RSA Recap: Too Many Tools, Not Enough Hands

The RSA Cybersecurity Conference in San Francisco wrapped up last Friday, and Jim McCabe and John Rakowksi from Clearsight Advisors were on hand to walk the convention floor, meet with industry players, and glean insights about the overall direction of the industry as it relates to M&A and capital investment.

While there were a record number of attendees on hand for the show, and many more players in town for meetings (and festivities) around the city, we detected a sense of frustration from the folks we talked to as they struggled to differentiate themselves and their businesses in a crowded field. While each person we spoke with had a different take on the proceedings, there we certain recurrent themes we heard repeatedly:

There is a Bubble in Cybersecurity Technology: Opinions differ as to whether the bubble is still inflating or has developed a slow leak, but there seems to be a growing consensus that there are simply too many well-funded technologies in the market with no obvious differentiation. Of course, spotting bubbles is a perennial sport, and M&A activity continues to be strong. But while the need for cybersecurity solutions continues to grow, the sheer number of firms offering those solutions makes it hard to stand out in the crowd.

There is a Dearth of Qualified Cyber Professionals: One particularly robust area of investment is in the training industry, as firms have realized that qualified technology professionals are in short supply relative to demand. This has created a backlog of service requirements, especially as system integrations have been poorly executed in the past. The implication from this is that . . .

IT Security Services are Hot: As new technologies proliferate, we see indications that CIOs and CISOs are looking to make their past investments more effective. Whether their past integrations were incomplete or simply botched, there is less appetite for “new” and more appetite for “effective.” While investment in new technologies and tools continues apace, there is increased focus on maximizing the ROI from these investments and rationalizing the many disparate strands of technology already in house. This leads to one final observation:

Managed Security Services Will Continue to Grow: One notable area of continued growth is the MSSP space, which allows for basic monitoring and management of these disparate functions to be outsourced. MSSPs usually combine some proprietary dashboard analytics & automation with continuous services that allow for greater speed in incident response and remediation. Whereas in past years investors were focused exclusively on software, more attention has been directed to high-value managed service offerings than ever before.

While it remains to be seen whether, as one observer told us, “Many of the people here this year will not be here next year,” there is consensus that the market needs consolidation and/or rationalization of technologies to allow winners to emerge.

What is very clear, however, is that the need for cybersecurity solutions grows more urgent by the day, and those with the training and know-how to deliver on the promise of the shiny cyber vehicles on display at RSA will be the ones in the driver’s seat for the foreseeable future.