What’s going on at the RSA Conference?
MICHAEL BIRD
Hello and welcome back to Technology Now, a weekly show from Hewlett Packard Enterprise where we take what's happening in the world and explore how it's changing the way organizations are using technology.
We’re your hosts Michael Bird…
AUBREY LOVELL
and Aubrey Lovell, and this week we are throwing ourselves headfirst into the world of cyber security at the RSA conference,
- we'll be exploring what security looks like from tip to tail.
- We'll be taking a whistle stop tour of the conference
- and we'll be looking into our crystal ball to find out what the future of security could look like.
MICHAEL BIRD
That is correct, so if you’re the kind of person who needs to know *why* what’s going on in the world, matters to your organisation, this podcast is for you.
(oh) And if you haven’t yet, subscribe to your podcast app of choice so you don’t miss out.
Right, let’s get into it!
AUBREY LOVELL
We can all agree that cybersecurity is important to us. Whether it’s our personal devices, phones, even smart devices in our home – or up in the cloud, cybersecurity impacts each and every one of us directly.
A report from Statista in 2024 predicted that the global market for security technology would reach over 200 billion dollars that year - that’s an insane quantity of money – but then again, it’s for a pretty important cause!
MICHAEL BIRD
Yeah, that is a lot of money but to be honest, it's a sort of expected figure, I think?
AUBREY LOVELL
I think so, and we’ve linked to that stat in the show notes.
MICHAEL BIRD
Now, collaboration is a huge deal in the world of cybersecurity, so this week we are visiting the RSA Conference, a global event where thought leaders and professionals in the cybersecurity world gather to discuss and learn more about the threats that are faced in the industry.
AUBREY LOVELL
Okay Michael, I have to ask… what does RSA stand for?
MICHAEL BIRD
Excellent question and I can give you the answer Aubrey, because RSA is actually an acronym of the founders of the company RSA. So that's Ron Rivest, Adi Shamir and Leonard Adleman
AUBREY LOVELL
Oh, very nice.
MICHAEL BIRD
Yes, and the conference itself has been going for over 30 years. Aubrey, not to give too much away, but that's nearly as old as us, but I believe that this is the first time we have covered it. On Technology Now.
AUBREY LOVELL
Yes, it is. And you know what? I will definitely still take 30 if I can get back to that age. But neither Michael and I were able to be at the event itself. So we have sent a reporter out to go and talk to a number of people who are presenting at the conference. Jaye Tilson is a CTO of security and HPE Distinguished Technologist and he is going to tell us more about what's going on at the RSA conference. Jaye, what's it like out there?
JAYE TILLSON
Hi Aubrey, hi Michael, it’s pretty busy at the conference, but that’s what we want to see when we’re talking about such an important subject!
For those unfamiliar with the RSA Conference, it is one of the world’s largest and most influential gatherings for cybersecurity professionals.
It’s held annually in San Francisco at the Moscone Centre, and it brings together thousands of experts, practitioners, and leaders from all around the globe to share insights, unveil cutting-edge research, and explore the future of cybersecurity.
It also provides an unmatched networking opportunity for professionals across industries to connect and collaborate on securing the digital world.
To find out more about what is going on here today, I’m joined by Jon Green, Chief Technology Officer and Chief Security Officer at HPE Networking.
Jon, thank you for joining us!
JON GREEN
Absolutely
JAYE TILLSON
I think it's worth talking a little bit about what are the kind of the big topics in the world of cybersecurity that you're seeing through your eyes.
JON GREEN
Yeah well, this may shock you, but AI is a big deal now and everybody's talking about AI, so I don't know if you've heard that before, but that's kind of what I'm expecting to see at this conference is, at least from the exhibit hall and from what talks and things like that. It's going to be about the impact of AI and it's everything from how to protect the AI models to how do I protect applications that are making use of AI, so there's a bunch of those sorts of angles.
There's also just this aspect of AI hype around the products that are here. You see products that have been exhibited at RSA for years but suddenly they have AI, so now they're new and improved and it becomes important to kind of say to people all right, what can you do with AI in your product that you couldn't do before there was AI? So kind of separating out the truth from the hype is a bit of a tough challenge.
JAYE TILLSON
I think one of the topics worth talking about as well is cyber attacks. We hear about them all the time they're on social media, but what do you think are the common attacks today in the world we live in, and do you think that will continue? Or do you think we're going to get different types of attacks?
JON GREEN
It's a really wide gamut of what kinds of attacks are out there. I think an awful lot of them are just attacks of opportunity. Somebody stumbles across something that looks interesting, they pull that thread and the next thing you know they've got the crown jewels of some company or some person out there. So there's a huge amount of that. A lot of it, honestly, is automated anymore, so you find just bots that are scanning the Internet all the time looking for a way into something. Then you've got kind of much more targeted of. I'm after a particular company or a particular person and there's a goal in mind.
