Ep. 169- RSA Recap: Straight from RSA: What Shocked Us, What Inspired Us- with Trevor Burnside
Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube
Transcript is auto-generated.
Josh Lupresto (00:00)
Welcome to the podcast designed to fuel your success in selling technology solutions. I’m your host, Josh Lupresto SVP of sales engineering at Telarus and this is Next Level Biz Tech.
Hey everybody, welcome back. We’ve got another special episode for you. Today we are talking about RSA. If you don’t know what RSA is, ⁓ we’re going to tell you. So we’re going to talk today RSA and security, specifically RSA recap straight from RSA who Trevor and Jason Stein were just at. What shocked us, what inspired us. So Trevor Burnside, Solution Engineer from Telarus back on with us. Welcome on, man.
Trevor Burnside (00:41)
Hey, appreciate it. Yeah, good to be back.
Josh Lupresto (00:44)
So ⁓ you got to see a lot of good stuff. You’ve been a traveling man. You were just out at RSA. ⁓ Talk to us a little bit about, for the advisors that don’t know what RSA is, where is it, what is it, and then we’ll kind of jump into it.
Trevor Burnside (00:58)
Yeah, RSA, they sponsor one of the largest cybersecurity conventions in the US. So this is where all the vendors in the space get together. Large expo hall in San Francisco, ⁓ hundreds of vendors at this point. ⁓ It only gets bigger every year is what they keep saying, The participation, the amount of attendees, the amount of vendors there, it just gets bigger and bigger to a point where it’s…
It’s multiple days, ⁓ hours and hours on the next ball hall floor. You’re seeing the latest and greatest as well as, you know, names that people have known in the security space for a long time. So it’s a cool thing to go to. There’s a couple of these like, you know, similar to like a black hat or, ⁓ you know, St. Cons. Some of those are from a cybersecurity meetup. This is more on that vendor side though, on that more commercialized space. So really a good space for us to go to and see what’s on the market today.
Josh Lupresto (01:56)
And is that, mean, we’ve done a couple of these recaps recently and previously, Kobe and I, just talked about Google Next had about 30,000 people. And then we did ⁓ AWS reinvent also in Vegas, really can’t get enough of Vegas apparently. ⁓ And that was a hundred thousand plus. We were roughly what, how many, did they talk about how many people RSA is these days or what that’s gotten to?
Trevor Burnside (02:13)
Mm-hmm.
Uh, saw the last estimate was around like 40,000 around there, uh, you know, plus or minus, uh, but significant amount of people going, uh, and San Francisco, I mean, big city, but, uh, just completely floods the city. I mean, you ever, we walk around in that block, you know, near the Mars 20 center. It’s like, uh, you know, just, just everywhere, all the brands, everyone with tech, you know, polo shirts on everything. It’s just a complete over overtake of the city. It’s kind of cool, uh, but certainly can be overwhelming.
Josh Lupresto (02:49)
Lots of tech, lots of khakis, all that. Okay, so maybe kick us off with your first impressions, your first time going, what stood out to you the most? And then maybe just jump into, was there any initial kind of products or vendors that stood out to you the most?
Trevor Burnside (02:51)
Yeah.
Yeah, I think it wasn’t hard. mean, going to San Francisco right now, mean, anyone that would go there, you’d see every billboard everywhere has something about AI, know, big brands, ServiceNow, know, Salesforce, all these guys have giant billboards and it’s all about what they’re doing with AI and how they’re implementing it. So I think the messaging is going out, you know, to on that side, inside RSA and on the, in the vendors, it, all of them.
had something to do with AI or wanted to talk about it to the sense of this is what we’ve just come out with and this is how we’re implementing AI ML into that. ⁓ I know it might sound like we’re beating a dead horse with this in the industry. We’re just talking about AI every day. It’s a buzzword, agentic, genitive, LLM, all this kind of stuff. ⁓ Some of it turns into kind of buzz phrases, but really,
At this point it’s you gotta understand it because it’s here. It exists. It’s productized. It’s ready to go. So now relatively in its infancy, of course, ⁓ you know, but it’s productized and able to be purchased and implemented today. That’s the main thing that stood out was. ⁓ You know, we read Gartner reports and the 2025 Gartner report or or for this year. ⁓
predictions for this year is all about AI. ⁓ And really you look at the market and you see how it’s the market’s following suit.
