In June (2022), a few members of the Revenue Rocket team travelled to San Francisco for the RSA Conference. The RSA Conference is a source for timely insights, thoughtful interactions, and actionable intelligence designed to help cybersecurity professionals continually strengthen their organizations. Listen as the team dives into takeaways from the event, insights into the Cybersecurity industry, and where the industry is headed.
RSA Conference - Revenue Rocket (1)
Wed, 7/6 3:26PM • 24:09
SUMMARY KEYWORDS
vendors, sahil, security, people, consolidation, rsa, industry, users, tool, organizations, conference, customers, cios, product, ryan, companies, m&a, services, matt, space
SPEAKERS
Sahil Patel, Mike Harvath, Matt Lockhart, Ryan Barnett
Mike Harvath 00:04
Hello, this is Mike Harvath with another shoot the moon podcast broadcasting live and direct from revenue racket world headquarters in Bloomington Minnesota. Revenue rocket is the global premier firm that's focused on both growth strategy and m&a for IT services firms, as you know, for all you regular listeners. I am honored today to be with my partners, Matt Lockhart and Ryan Barnett. And Sahil Patel, who is a new member, of our team. Matt and Sahil so have recently been at the RSA Security Conference. And the topic of today's podcast will be to talk about their experience and observations there. So Ryan, Matt, Sahill, welcome.
Matt Lockhart 00:55
Thanks, Mike. Great to be back, it took a few days to recover from the RSA conference, little tired you know, had to ice the feet and legs and whatnot. But boy, it was a great experience.
Ryan Barnett 01:10
Yeah, and we're glad that you got the team to go. And I'd love to ask you a few questions of what actually happened at the show, what we learned what to what advice we can give to other vendors that are in the space, and learn a little bit more as we go along. So I'd love to see this. And Sahil, this was not your first technology show, is that right?
Sahil Patel 01:34
Yep. That was my first time at a conference, it was definitely a very unique experience that it opened my eyes to cybersecurity and a lot of new technology that's going on right now. And then a bunch of new industries that could be looking at just adding small product lines that are just amazing, new technologies.
Ryan Barnett 01:55
That's great. That's great. And we always appreciate just meeting people. So tell me a little bit about the show. Tell us all about RSA, why do people attend the show, how big it is, just general, general kind of demographics so everyone kind of understands what we're talking about?
Matt Lockhart 02:12
Sure, it's the first time RSA has been back post COVID. And you could tell certainly, that everyone was super excited not only just to be back at RSA, but you know, commonly you saw people fired up to just be together. And I heard that it was maybe a little smaller than in years past, but there were, I think over 15,000 people that came through the doors. So while maybe a little smaller, it was awfully active, couldn't find a hotel room in all of San Francisco. And you just saw the buses rolling around downtown San Francisco filled with people who were going back and forth from their hotels to the Moscone Conference Center. So it was quite active. There were literally hundreds and hundreds of vendors who were promoting their wares on the expo floor, so I guess I would say it, it represented the continued growth and awareness in the security industry as a whole. Sahil, what'd you see?
Sahil Patel 03:30
Yeah, so I guess, walking on the floor. And I definitely resonate with that. There's a ton of vendors. And I think the really interesting part was there's a lot less, I guess, end users than I expected. But there's still a decent amount where you got to learn about their business, what they're doing and how, what vendors they're looking at. And even a few are just looking to go through the different conferences and meetings that are going on some seminars and keynote speakers, which have been really impactful to some of the people I talked to.
Ryan Barnett 03:57
It's really interesting to hear that. Sahil, please help the audience here understand, who is the audience that attends, is it is it our users of RSA? Is it from the user conference? And from what I can, they're really leaders in identity and access type management. So what brings vendors to the show?
Sahil Patel 04:22
Yeah, so I guess, in my perspective, personally, from the people I've talked to, a lot of the vendors were just looking to give out demos and products to different other vendors, or even end unit end users if they can find, but a lot of the pitches I heard were, hey, we have this new product, look at our demo, and then see if it could help your client and pitch it out to them. So it's kind of like a pass it along kind of word word of the vibe and then giving out the merch and making sure people just know that that company exists. And there's a lot of like new startups, new companies that are kind of developing their product or they have a product, but it's not in the market or they're working on getting into the market. It's kind of what I've seen.
