5 Questions MSPs Should Be Asking at RSA 2023

The annual RSA Conference is just a few weeks away and—as usual—there will be no shortage of subjects or trends to learn about on site. We say this every year, but the best and also the worst part about cybersecurity is that there’s so much going on, so much changing at any given moment in time, that it’s near impossible to keep up. While we may not have had a national media grabbing super high-profile data breach or ransomware attack recently in the United States, the influx of ChatGPT and large language models and how they fit into cybersecurity has more than made up for it in water-cooler conversations and headlines.

I expect to see a lot of innovations but also hear a lot of distracting noise at RSA. With that in mind, here are 5 questions that I think MSPs should ask if they’re attending this year’s conference. I know I’ll be asking them.

1. What to Make of All the AI/ChatGPT Buzz?

It’s hard to be in the tech industry and not be overwhelmed by the amount of noise and hype surrounding ChatGPT and other AI-powered large language models. They’re dominating everything. On one hand, you can hear how they’re going to take over the world and kill us all. On the other hand, there are a number of companies that, for years, have talked about their products including AI and machine learning. It will be interesting to see what the reality is after the hype level of the last few months.

2. When Will Operational Technology and Information Technology Collide?

There’s also a lot more sessions and discussions around the operational technology (OT) and IoT supply-chain side of the business. That’s something I’ve been watching for a number of years. I recognize some of the companies of the people running these sessions at RSA. They’re not somebody you normally see in the MSP space, but they’re trying to be. They’ve historically targeted the OT side of the world. They’ve gone after the users of products from companies like Siemens and Johnson Controls because their products live in that world. I’m looking forward to seeing how they plan to make the move to the MSP space.

3. How Can We Help CISOs Survive?

Gartner expects nearly half of CISOs to change jobs by 2025 and the average tenure of a CISO in a large organization is less than three years before they are either let go or quit because of the stress. I want to hear what organizations at RSA are doing and talking about to help with that. I’m also interested in hearing how companies are going after internal resources to close the cyber skills gap. How do we address this cyber knowledge gap? We can’t fix it if we’re not constantly training.

4. How Do We Support SMBs Through All the Chaos?

A big question we all need to ask is where does the small business fit into vendors’ cybersecurity plans? Most players are going after big enterprises. That’s great, but when you look at the sheer volume of business in the United States and what the majority of our members support, it’s SMBs. I want to see what messaging comes out of RSA for SMBs.

Vendors may think they understand SMBs, but they should also understand who supports them [MSPs]. Potentially, there’s a lot of education that needs to happen for vendors. Over the last five to 10 years, it was you had an idea, you pitched a cloud platform, you started rolling out direct to customers, you got some VC or equity plugged in and you were off and running trying to get those large deals with a per-seat price that was pretty steep. But your platforms aren’t really built for multi-tenancy, which is something MSPs need. Many vendors don’t understand economies of scale and what the MSP is. And if they don’t understand it and they don’t have somebody to give them some guidance, then they are going to struggle with it.

At some point, say an MDR platform that has focused only on the Fortune 1000 space gets another Fortune 1000 customer. That means a competitor’s platform loses that customer. And if you lose a customer, a competitor took them away. There are only 1,000 companies in the Fortune 1000. But if companies want to expand their markets, they need to look to the SMB space and to do that effectively they need to understand MSPs and how they can help build market share.

5. Where Are All the Cyber SMEs?

This one is a little more personal. CompTIA is always looking for subject matter experts (SMEs) on cybersecurity—and other areas—to ensure that our content, training and exams meet the needs of a fast-changing market. We rely heavily on the people that are the practitioners in the industry to learn what they think about everything going on and to guide us to help CompTIA meet the needs of our members, partners and customers. MSPs should be doing the same. Talk to the cyber professionals – those in the trenches – to get a better understanding of the latest threats and get the insights to help protect your business and your customers. It’s great to visit a few booths (come see CompTIA!) but have conversations in the hallways and with the people sitting next to you during sessions. That’s where the real value is.

Ron Culler is vice president, cyber development programs, CompTIA.