By Craig Robinson

Thousands of security professionals and representatives from government and industry are attending this week’s RSA Conference in San Francisco. Without question, the RSA Conference presents a tremendous opportunity for exchanging ideas and learning about some of the latest cyber security challenges and technologies.

The RSA Conference organizers appear to have made a conscious effort to include more ‘real world’ tracks and panels this year. This is a major step forward in increasing the value of these conferences and providing a more substantive basis for improving cyber security practices within industry and throughout the government.

An effective cyber security program results from deliberate consideration of the enabling people, processes, policies, and technologies. Too often, the real world aspects of the program elements are lost in academic discussions, typically focused on technology (aka ‘neat, cool, stuff’). This is understandable given the rapid advances in cyber security technology over the past 15 years and the accompanying broke-boom-bust lifecycles of bleeding edge start-up companies in this market space.

Academic discussions certainly have a place in cyber security forums. However, cyber security practitioners recognize that academic musings only go so far before they collide with real world operations – and the resulting insights, uncertainties, and constraints that drive divergence from purely academic theory.

Those of us who pay attention to real world cyber operations realize that there is a substantial, and growing, body of evidence regarding cyber security vulnerabilities, threats, and countermeasures. In fact, cyber warfare is one area where adversaries can (and do) tip their hand about potential exploits and spar with cyber security professionals on an ongoing basis – every day, hour, minute, and second. There is much to learn from the experiences of those on the front lines of the cyber security arena.

Mike McConnell, a retired Navy admiral and former director of the National Security Agency, testified last week before a Senate committee and shared his perspective on the current state of cyber security. McConnell stated, “If we were in a cyber war today, the United States would lose. This is not because we do not have talented people or cutting edge technology; it is because we are simply the most dependent and the most vulnerable. It is also because we have not made the national commitment to understanding and securing cyberspace.” These are prescient words from someone in a position to know.

This week’s RSA Conference is a great forum for discussing, as much as is appropriate from a national security perspective, the real world challenges we face in the cyber arena and the true state of cyber security. My advice for cyber security practitioners: Skip the academic presentations and hurry down the hall to learn from those on the front lines.

I commend RSA for the increased operational focus of this year’s conference. Real world problems demand real world solutions — and GlobalSCAPE is committed to playing its part in defending the cyber domain.