Matt Lockhart 05:03
Yeah, I'll, you know, I'll build on that a little bit. So head on, I think that's super insightful. You know, obviously, with the growth in need for security as a whole, right? I mean, this is, you know, if not the number one priority for CIOs and CEOs, it's, it's at the top of the list, right, you know, protection of an organization's network, their data, and is directly related to, you know, the value that they bring to their customers. And so there's just an a tremendous growth in the industry overall, as that need has become, you know, more and more recognized, to overall corporate value. You know, as such, there's been just a total influx of capital into this space. The, the amount of, you know, financial backers, the venture capitalists, private equity firms, and the like, was, you know, really pretty, really aware. Right. And, and I think that it's somewhat rep, it was represented by the amount of vendors, again, who are in the expo, they, I think it was it sort of you think about it, where it's like, if you're going to be in the space, well, then you had to be at RSA, right. It was, you know, from a marketing perspective, overall presence within the market, et cetera, et cetera, to Sahil's point- it's not as though they were spending a lot of time within customers, they were just ensuring that, you know, end customers and the market as a whole saw that they were there. And so it was kind of like you had to be there, if you're going to be recognized as a as a player within the security industry.
Ryan Barnett 07:14
That certainly makes sense. And, and it's when that amount of people come together towards a common goal, the opportunity to talk about who you are, what you do, and how you're different is important. And then and learn. And so, I'd love for each of you to tell me, what's one thing that you did learn about the security space? And was there anything that arose is something that was people were gravitating towards maybe a category or a vendor, that was just interesting.
Matt Lockhart 07:46
Sure, well, the theme of the conference was transform. And I think that that was, you know, pretty adequate, because the entire security industry is under, you know, continual transformation. You know, here's a common theme that you saw, which was, you know, shift left security. And, you know, the concept behind shift left security is, is how can you build security into your overall, you know, software application environment, as the software is being built, right, so you're building security into the software that is going to be residing in, you know, in your network. Now, their theme was, you know, cloud based security, yeah, obviously, this goes hand in hand with shifting left, because organizations are relying more and more upon, you know, the cloud. And so as you are relying upon your cloud vendors to provide an overall network security, right, you know, organizations that are building towards the cloud, need to build upon that, by ensuring that their applications are secure. Along those lines, you saw a new concept, which was API security, right? So as organizations are stitching multiple applications together through an API layer, you know, that's a new threat area, you know, for hackers and attackers to go into, you know, within API security. So you see this evolving, you know, sort of evolving and more comprehensive overall security posture that is needed. And so I think that that was interesting. It also, because there's so much change, it goes back to man were there a lot of companies who were, you know, promoting those themes, but there is a lot of overlap from vendors related to those areas. Sahil, what'd you see?
Sahil Patel 10:12
No, Matt, I think you're exactly on the dot. And with a lot of those services, there was like penetration testing for API security. So you have your old functionalities that can apply to a new field, essentially, and the fun aspect, I think, is that most of these companies are three to four years or even younger. So you will see that a lot of the new industries trends have just come right, when COVID started, the need for cybersecurity has increased greatly. And I think it's great that there's a lot of new companies, but I totally agree that there's going to be a need for consolidation given from vendor to vendor, there's a lot of similarities that I can see that they're doing. It's just about who's out there first, or who's getting the biggest vendors.
Ryan Barnett 10:59
I'd love to dig into that a little bit more. So if we think about transactions in the space, and many of these vendors are overlapping, I know that he had the list of vendors presenting was almost 400. So if and beyond that there was guessing 1000s that attended, and if you look at zoom out and take away from this conference, there are 1000s upon 1000s of security vendors, for example, PitchBook has 2300 track security vendors out there. Did you see anything specific in the space of where that overlap could turn into a one plus one equals three type scenario? Or maybe even differently, are companies looking to expand their product offering with services or service offerings with products-and maybe doing so with acquisitions in mind?
Matt Lockhart 11:55
Yeah, it's an interesting question, Ryan, I, you know, to kind of unpack that a little bit, you know, another common theme, and this came from the leaders of end user organizations is the need for tool consolidation, right? Because the more tools that are within a, you know, corporate environment, the more risks in a sense that occur, because you know, 1, you got to make sure that all those tools are playing together, right. And they do fit together well. And 2, you got to have the talent that, you know, that can do that. And not in, as in within the overall technology industry as a whole. We know that there's just a huge talent shortage. And and within security, it's probably one of the most extreme areas for talent shortage, right, so this is driving these end user CIOs and, and CISOs to think, how do I increase my ability to protect, but decrease the amount of complexity. So they're distinctly talking about tool consolidation, which is sort of at odds with, again, the amount of tool vendors out there, and the amount of overlapping functionality and play and now to speak to, you know, the ability to provide comprehensive services related to all of these tool vendors? Well, quite honestly, there is nobody who can keep up with all of this, right? There's not one you know, and so each of the, you know, security tool product vendors have services related to their distinct tools, right. But they, they don't necessarily have the connective tissue to other corresponding tools that will enable that you know, sort of greater level of overall protection.