And what's a bit scary about that is that there's entire industries built around carrying these things out. The cybercrime industry is almost it's the new organized crime. Honestly, that's kind of where it's come from, and the ransomware attacks are kind of the biggest piece of that. It really is almost as though there's an entire enterprise ecosystem built around just stealing things from people. So that's the one that most of us worry about, most of the time, at least from an enterprise perspective.
JAYE TILLSON
What do you recommend business should be doing to protect themselves against these kind of attacks?
JON GREEN
Honestly, most people need to start with some of the basics, and it's things like multi-factor authentication. MFA shuts down a huge sector of attacks. It's things like network segmentation, which you know. That's personally my job. Network segmentation says if I do get an infection of some sort or somebody clicks on the phishing link, now I've got malware running on my own system. It's effective at stopping lateral spread of that to get into other parts of the network, so you contain the damage. It's really getting into the protect phase. Let's stop the attacks before they get in the first place, rather than well how do I detect it once it's already happening and how do I get my data back and these sorts of things.
But at that point again, the bad guys are already in. Ideally, we keep the bad guys out in the first place.
JAYE TILLSON
Okay. So as I'm walking across the show floor, I've seen vendors talking about supply chain attacks. What does that mean when it comes to the relationship with that in cyber?
JON GREEN
A supply chain attack is really… think about attacking the components that go into a product that you ultimately buy. So you don't really see that necessarily. It's already in the product before you get it.
We worry about it on the hardware side too, but on the software side it's a bit scary out there with open source and all those different pieces.
JAYE TILLSON
Thank you so much, John. That was great. We'll let you get back to the conference now.
So, now that John has given us an overview of the RSA conference, I'm joined by another John, John Spiegel, and John, like me, is a CTO of security and a HP distinguished technologist, and he has joined me to explore how companies can secure their networks.
John, welcome to the podcast.
JOHN SPIEGEL
How are we doing here at RSA 2025?
JAYE TILLSON
We’re good.
Let's kick off with, I guess, really the big one right. What does it really mean for a network to be secure in today's world?
JOHN SPIEGEL
You know, we're here in San Francisco and out in the bay there's an island called Alcatraz. Alcatraz was considered probably the most secure prison. There are no known escapes, but those days of security being like an Alcatraz have really gone, and that is really due to the evolution of cloud, SaaS Security has played a role in that. So for a network to be secure today is a very difficult thing. Because applications are distributed and now the workforce is very distributed as well. It's very difficult for a network to be totally secure.
JAYE TILLSON
I guess the next question we're going to have to talk about cyber attacks. We're at a cyber conference. We know that organizations are under threat all the time. We see it on social media, we see it in the press. What do you think are the most prevalent cyber attacks in the world we live in today?
JOHN SPIEGEL
Well, that's a great question. The most common one we're hearing about has been the one in the news really for the past five years, and that's ransomware, where attackers will breach into a network, quickly, move laterally, do some reconnaissance and then hold the company's secrets or company assets that are critical of the organization hostage and then demand that somebody basically pay up. So that is really the most common one we're seeing mostly in the news. The other ones we're seeing is the rise of… continuing rise of nation-state attacks.
Obviously, trade secrets is another piece, but those attacks that we're seeing more and more often are either coming through technologies that are legacy, like a VPN, or really they're coming through holes in software that have not been patched, so SaaS attacks or attacks against cloud infrastructure etc. That are misconfigured, or leveraging software that has vulnerabilities in it. So that's another area.
JAYE TILLSON
This won't be the first time you've heard this question this week, and it certainly won't be the last. There's a lot of talk around SASE and SSE. They've been around a while now but what do they actually mean?
JOHN SPIEGEL
Sure. So let me break it down really simply. In the past, when you deployed a new application there really was a choice that had to be made by the leaders of IT and that was do I favor speed or do I favor security?
So really, what SSE and SASE attempt to do is to eliminate that dilemma, solve the puzzle and provide applications delivery with both speed and security. That is really, at the end of the day, what SSE and SASE is. It's really a mechanism for delivering applications in the modern workplace.
JAYE TILLSON
Okay. So John, we can't be at RSA, the largest cyber conference in the world, and not talk Zero Trust. If you look around, it's everywhere. It's very much seen as the silver bullet. But really, what is Zero Trust in practice?
JOHN SPIEGEL
When you start to break it down, Zero Trust really is a strategy. It is a guide to help you secure the key assets that run your business, that fund your company, that help you make the dollar the euro. I equate Zero Trust really to how do you put together a ship and make it watertight.
