Culture of proactiveness ... and what RSA Conference is not

TM Ching TM Ching

TM Ching

Security Center of Excellence Leader, APJMEA @ DXC Technology

Published Mar 12, 2020
+ Follow

(Disclaimer: The view below is my professional view and do not reflect the views of my organisation.)

By now, most of you are aware that two engineers infected with COVID-19 were in the RSA Conference.

It is mind-boggling, that as an organisation that expounds on proactiveness, professing the importance of "Human Element" where in their words:

"the actions we take can affect every aspect of humanity. We’re the ones on the front lines, protecting not just data."

... RSA Conference practices none of that.

No alt text provided for this image

And 2 engineers are now in life danger, with the potential of many security professionals being uncertain if they will be affected. One attendee from Western Australia is also currently quarantined when he went back and not knowing his fate.

The signs were clear, MWC was cancelled, vendors pulled out ... RSA Conference should have taken very serious consideration in cancelling the event. We are an industry that takes proactive approach to *prevent* things from happening, not *react* to contain things when it happen.

In our industry, we caution about introducing unapproved devices into a network because it may compromise the network. We scan, assess, audit the system with 100% certainty before it is introduced into the environment. If a contagious disease such as COVID-19 can release havoc by just one person, and that there is just no way any organisation can confirm if an attendee is a virus-carrier, and in a location of 40,000 people, can you imagine the risk? Yes the likelihood or infection is low as claimed, but Risk = Impact * Likelihood ... the risk increases exponentially with such a large crowd. That is why forward thinking organisations and leaders make the hard decision to cancel these large-scale events, and such proactive leadership was not demonstrated here.

The non-proactive behaviour sends the wrong message to the commercial world that we do not practice what we preach. I am still astounded that I still see security professionals still shaking hands with one another in the last one week, without clearly understanding that your behaviour is the reason why this situation is not contained. Do not preach about something, and do something else ... that goes contrary to what our industry behaves. If the official health body declares best practices, follow it. Your attitude in taking best practices seriously tells me if you walk the talk, or you just only talk.

Now that COVID-19 is declared pandemic, it is time to take this very seriously. When in doubt, don't do it. China made that mistake, thinking that it was manageable ... they didn't. No organisation today has the capacity nor the ability to contain it on their own, so all the ongoing events that took place in February were literally playing with lives. Your momentary lapse of judgement can have massive impact to human lives, and you will have to live with that guilt for the rest of your life.

I wish and pray for the speedy recovery of the 2 engineers, and all those who are affected by COVID-19 infections. Let us all take care of one another, and that very first step starts off with you doing the right thing for yourself and the people around you.

Epilogue: I agree with this article ... the preaching of "Human Element" is clearly not demonstrated in the way they reacted.


To view or add a comment, sign in

More articles by this author

See all

Insights from the community

Others also viewed

Explore topics