author photo
By SecureWorld News Team
April 3, 2019 • 5:21 PM

Tech analyst and blogger Geoff Wilbur attended his first SecureWorld conference and shared his key takeaways in a two-part blog report:

Last week, on March 27th and 28th, I attended SecureWorld’s 2019 Boston conference and expo, the 15th Annual SecureWorld Boston (#SWBOS19), as did more than 1,800 other tech and security industry professionals. It was a terrific opportunity to learn about the latest in cybersecurity and meet a lot of the industry’s top companies in one location. As a tech industry analyst (and blogger) with a generalist background, I hadn’t dug very deeply into security products, so this was a crash course for me. Certainly, most of the vendors’ names were familiar to me from my years covering the tech industry in general, aggregating some of my colleagues’ vendor analysis of these vendors, and assisting colleagues whose work was focused more consistently in the space, but I spent the better part of these two days getting brief introductions to each of the expo attendees’ products. My tired legs and hoarse voice at the end of the event would attest to the miles I logged while visiting at least 80% of the vendors’ booths.

Lunch Keynote: Bruce Schneier, Security and Cryptography Expert and Author of "Click Here to Kill Everybody: Securing a World of Physically Capable Computers”

Wednesday’s lunch keynote was an eye-opening, entertaining glimpse into security in a world in which essentially everything is a computer. I jotted down seven key points during this presentation, upon which I’ll elaborate based both on what Schneier presented and what I’ve observed elsewhere:

1. The Internet is not built for security. Security would have defeated/overwhelmed the original purpose of the Internet. To oversimplify so it will fit into an already-too-long single sentence, it originated as a way for researchers and academics to exchange information. Though funny cat pictures certainly followed soon enough (my observation, not Scheier’s), security was not a big initial concern.

2. Retrofitting security is hard. Once the cat’s out of the bag, so to speak… and that’s all I have to say about cats tonight.

3. Because objects now have software, everything is insecure. This is a frequent topic at IoT events I attend. And since some legacy devices cannot have their software upgraded remotely, well, this is what keeps IoT/embedded systems people up at night. (Side note: These days, that’s pretty much all of us.) 

See Geoff's Day 2 recap here.