I attended CyberTech 2014 on January 27th-28th. CyberTech is a respectable conference for technologies related to cyber-security. The conference consisted of lectures and an exhibition. The lectures were most given by top notch speakers from the security space, both from the public sector and from the private sector; most being highly ranked executives. The exhibition sported companies ranging from the largest conglomerates as IBM and Microsoft, to garage start-ups.
I am easy to disappoint by cyber-security conferences. Simply put, there are more cyber-security conferences than what the security industry really has to say. This implies that for the security architect or practitioner, most cyber-security conferences lack sufficient substance. I take CyberTech 2014 with mixed emotions too. The exhibition showed interesting ideas, especially by start-ups, while the lectures left more to wish for.
One of the difficulties cyber-security conferences face is that it is not clear what “cyber-security” really is, and how it differs from what we already know as “information security". Traditionally, “cyber-security” referred to protection of critical infrastructure, but the security industry, eager for promotional re-branding, happily adopted the term to mean any data security whatsoever.
The exhibition was interesting, especially what was shown by start-ups. The more traditional companies came up with the usual technologies we are all familiar with, with very few surprises. The start-up pavilion was where new approaches were shown to solving the known problems, such as BYOD and endpoint security; that in itself was worth attending.
The lectures given by speakers from both the private and public sectors were inspiring, but had minor educational value. Many speakers coming from the private sector are still occupied by the task of evangelism, and spend precious time presenting Gartner-like figures and charts on the by-now-well-acknowledged magnitude of the problems we face. Public sector speakers often used the stage to promote their divisions, not always feeding the audience with new information.
Nevertheless, some key messages could be taken:
Cyber-security is hot, regardless of how exactly you define it. Companies lose more money due to breaches than before, not less.
BYOD (Bring Your Own Device) is still a key problem for organizations.
One of the difficulties organizations face is the fragmentation of solutions; there are too many security providers, providing niche solutions.
Sustainable attack detection is possible using big data analysis and big-data oriented intelligence.
Attendees could not miss the presence of several new cyber-security research labs, such as by Deutsche Telekom and by JVP, which are being established in Be’er-Sheba, a city in the southern part of Israel, in cooperation with the Ben-Gurion University. Such endeavours shed hope for new advancements that may be presented in CyberTech 2015 or later.