RSA 2023 Outlook: Buying security tech? Good luck!
My take on RSA 2023 and why buying security tech is so difficult
Another year and another great RSA 2023. It was great catching up with new and familiar faces and learning from every conversation. I had an amazing time with Shomik from
and Ed Sim from and Boldstart as well as new faces who I met during those two days.The content
Honestly, I couldn’t tell you. RSA, from a content standpoint, has lost my interest a long time ago. A lot of high-level talks but very few (if any) hands-on sessions where folks can learn from or play with new techniques or technology. I’m sure there were good talks, but I mostly go to RSA to meet with customers, prospects, founders, and VCs.
The expo floor
Wow. I don’t think I could walk through the expo floor and meet all the vendors even if I tried to. With so much fragmentation, how do you know what to buy? What stands out to you? This is when having a brand and a proper go to market engine before the event is key. That way you can get the targeted visitors but also the accidental ones that recognize your logo/brand and just want to take a peek at what you’re building.
And no, founders, I don’t mean that you should blast thousands of emails to potential prospects before the event (as most security vendors do). It’s a matter of establishing credibility beforehand by publishing blog posts, some pointed videos or material of how your product solves the problem you claim it solves and using word of mouth through your advisors, investors, and design partners.
The hype of AI in security
Non-existent, really. AI was a topic that was barely mentioned. Fortunately, one of the best things RSA has is the innovation sandbox. Unfortunately, the winner (not dissing on them) was solving security for AI models which applies to what? 10 companies at most?
Security prefers to focus on the downside of things rather on the upside of what new technology can do for security. I certainly hope that next year RSA has an entire track dedicated to AI and folks building with AI. And no, I don’t mean building exploits with AI, I mean can we use AI to help teams investigate, triage, and resolve actual problems?
The ‘new’
From what I saw, I was excited about a few things and ‘meh’ about others.
What got me thrilled:
Excited about innovators/disruptors solving what I consider to be boring problems (old problems) with new ways and disrupting existing behemoths that haven’t innovated in years.
Excited about the deal flow that VCs are getting from security founders. A lot of innovation happening, which is always good.
Excited about the growth of the event and being able to catch up with folks.
What I was ‘meh’ about:
Security solutions that are just a facelift (makeup) of existing ones.
Security solutions for security as if security alone is the one that deals with the issues.
Automating workflows that are very manual about, such as SecOps triaging and resolution - A lot of this, but they all look the same.
Overall
Short rant. But overall, RSA was great to meet familiar and new faces but not to learn about new technology or approaches. Perhaps it’s not the forum for doing so but all I can think of is how can a founder make their marketing $ spent at RSA matter.
My advice:
Build brand recognition beforehand. RSA is not the place for it.
Build a product that actually solves a problem. Don’t go too horizontal too quickly.
Meet outside of the venue/event. Folks get tired of being surrounded by the crowds, a quiet place is better.
Do not lead with sales. Lead with feedback conversations, focus on the problem you’re solving.
Learn how to tell your story. A lot of security founders fail at this.
how about 🥩 dinnahs? those work 😃 - great hanging and spot on advice