Josh Lupresto (04:46)
What about, as you think about that, right, that’s your initial reactions. What are you seeing from a product or vendor that was there that maybe surprised you in a way that you weren’t expecting?
Trevor Burnside (04:59)
Yeah, there is, ⁓ I mean, there’s a lot of product, a lot of vendors that I had never heard of, or we met a lot of the, ⁓ you know, the CrowdStrike Sentinel One, these guys have giant booths, right? And certainly they’re full-bore in adoption of these kinds of, you know, bleeding edge technology. I actually enjoyed mostly like some of the smaller booth, smaller vendors on the outskirts, right? That you can have a kind of a different conversation with and doing things I haven’t heard of before. ⁓
in the MDR space and SOC space, know, a lot of that’s pretty well understood. ⁓ But ⁓ there’s a lot of vendors out there that are emerging, you know, emerging in security ⁓ that have some really cool offerings. Stuff that stuck out to me specifically, ⁓ SOC or agentic AI in SOC teams, augmenting SOC teams, you know, a traditional security analyst, you know, looking through alerts, logs, ⁓ that kind of stuff.
A lot of different ways you can actually use AI in that scenario, whether that’s built into the platforms you’re using currently on the SIM MDR otherwise, or agentic AI overlays that it doesn’t matter what platform you’re using. ⁓ on the software side, you can actually have these agentic AI trained sock analysts to run through decision making, ⁓ level one, level two, ⁓ remediation, and really take some of that kind of lower, you know,
⁓ stuff that’s pretty easy from like a security analyst, take that off their plate, let them do the harder stuff and get more out of your, you know, full-time employees and have a sock being augmented with AI. think that’s, you know, there’s a lot of different offerings rather than that right now.
Josh Lupresto (06:43)
Okay, so let’s back up for a second. I think it’s a good time to kind of frame up how we got to where we’re at, right? We’re talking a lot about over the last couple of months, if you’ve been to, we were just at the AI Summit in Salt Lake, and we’ve had others recently. Let’s just back up a little bit. Let’s stay specific around the journey of security and products in security, right? So many years back,
we think about one of the first things that we saw in security, of course, know, firewalls for a business, things like that, your Cisco’s, your Palos, and those are, those are great, right? Those are great to, you know, let people know that we’ve got an alarm on the door, don’t break in, you know, all of those things, those examples. Well, and then at the end points we had, you know, the old, back in the old days, it was Norton and McAfee that would hog down your computer. And I think the frame was, those were really built on
signature basis. We knew the viruses that exist. We knew the bad things that existed. And we said pattern matching. If those patterns come up and those viruses come up, block them and keep me safe. Great. And then it seems like the bad guy is wised up a few steps and all of a sudden, know, adware came out, spyware came out. People were writing patterns on viruses that nobody had ever seen before. So you had these things, what, zero days, right? Where this just came out. There’s no fix for this.
Microsoft comes out with Patch Tuesday, you all these things sort of started to happen and mature. And so then it seems like if we just look at maybe the last couple of years, we talk about endpoints for just a second. There was this idea of MDR, right? Endpoint Detection, EDR, Endpoint Detection Response, Manage Detection and Response, and then of course the other acronym, XDR is born. So it’s really this much more wider swath. And now you’re talking about when we think of
Trevor Burnside (08:30)
Mm-hmm.
Josh Lupresto (08:36)
the SOC and the SIM, that log correlation engine that everything feeds into, traditional thought, what, on SOC, you got a group of eyes on glass and they look for bad things and then look for alerts, right? Like that’s your normal SOC. So now laying that stage where, I guess maybe it seems like the next step was, well, security’s sitting here saying, well, we’ve had machine learning.
Trevor Burnside (08:49)
Mm-hmm.
Josh Lupresto (09:03)
kind of looking at getting better pattern matches over time. Where does AI take this? Or better yet, frame up a little bit of agentic AI. Like what did you see in that context of evolutionary-wise? Where are we and where does that take it next?