You compartmentalize things, you secure it, you lock the doors and as you move around the ship, those doors are opened and closed and you're monitoring who goes where, what and when. At the end of the day, that's what zero trust is all about. It's about securing the key assets that keep your organization running.
JAYE TILLSON
Brilliant. Thank you, John. It was great to have you on the podcast today.
AUBREY LOVELL
Alright then. Now it’s time for “Today I learned”, the part of the show where we take a look at something happening in the world that we think you should know about. Michael, what do we have today?
MICHAEL BIRD
I want you to close your eyes and imagine a battery – what does it look like?
AUBREY LOVELL
That's a loaded question, Michael, because my brain automatically thinks what type of battery are we talking about? But if you're talking about the general battery, I'm thinking like something you plug into a remote.
MICHAEL BIRD
Like an AA battery or maybe one those button batteries. I think most listeners will probably be thinking the same thing… which is interesting because researchers in Sweden have recently revealed a new form of soft battery which is made of material with a texture like toothpaste that can be used as the printing medium in a 3D printer to make batteries in any shape you want.
Now the new design differs from previous attempts at stretchable batteries in a few ways: Firstly the researchers have managed to liquefy the electrodes within the battery, the positive and the negative ends, rather than just focusing on the stuff in the middle. And secondly, instead of being made of rare materials and metals like previous attempts, these new batteries are created from conductive plastics and lignin, which is a by-product of a paper production. Now, not only can the batteries be stretched to double their regular length without losing any functionality, they are also rechargeable.
These are of course a work in progress. Currently the batteries can only provide 0.9 volts. However, now the concept itself has been proven to be sound, scientists are attempting to increase this voltage by using new materials. The researchers hope that with a bit more research, these batteries could power the next generation of wearable technology.
What do you think of that Aubrey?
AUBREY LOVELL
I think it's amazing when you really think about the technology around how reliant we are too on batteries. I would say this story is leaving me… energized.
MICHAEL BIRD
Good pun, love it. I'm really excited with advances in battery technology. There are so many different advances going on which I think are really exciting and they're not just going in the obvious direction like more capacity or more density, things like this. think there may not necessarily be an exact problem that it's trying to solve but I think there will be a problem in the future that this battery is going to be perfect for this type of battery or a combination of different types of technology and it's very, very exciting.
AUBREY LOVELL
It's actually kind of cool to think about because they're being so flexible now in different shape sizes and being able to be so mobile with that technology. What if you had a world where you have these batteries, but they're rechargeable by the sun? You don't even need to plug it in anywhere. You're getting natural recharging from the world and your mobile use of it. So it's pretty cool to think about.
MICHAEL BIRD
Right, well, it’s now time to return to our reporter, Jaye, at the RSA Conference. Jaye, who else have you found for us to hear from today?
JAYE TILLSON
Thanks, Michael. For our final interview today. I'm joined by Gram Ludlow. Gram is a Security Product Line Manager. Thank you, Gram for being here today.
GRAM LUDLOW
Thank you, Jaye.
JAYE TILLSON
So one of the innovations that we've seen over the last couple of years is AI. It was everywhere here last year, but one of the things I'm starting to see this year and maybe something if we look towards the future is post-quantum security. Maybe you can explain in your terms what is post-quantum security?
GRAM LUDLOW
I am… I wouldn't say a quantum sceptic, but for me quantum security or post-quantum security means having appropriate, say, encryption techniques and processing techniques that a quantum computer can't trivially break. So for instance, if you're using an old encryption algorithm and you encrypt a file today, it might take a supercomputer a thousand years to break that encryption.
in theory a quantum computer could break it in 30 seconds or maybe even instantaneously. So for me post-quantum security is simply using algorithms and encryption and other techniques that are not trivially broken by a quantum computer.
JAYE TILLSON
Okay, so I know this is a question that's going to be very close to your heart, because you were a CISO, right? What is the role of a CISO today? What does it mean to be a CISO?
GRAM LUDLOW
A chief information security officer is the person at an organization who's ultimately accountable for assuring the appropriate risk management process are in place regarding cybersecurity, they're the ones whose neck is on the chopping block if things go wrong, and, whether or not they are empowered to do the job, they're on the hook. So it's a very difficult job.
JAYE TILLSON
Okay, so I guess final thoughts: is post-quantum a threat or an opportunity?
GRAM LUDLOW
I think that post-quantum is a threat and when it happens, it will change a lot of our approaches to cybersecurity.
