By Joy Beland

pink-hat-rsa-conferenceWell it's no secret that here at Pink Hat Tech, we are continually investing in cyber security education. Last month, one of those major investments was my attending the RSA Conference in San Francisco.  It was a week-long deep-dive into nothing but cyber security, and it was FABULOUS.

Most MSP (Managed Service Provider) companies are not attending conferences like this *yet*.  Why?  Firstly, it is very expensive.  Not just the conference fee (about 2.5x the cost of other IT conferences), but the accommodations, airfare, and time away from the business – it all adds up.  But mostly, because other MSP's are not seeing the value in learning about cyber security the way we do.  And that makes me pause. Why?  Why would an IT company who is responsible for the IT infrastructure of 50 businesses not be completely and totally immersed themselves in cyber security?  If not them, then WHO?

If you ask them, which I do all the time, the answer is that "our clients are not seeing the value in paying for cyber security yet.  It's hard to sell."  WELL.  I totally agree.  If my motivation were strictly to make money off everything I spend money learning, that would be my answer too.  But I don't see it that way.  I see it as my responsibility, as a trusted advisor, to know everything I can about cyber security and how to protect our clients.  Because if I am not talking about it, educating our clients, able to answer all of their questions, offering them solutions to help protect them, then I am not a good IT Consultant.  Period.  So for me it's an investment and an obligation.  I spend the money, I retool and refresh constantly, then I take everything I learn and I talk about it all the time.

I had a client say to me "Look, the scare tactics won't work with us.  The sky is not falling."  Ok, I get that.  From where she is sitting, she feels that there is not enough "valuable data" on their network to become a target.  The conversation was centered around my wanting to understand why they decided not to purchase Cyber Liability Insurance.  And my answer was this: "I would understand you thinking that I am trying scare tactics to sell you something.  But I am not the person who sells you Cyber Liability Insurance and I have no profit motive in encouraging you to purchase that.  I simply know, as your IT Consultant for the past five years, what the threats are to your business. I know the hardware and the software that you have been willing to pay for, as your minimum security on your infrastructure.  I know where your data is stored and how it is accessed, and what kind of data that is. And knowing what I know, if I am not telling you the prudent thing to do for your business continuity is to look at Cyber Liability Insurance, then I am not doing my job." And she got it.  Yes, she agreed, that would be prudent, and maybe taking a look at it again would be a good idea.

I'll be sharing a series of articles in our upcoming newsletters that are provided to me by experts in the industry, written just for Pink Hat and our readers, to help everyone understand the different types of security available and why you might or might not need it for your business.  I want to educate everyone.  I'd so rather be the educated Chicken Little (maybe Chicken Lion is a better name for us?) with big ideas, then to put my head in the sand and not say a word because my clients are not willing to spend money on it.


A little about the RSA Conference, for those of you who are curious:

pink-hat-rsaconferenceIn the digital world in which we now live, information is a very highly valued commodity. Safeguarding that information, therefore, has become a top priority.

RSA Conference’s mission is to connect you with the people and insights that will empower you to stay ahead of cyber threats. We do this through our events in the US, the EMEA region and the Asia-Pacific region and through our digital outreach. However, you access our community, RSA Conference is your best resource for exchanging ideas, learning the latest trends and finding the answers you are looking for.

Always relevant. Always fresh. Always on.

Collectively our conferences draw over 45,000 attendees per year, making us the world’s largest provider of security events. However, the real value of RSA Conference lies not in our size, but in the valuable content we provide and our commitment to finding new industry voices and new ways for our community to feel inspired and engaged.

This original article was published on Pink Hat’s newsletter, April, 2017.