Ryan Barnett 14:13
Yeah, it's such an interesting dichotomy. We've got every tool possible to fit every fix every problem but no one knowing what to use or how to use it or, or who to implement it. I'm guessing this is reminds me of shelfware back in the day, just a lot of people buying technology for technology's sake, and not necessarily having it lead to something that can be utilized better.
Matt Lockhart 14:42
Yeah, I think that's it's spot on, Ryan. And so you know, you think about who are some of the sort of the leading vendors if you will, and in Sentinel one comes to mind and you know, it's primarily a reseller and you know, their focus is in driving additional products, right. And, and so you combine that with the efforts and the money spent by the marketing for these new tool vendors and I can only imagine that there's just a whole bunch of confusion for again, these end customer leaders, I think it represents a real opportunity for those security services organizations who can make sense, right, and think about the business need, and then the appropriate tools for customers particular environments. I mean, you think about sort of IT and OT, well, there's better vendors for that space than there are for financial OSEI services. And so having service providers that can understand the distinct needs of customers across, you know, different industry segments, and then making sense of, you know, what is the the best protection layers offered by the right tool vendors, while at the same time reducing complexity, right. And so, you know, that's a hard challenge. And I'm not sure that the that RSA benefits, you know, the industry, because they're there to promote everybody. Right. And so, you know, there's work to be done to continue to, quote unquote, transform.
Ryan Barnett 16:41
Yeah, very interesting. It's, it's, it's odd that a user conference like this brings in as many vendors truly relatively unique to have something where there is almost a communal gathering place for customers and, and, and vendors alike. Great. One takeaway Sahil and Matt, just to help wrap us up here. What are what are something that people in the space are people looking at, what's one thing that you've learned that can be applied to to their business today?
Mike Harvath 17:11
Sahil, I'll let you go first.
Sahil Patel 17:16
Sounds like a plan. So I guess, with me being on the floor and talking to different people, sales vendors, and I guess, end users as well. I kind of think the biggest takeaway, in my opinion, was that there's a lot of different products that are there, but it's gonna be very hard to find what's best for you. And it's also what's kind of the, it's hard to determine what's the best out there, when there aren't many differentiators, It's everyone's doing API security or penetration testing, but what's kind of like the big outlier, and that's kind of something that I was looking to learn, and just when I'm looking at a vendor, I'm like, what separates them from someone else. For me, it was really hard, which is also good thing that the industry, the technology has improved so much, that it's hard to tell what's better than the next person. But at the same time, we always want the best product, so that's kind of my key takeaway.
Matt Lockhart 18:11
Yeah, that's insightful, Sahil. I mean, again, it's this theme of so many, right. So if there was one key takeaway is is is that within this space, there is going to be consolidation, right, the again, these end users CIOs are demanding it, you know, within their organizations to reduce complexity, the amount of vendors who are in a Series A, Series B, Series C, even Series D financing, stage was dramatic. I mean, it was clearly the majority of the of the vendors there are in that stage. And so not everyone is going to survive. Hearken back 120 years to the start of the start of the automobile, and there were hundreds of automobile companies. Well, now hundreds didn't survive, as we know. Now, I don't think it's going to be as dramatic as that the level of consolidation, but there is going to be dramatic level of consolidation within this space. And so, you know, what does that mean? Well, that that provides clear and distinct opportunities for merger and acquisitions, that, you know, those that are going to be able to think ahead, you know, not in months, but in years, to be able to stitch together the functionality and the right way and go to market in a more comprehensive fashion, those are going to be the winners. And so, you know, and we've seen In it, obviously, you know, Ryan, Mike and Sahil with the, with the number of mandates that we have, you know, within our m&a practice. And so, you know, we're super excited, great opportunity to learn, it was a great opportunity to get a feel for the different organizations out there to meet literally hundreds and hundreds of people so that we can be in a great position to assist our clients and in those consolidation efforts.
Ryan Barnett 20:37
Great. Thank you both for the insights here today. Really appreciated. And with that, Mike, I'll turn it back over to you to to walk us out.
Mike Harvath 20:48
Sounds good, Ryan. Thanks so much. Thanks, Matt. Thanks Sahil for your insights. Very interesting conversation about the RSA Conference. With that, as we say every week, we'll tie a ribbon on it. We wish all of you a great week out there if we can be any help to you. If you think about how to grow your IT services business or thinking about m&a initiatives, particularly in the current market, don't hesitate to reach out to us at info@revenue rocket.com or @revenuerocket.com For other insights. Thanks and make it a great day.