Reflecting on recent security conferences

I've recently attended a few conferences in Switzerland and Portugal and would like to share my thoughts on them:

Risk Quantification

It's widely acknowledged that quantifying security risk is important, yet it often gets overlooked as being 'too complex'. This leads to security measures being chosen based on intuition rather than solid data. From what I see, there hasn't been significant progress in this area across the industry.

Proactive Security

There's increasing interest in proactive security measures, although approaches vary. Despite this growing attention, security remains expensive and complex, both in implementation and in explaining to other departments. I believe that for most companies, compliance requirements will drive improvements in proactive security, unless they are sufficiently advanced to prioritize it on their own.

AI Impact

Many are still unaware of how AI (think OpenAI), will affect their day-to-day work. It's a relatively new development, but I expect it to transform various processes, much like how container technology did, requiring us to adapt accordingly.

That's all for now.

For more frequent updates, I suggest you to follow me on LinkedIn.