However, that being said, I have seen no indications that we have matured to a point where quantum compute is accessible to anyone other than a precious few research institutions and perhaps governments. What does it mean to make a network secure? It's about assessing your threats. It's about understanding the techniques that they're going to use to attack and to make sure that you have appropriate controls to defend against them. So if you look at this from a threat network security perspective, if we're in a post-quantum world and we have accessible quantum computers, people would be able to crack encryption really easily. That's the biggest thing everyone's worried about right now.
So to defend against that, you need different and better encryption algorithms. Those algorithms exist today and a lot of people I think rightly so are transitioning off of more easily cracked algorithms, just like we always have. So I think it's a healthy thing to do as an industry but, candidly, I think there are few CISOs in the world today that really need to worry about this threat at this exact moment in time.
JAYE TILLSON
That’s brilliant Gram. Thank you so much for your time and joining us on the podcast.
JAYE TILLSON
So that should give a good overview about the sorts of things covered at this year’s RSA Conference. Thank you again to Jon, John and Gram.
Michael, Aubrey, back to you guys.
MICHAEL BIRD
Jaye thank you so much for taking us onto the show floor at the conference, and of course thank you to everyone you caught for us for an interview.
AUBREY LOVELL
And hopefully we will be able to go into all of the topics discussed today in more detail in future episodes. In the meantime, if you want to do some of your own digging into them, make sure to check out the show notes!
MICHAEL BIRD
Right, well Aubrey we are getting towards the end of show which means it is time for this week in history. I'm slowly going to be bringing back the theme tune, Aubrey, one episode at a time. Which is a look at monumental events in the world of business and technology which has changed our lives. Now, last week I think you bought the clue, Aubrey, what was it? Can you just remind me?
AUBREY LOVELL
So the clue last week was it's 1961 and modern computing is about to be born. And I think you came pretty close to this one, Michael. I think you knew what it was.
MICHAEL BIRD
I thought it was like the first computer but I don't know if that's actually quite true.
AUBREY LOVELL
Well, I think it's definitely part of the story. mean, it was, of course, the granting of the patent for the first integrated circuit. Now, this is quite literally the start of modern computing. So before this point, computers had been made of huge vacuum tubes and transistors, but two men were about to change the world. The integrated circuit, or should I say microchip nowadays, is what our modern society is built on. It's what we are using to record this episode. It's what you're listening on. It's literally used on everything and one of the most important inventions in the history of mankind.
Independently, Jack Kilby and Robert Noyce had been working on the concept of shrinking down components of a computer and putting them all on semi-conducting chips. While Noyce was awarded the initial 1961 patent exclusively, Kilby is now also acknowledged for his independent work creating integrated circuits and in the year 2000 was one of those awarded the Nobel Prize in Physics for his contribution to the invention of the integrated circuit where he then acknowledged that were Noyce still alive, they would have likely shared the accolade.
MICHAEL BIRD
Well Aubrey, we really are talking about the fathers of modern society in a way I suppose. I'm not sure my clue is going to live up to that one but I'd still say it was a pretty big moment in the history of business as well as pretty much everything else. There's a little of the clue. Next week's clue is... It's 1840 and this little picture of the Queen is going to take you places. I know exactly what that is. 100 % I know what that is.
AUBREY LOVELL
I mean, I think I know what it is. I just don't know what exactly which one, but it's definitely currency. It's gotta be, right?
MICHAEL BIRD
I don't think it's currency.
AUBREY LOVELL
No?!
MICHAEL BIRD
No, I don't think it's currency. I'm going to put my neck on the line here and I'm going to say I think it is the first stamp with the picture of Queen Victoria and I think it's called like the Penny something. I've got that wrong, but I'm pretty sure it's the first stamp of Queen Victoria. I'm going to say that's what it is and I'm going to look like a fool next week when I've got it wrong.
AUBREY LOVELL
Interesting. Well, you clearly know better than I. I bet you it probably is stamps, but either stamps or currency. Let's go for it. We'll see what happens.
AUBREY LOVELL
Okay that brings us to the end of Technology Now for this week.
Thank you to Jaye and all of our guests from this week
And of course, to our listeners.
Thank you so much for joining us.
MICHAEL BIRD
Technology Now is hosted by Aubrey Lovell and myself, Michael Bird
This episode was produced by Harry Lampert, Sam Walker and Izzie Clarke with production support from Alysha Kempson-Taylor, Beckie Bird, Alissa Mitry and Natasha Naik.
AUBREY LOVELL
Our social editorial team is Rebecca Wissinger, Judy-Anne Goldman and Jacqueline Green and our social media designers are Alejandra Garcia, and Ambar Maldonado.
MICHAEL BIRD
Technology Now is a Fresh Air Production for Hewlett Packard Enterprise.
(and) we’ll see you next week. Cheers!