Trevor Burnside (09:21)
Yeah, well, I think you look take a look at some of those ⁓ traditional maybe ⁓ security ⁓ SOC teams, or you’re talking about, you got a SIM, you’re doing all this log ingestion from all these sources. It goes into a single platform where I can do make some correlation, do telemetry across my platforms. ⁓ Some of the problems or pain points with that is, all right, this is great. I can dump all my logs into one spot, but now I’ve got tons and tons and tons of logs.
I’m getting all these alerts because of it. So now with security analysts, know, burnout’s being at a high rate because, you know, if you get, you know, 3000 alerts is the same as zero alerts, right? Cause now you, which one do you look at? Right? None of them. Now from a SIEM perspective, there’s ways to do the telemetry to kind of reduce those false positives, but there’s still a lot of false positives and there’s still a lot of ⁓ alerts that need to be addressed, but are.
are pretty small, right? ⁓ Or low criticality. ⁓ So do you need more people? Do you need more people to start doing this? Because you’re adding more logs. As environments get bigger, you’re adding more things, more alerts, more syslogs. ⁓ When it gets into that, to your question about agentic AI, I mean, the difference, a lot of people are more familiar with that generative AI, chat GPT, Claude, those type of things. Agentic is kind of that new
⁓ buzzword that everyone’s using where it’s agents that can work on your behalf. So they actually make decisions based on that machine learning and, and, algorithm things like that, based on pattern recognition and, and data really, right. Data-driven reasoning, ⁓ where they can actually do things on your behalf and interact with the environment. So it’s not just generate some texts, do some stuff they actually go through. And depending on the hooks you have, they can interact with the environment on your behalf. That’s that agentic.
over that comes into so ⁓ having that used in a sock team changes things because now as a security analyst, if I have no, I’ve got a bunch of false positives. can actually offload some of that response to a Gentic AI that can recognize patterns has that data reasoning of, okay, out of the, you know, in this scenario, this is 99.999 % false positive, right? I can let something else do that reasoning and handle it and do the mediation based on my playbooks or run books.
that I want it to do and I can focus on criticality or higher criticality and taking care of things that that maybe I don’t trust in AI to handle. I still want to have my hands on that, but I can reduce my false positives, reduce my tier one remediation and ⁓ then that goes 24 seven. I don’t have to worry about, know, it’s working on the weekends when I may not be.
Josh Lupresto (12:09)
That’s fair. It seems like the bad guys really don’t work very much between eight and five. Seems like they’ve almost figured out that that’s when most people are there paying attention to things. ⁓ Are you seeing, I mean, we talked about this a little bit at the AI Summit in Salt Lake last week, and we got to see some live demos of real time attacks, real time rollbacks, AI ML platforms from our providers, mitigating that threat, rolling it back, blocking it. It seems like
this agentic piece is just such a next natural step as people are being driven for efficiencies in the sock, efficiencies in the business, things like that. It seems like that’s a, I want to shift a little bit to, how does the TA have some of this conversation? If you’re a TA, you see some of these iterations that are coming and maybe you want to approach the customers and talk a little bit further about making the sock better,
Trevor Burnside (12:56)
Mm-hmm.
Josh Lupresto (13:08)
leveraging the lower cost SIM or saving there, how would you frame it up for the TA to be ready to have some of these conversations when as we have this kind of agentic AI and AI in the SOC, making the SOC better?
Trevor Burnside (13:24)
Yeah, no, that’s a great question. I was actually at RSA. I thought about this of like if I’m a TA, how do I sell some of these things? What kind of conversations would I have with clients and you know, thinking about clients that I’ve worked with in the past. Depending on security, their maturity and their posture, right? There’s certainly a market of hey, we’ve got three analysts on staff. We’ve got two analysts on staff. We have one guy right who does all of our alerts. ⁓ Well, the next step.
historic has been you need a sock and you’d talk as a service. Here’s the price point. Look at the telemetry. We’re going to charge you for, depending on the offering, right? Log ingestion rates, things like that. And you’re just looking at the cost and like, well, you know, maybe they don’t have the budget for it. Maybe they can’t get that budget. If they’ve got people on staff that do security, we don’t want to replace them because we want to keep people, you know, it’s always in their best interest to have someone on the on staff that.
that no security and has their best interests ⁓ at heart. But can we get more out of their efforts? And if it’s two, if it’s three people, they’re certainly not able to do run a 24 seven sock. They’re not looking at all the alerts. They may not have the capabilities to do full remediation or they’re just weighed down with, you know, level one stuff and they’re not getting or not seeing a lot of that, those higher critical alerts that they should be working on.
