海角大神

You can go one of two ways with depicting cybersecurity in movies and TV shows: you can depict it so seriously that every technical mistake generates an outraged howl from the infosec pros, or you can romanticize it so that it becomes a cult classic.

On the one side, you have the complaints about CSI: Cyber; on the other, you have every picture of Angelina Jolie on rollerblades. You have neuroalternative people with colored hair saying, 鈥淚f I can just get into the mainframe 鈥� there!鈥� and then you have people lining up at RSAC to have their picture taken with Rami Malek.

There鈥檚 Hollywood cybersecurity, but then there鈥檚 also Vegas cybersecurity. It鈥檚 the glitzy, glamorous showcase where all the people on stage are breaking systems in arcane but spectacular ways, getting on CNN, and handing out tactical schwag at vendor booths.

In Vegas cybersecurity, the few defenders who make it onto the panels are passionate, changing the world, and displaying wall-to-wall green dashboards. And needless to say, all the vendors are above average.

I hate to break this to you (actually, I can鈥檛 wait), but Vegas isn鈥檛 the real world any more than Hollywood is. And it does a tremendous disservice to the practitioners who can only line up for the talks 鈥� if they can afford to come to the conference at all 鈥� and take notes, hoping to convince their management to let them try just one more tool. 鈥淲hat did you learn at the conference?鈥� 鈥淲ell, as usual, I learned that we鈥檙e in deep trouble.鈥�

Compare and contrast the key players:

Key Vegas cybersecurity听scene

Researcher: 鈥� but the adversary made one fatal mistake in a rookie move and revealed their IP address, and then we had them! We couldn鈥檛 tell you the story until now because the FBI was busy mopping up. (*Adjusts martial arts black belt, accepts drinks invitation*)

鈥⑩赌⑩赌�

Real world cybersecurity听scene

CISO: 鈥� so Pat will text me as soon as they call him out of the office and walk him over to HR, and then we can disable his AD account and go power down his desktop.

听Junior Security Officer: Can I go with you?

听CISO: Why? You鈥檝e seen a power-down before.

听JSO: I know, I just want to swap out my desk chair for his before anyone else gets to it.

鈥⑩赌⑩赌�

The trouble is, it takes a lot of work to make real-world cybersecurity exciting enough to put on a stage. And nobody wants to pay conference fees to hear about someone doing the same things they鈥檙e also doing at the office.

Over the past couple of years, a few conferences have been adding more defender tracks, and some newer conferences are popping up that are explicitly defender-focused. That鈥檚 all good progress.

But we also need to remember that when we glam up cybersecurity for show, we have to be careful not to send the message that the real world is just like that.

In Vegas, every product works perfectly, every enterprise has the skilled team that it needs, and it鈥檚 just a matter of getting that last puzzle piece into place for a magical security state to happen. Somewhere out there must be a finish line, if only we could cross it. The reality is less like a finish line and more like Grand Central Station.

Sometimes cybersecurity is exciting and it makes the headlines. Sometimes it鈥檚 very, very weird. But mostly it鈥檚 painstaking technical work mixed in with office politics.

To finish off the year, let鈥檚 tip our hats to the infosec outside of Hollywood and Vegas. Let鈥檚 toast to Hometown cybersecurity. May their dashboards be evergreen.

鈥⑩赌⑩赌�

RSA^庐 听Conference, happening Feb. 13 - 17 in San Francisco, drives the information security agenda worldwide. It has consistently attracted the best and brightest in the field and created invaluable opportunities for first-hand interactions with peers, luminaries, and emerging and established companies.听Use promo code听5U7CSMPFD听for $100 off听admission for Passcode readers.听