 80 percent of the underserved market: the small-to-medium enterprise (SME).  At RSAC, some companies have recognized their value and it warms our editorial heart, so we will be looking to talk to those companies.

THANK YOU, Big time.

We’ve often said how we prefer not to take revenue from advertising. We prefer the sponsorship model of public broadcasting and donations. That, apparently, is resonating in the industry as we start receiving both, including for this issue of the newsletter.  Please click on their banners and give them a look.  They are making the way for independent journalism to thrive.