The buzz surrounding 2022’s Rocky Mountain Information Security Conference, or RMISC, started sometime in 2020. The premier infosec conference for Denver area locals and vendors supporting the Colorado region made a triumphant return to in-person attendance in 2022, following global pandemic-related precautions that lead to virtual participation in 2021 and complete cancellation in 2020. Interfacing directly with old friends, peers, colleagues and those we only previously knew online is welcome and refreshing.
The familiar RMISC format is back, including keynote sessions featuring recognizable industry experts, breakout sessions discussing topics from incident response to privacy regulations to vendor management, and an exhibit hall full of vendors representing valuable products and services for security and risk management programs large and small. Conference attendance was strong, if perhaps not quite to the same level as in 2019.
As our lives changed on a global scale, the cybersecurity industry has evolved as well. Mainstay topics at RMISC were still on the agenda – “Supercharge Your Cybersecurity Program!” – while topics such as privacy, increasing regulatory pressures and novel social engineering techniques (e.g., deepfakes) garnered increased attention.
Where past events might have focused on explaining complex subjects such as blockchain technologies, the focus for the 2022 event seemed more in line with how to use such complex technologies for risk management purposes. Less “what” and more “how” and “why.”
A confession on my part. I have long been a volunteer mentor and trainer for the ISACA Denver Chapter, focused on the ideals and principles of ISACA’s Certified Information Security Manager (CISM) program. It’s encouraging to see the liberating notion of viewing our cybersecurity programs through the lens of risk (as opposed to a never-ending checklist of activities designed to help align with ever-changing and amorphous “best practices”) move out of the classrooms and into the industry at large.
In 2022, that seems less like a theory and more like the right thing to do than ever before; this shift in approach couldn’t have come at a better time as boardrooms and executive teams become more involved in cybersecurity program operations.
While on the topic of nuanced changes to be celebrated, there seems to be more women involved in the RMISC event. More importantly, women are taking the stage for keynotes, panels, breakout sessions and teaching vital programs during RMISC.
Recent statistics put the number of women in cybersecurity jobs globally at 25% – which shows we have a lot of work to do. I can only hope that what I saw at RMISC is a positive indication of what’s happening in the industry, and that we’ll see the percentage continue to rise. Efforts by organizations such as Women in Cybersecurity have and continue to enrich the industry.
From what I saw at RMISC, our industry is moving in the right direction to account for the rapid evolution we’re seeing not only in the threat landscape, but also within the human side of the profession. The way we work and connect with others has changed in a way that values more meaningful interactions – and it’s clear our industry has taken notice.
I certainly value the relationships I’ve developed within our incredible industry and look forward to continuing to build those relationships at future events, including of course the 2023 RMISC event. I hope to see you there.