Advice for IT Security Leaders at RSA and other Cybersecurity Shows

Greetings from the 2024 RSA Security Conference in San Francisco! It’s a massive gathering, as always, with over 500 vendors, each vying for attention.

As expected, artificial intelligence—from machine learning to large language models—is dominating the conversation. Having pioneered the use of AI in email security since 2019, we've witnessed its profound benefits firsthand. It will be fascinating to see how newer entrants to AI/ML will navigate and harness this potential.

Strolling through the venue, I try to see it all through the eyes of a buyer—maybe an IT security leader or a CISO. And from that perspective, I have to say, the view is a bit overwhelming. It’s hard to cut through the noise with every vendor promising a revolution, phrases like “Security will never be the same” and “Securing your world with intelligence.” I've made it a habit to adopt this buyer's mindset at every major show, which really helps guide how I interact with those who stop by our booth to learn more about what we do.

This year, to ease our visitors into understanding our role in the security ecosystem, we added a straightforward tagline to our booth: “We Catch the Phish That Others* Miss.” 

It’s a small change that sets the stage perfectly and helps visitors immediately grasp what we're about without the jargon overload. Of course, we live and breathe AI and machine learning, but let’s start with the fundamentals of “what do you actually do?”

Understanding the Essentials First

When someone approaches our booth, the conversation often begins with a simple, “So who is IRONSCALES?” or “So you do phishing security, right?” Instead of diving into a mind-numbing monologue about AI, machine learning, GPT, and LLMs, I first find out their role and interest. This ensures that the information I share is directly relevant to them. Here’s the essence of what we discuss:

• Core Functionality—our specialty lies in detecting and blocking advanced phishing emails, BEC attacks, and VIP impersonations (increasingly missed by other technologies, especially SEGs).
• Integration—we “plug” into your Microsoft 365 or Google Workspace via an API, which means there’s no need to reroute your emails through us. It’s a simple, seamless, 3-click exercise.
• Learning—once integrated, we immediately start discovering and learning about how each user within an organization communicates to create a baseline.
• Detection—with baseline and social graph established, our AI/ML monitors every inbox to detect the most subtle signs of email threats and block them.
• Save time—most of our 13,000 customers spend just a few minutes a week reviewing incidents, thanks to our streamlined and effective system.

The fundamental aspects of what we do, surprisingly, are what resonate most during these talks. Often, I don’t even get to the part about our Adaptive AI, how it continually evolves with every human interaction or how we use GPT for creating personalized phishing simulation tests. It's the basics that still spark the most 'aha' moments. Now, I know we will need to go into the details, especially to help them understand how our approach is different than competitors, but if you skip explaining the fundamental problems you solve, and the outcomes to expect, the AI-sizzle is just noise.

Advice for IT Security Leaders at Cybersecurity Shows

If you find yourself at RSA or any similar expo, feeling swamped and swarmed by all the artificial intelligence buzzword tech talk and lofty promises, here’s how to cut through the noise:

1. Get to the core. Find out first what the vendor actually does—ask, “What problem do you solve?” and “How do I know it is working?”
2. Where does it go? Ask how the solution will fit with your existing stack. What’s required to get it working? What kind of permissions does it require? How long does it usually take?
3. Get specific examples. Ask for tangible/relatable real-world examples. Request case studies or specific scenarios where their product has made a real difference.
4. Tech is secondary. It’s cool to understand the technology but focus on how it benefits your specific needs first rather than getting caught up in the technical how.

Hopefully, you’ll find this approach helpful in the sea of buzzwords, promises, and marketing hype.