So in that case, I think there’s certainly a market of, we have a practice. We don’t have the resources to have a full operating 24-7 SOC. We may not have the budget to move that way. I think agentic AI makes a lot of sense to plug into those scenarios of, okay, you’ve already have your own run books. You already have a pretty good process built out. ⁓ Augment your current efforts with agents.
with AI agents and ⁓ see what that does from an ROI perspective. You get more out of your full-time employees. They’re not as burnt out and you don’t have to potentially move to that full sock as a service and feel like if I’m a security employee, maybe my job is getting replaced. Are we outsourcing to a full MSSP? There could be friction there that doesn’t have to exist with this.
Josh Lupresto (15:37)
So if you think about, guess, while we’re on this track of the TA and the customer conversation, two thoughts here maybe. Lots of tools. There’s a flood of tools. And now we’re introducing different ones that create a different level of efficiency, right? So it’s necessary. But how do we have the advisors help the customers prioritize what matters the most, right? You’re in a lot of these discovery calls. You get to see this firsthand. How do we do that?
Trevor Burnside (16:08)
Yeah, I mean, even at RSA, going there with and just being flooded with so many products and tools, right? ⁓ It’s overwhelming in the sense of like, if I was a customer going into that type of scenario and been like, okay, where do I start? Right? ⁓ I think it goes back to the basics as far as risk management, know, just basic risk management of, okay, what are my ⁓ most valuable assets? What are they worth to me? And what am I spending to protect them?
And then also understanding that the business impact, if they’re compromised, that’s going to give you where you should start in the sense of, okay, you what is my budget? And then what do I need to focus on, on protecting it ⁓ and adding value back to the organization as far as, you know, ⁓ integrity of data, availability of that data, right? And there’s a lot of tools now to do that. ⁓ I think, you know, ⁓ traditional agents or, or, trusted advisors have a
certainly a spot there. There’s so much out there to understand. Even when you’re trying to understand it, it’s a ⁓ pretty high ⁓ task to understand everything. I think that’s why we have MSSPs in our portfolio that really understand that, that we can leverage to be experts when it comes to tooling. And they can make those recommendations on which tools to go to, especially MSSPs that are platform agnostic.
⁓ We have certainly a few in our portfolio that can do that and help guide customers. But ⁓ trusted advisors are not going anywhere when it comes to security. There’s a lot out there ⁓ and customers need help understanding it.
Josh Lupresto (17:49)
So I’m gonna shift here, I’m gonna shift in just a second to the scary things that you saw, some of the things that we know about the bad guys that are doing. But maybe one final thought on TAs and conversations and how we’re in those. When the customers, these SMB kind of mid-market customers, ⁓ what is a good enough? I know we wanna do the best of the best. I know we wanna give everybody top shelf Cadillac and
all that stuff, if Cadillac’s still top shelf, I don’t know, everybody’s car choices are different. what’s a good enough strategy from an AI working towards that? What are the pieces that people should be thinking about so we can have those conversations more?
Trevor Burnside (18:34)
Yeah, that’s a hard question in the sense of, because I think ⁓ starting somewhere right now is really what’s important. What I’ve been telling clients ⁓ is coming up with a strategy of understanding, maybe they don’t know exactly where AI is going to help from an efficiency perspective, but they can understand how much are we spending or where are we spending most of our money ⁓ in the organization that’s not getting as much a return on investment as potentially it could and then maybe starting there.
That could be security, that could be otherwise, right? ⁓ With ⁓ the AI conversation though, I would say the wait and see approach is ⁓ not the way to go. ⁓ Starting something and having a strategy around it, whether that’s, we want to use AI in our organization, how do we protect it? How do we make sure that ⁓ the data governance is acceptable, that it only has access to the data we want it to?
Or how do we use AI in our security posture, so that we can use it to defend against next generation threats that are out there right now. ⁓ But doing nothing and waiting to see what’s going to happen ⁓ is the wrong move. Because you look at the threat actors especially are not waiting. They’re not waiting and see. They’re using tools like a chat GPT to create malware to find vulnerabilities.
And as we know at this point, using generative AI makes us faster, makes us more agile, makes us quicker to get our tasks done. It’s the same thing with bad guys. They’re using the same tools in similar ways. And if we don’t, we’re going to be behind the eight ball.
Josh Lupresto (20:20)
So let’s think about that. There’s two stats that I love to talk about in this. Stat number one is that we ran the tech trends from last year, new one coming here later this year. But the tech trends report says, and this was from the IT decision makers that we surveyed, it was that 92 % of customers want to hear from an advisor. That number is up from recent years. And so that proves
this channel really does thrive in complexity. And so A, they need more help more than ever. And then B, one in three enterprises said that they need help and they need an advisor. So to your point, never been a better time to be an advisor and having these conversations. They really thrive in those complexities. And then the final thought that I think is helpful is, know, 15 % according, feels like a Geico commercial, 15 % or less, 15 % under
that have any sort of AI governance plan in place right now. So your customers, again, it’s so new, it’s so early, we need to do it and we need to be ready, we can’t wait and see for the next scary thing, but it just proves it’s right for the conversation. think all ⁓ the data validates.
Trevor Burnside (21:36)
Yeah. And we’ve had a lot of conversations this year around data governance, AI governance, you know, whatever you want to call it. It really starts with that basics of, we doing data labeling, data classification? What’s our hygiene when it looks like, or when it comes to that kind of stuff, right? Foundational aspects of, of, you know, a security practice that may have been, ⁓ not at the forefront of a lot of people’s security posture this year where we’ve seen more.
⁓ opportunity around that of just, Hey, let’s get our eight, our data ready. Let’s make sure it’s, it’s clean. Let’s make sure that it’s that we understand where our data lives, where are we accessing it? it, and if you think that, you know, that those are still conversations that are far out, you know, and, aren’t really occurring, ⁓ every single week where we have opportunities around this. so just asking clients, Hey, are you labeling your data? Are you classifying your data?
⁓ And if they’re not, it’s, well, you know, that’s part one of an AI strategy on securing AI. So a lot of stuff we can do there and, you know, happy to have those conversations.
Josh Lupresto (22:45)
So let’s shift it to the AI fight, I guess, a little bit. So for anybody that hasn’t listened, you’ve been on the podcast before, we talked about some really cool stuff with your prior military background. You’ve seen some things, you’ve been through some trainings that most people on this audience will not ever get to experience or see. And so I wanna think about, you’ve got a glimpse into what the bad guys are doing, right? And so if we pivot that to, from a cyber perspective,
What are you seeing out there or hearing out there in RSA or broader of what the bad guys are doing and how they’re using AI and how they’re trying to stay of leveraging that as a tool to their benefit?
Trevor Burnside (23:28)
Yeah, I mean, I’ve said this before and just generally, you know, with when it comes to generative AI or otherwise that, you know, AI can make, you know, someone bad, pretty good and make someone good, really great. Right. And, ⁓ the bad guys are certainly taking advantage of that. ⁓ as an example, I actually built a website. I’m not a software developer. ⁓ I didn’t, you know, I didn’t learn code for years and years as a kind of project experiment thing. actually with chat GPT and some other, ⁓
generative LLMs, I built a webpage that actually was working well in JavaScript and did a lot of the stuff I wanted to do. I learned some code so I knew what I was kind of doing. But if I took that away, I would not be able to have done what I did. That same thing can occur with malware, with finding vulnerabilities, exploits, ⁓ delivering exploits, payloads, ⁓ all of that. I’m…
know some of the basics of that kind of stuff, I can use AI to augment my efforts and make me much, better than I, than I relatively should be, right? ⁓ got to do the same thing on cybersecurity. ⁓ I actually think, you know, coming into the practice, if you’re a new security analyst, AI can make you better and make you quicker, faster, ⁓ be able to respond to threats, ⁓ and punch above your, your, ⁓ you know, your knowledge, ⁓ space because of that thing, because of, ⁓ AI. So.
⁓ We got to be doing the exact same things that the bad guys are
Josh Lupresto (24:56)
Well, and we saw that early on too. And this is still, I mean, even a thing, right? It’s the DDoS for hire, right? Blow up traffic to a website, blow up traffic to some infrastructure and, you know, that takes down DNS, that takes down all these things. I mean, all those are still out there from a dark web perspective. Now it’s just even worse and it’s just even more powerful because you’ve got the power of hyperscaler compute. You’ve got the power of AI and it’s like the, ⁓ it’s like the, what I hate.
Cheesecake Factory menu, right? There’s just so many choices in that. ⁓ Now there’s even more, it feels like, and even more powerful ones.
Trevor Burnside (25:34)
Yep.
Josh Lupresto (25:36)
I guess maybe let’s wrap it up here. Final thoughts. What are the discovery questions? What are your favorite thoughts? Scariest thing you saw while you’re at RSA? Wildest product you saw? Things that you’re ⁓ excited to kind of see coming forward and just mixed in here. Let’s get a few of your favorite kind of questions to help uncover those needs for TAs.
Trevor Burnside (26:04)
Yeah, I saw a specific product. Well, I’ll answer it really specifically. ⁓ There’s a product that detects AI in the sense of ⁓ when you’re on a false webpage. ⁓ And I saw some of the stuff that they did and I saw some false web pages that were 100 % identical to real web pages. So you can, know, people spoofing web pages or otherwise, you know, really, you know, from a generic level of, you know, you click a link, you think you’re on Facebook and you’re not on Facebook.
but it looks exactly like it, like exactly. I mean, you look at what AI can do with, you know, photography and generating images and all that stuff. And you’re like, I can’t tell if it’s a real image or not. Some, you know, depending on the engine, the same thing with web pages and the guy, you could think you’re on the right page and it could be completely malicious. And we actually, there’s tools out there, AI detecting AI that are doing this because humans can’t.
Now you look at it there would be no way that I would know that I was on a spoofed web page because they can hide a lot. can mask the domains. A lot of that kind of stuff is just getting so good. ⁓ So that was a scary thing of ⁓ I think at some point we’re going to be questioning our reality on the internet of what are we actually, am I on the right place? Am ⁓ I where I think I am? And we may need AI to start detecting it.
Josh Lupresto (27:31)
And yeah, I mean, some of these early demos already of, you know, obviously the AI voice cloning, the biometrics and the things that that impacts and already seeing some of these proof of concepts of the tools that are out there for this AI video clone, this AI avatar clone sitting in on your Zoom session, right? So we used to just laugh and say, well, of course, like the finance person just needs to know that I wouldn’t send that. Well, now
not only can I validate that I am me, I can get on video and it looks like me. think to your point, it needs to keep everybody in a question everything constantly mindset. These tools, think, we have to leverage the tools to be able to help us because even in a question everything, when you question everything, ⁓ we can’t make it a questioning process. We have to use technology to help knock down some of that.
Trevor Burnside (28:09)
Mm-hmm.
Yeah, 100%.
Josh Lupresto (28:28)
Good stuff. All right, Love the download. Love that you got to go see a lot of this stuff. I know it’s all fresh. It’s all ⁓ lots of crazy things that you learned. Look forward to continuing to hear more from that. appreciate you coming on, man. Thanks for all the share.
Trevor Burnside (28:43)
Yeah, thanks so much for the time. Great talking with you.
Josh Lupresto (28:46)
All right, everybody, as always, don’t forget every Wednesday, these episodes drop, whether you’re listening to Apple, Spotify, all of the above, make sure that you get that so that you can help your customers and have some of these conversations and we’re here to help. until next time, I’m your host, Josh Lupresto, SVP of Sales Engineering, Telarus Trevor Burnside, Solution Engineer. This has been RSA Recap. What shocked us, what inspired us. Until next time.