As the dust settles from the ISC West conference in Las Vegas, I wanted to take a moment to reflect on what was most memorable to me. The exhibit hall was packed full of security vendors showcasing their products and services, and it drew an enormous crowd. The NICE booth was no exception. PSIM was the hot topic; and I must have had at least 100 intense exchanges – with customers, consultants, integrators, technology partners, press and vendors. At the start of each conversation, I could see that most clearly didn’t get it; though by the end they usually did.
So what do I mean by ‘get it’?
Most people think that if you throw enough time, money and effort at threat analysis studies, system designs, security products, installations and training, that customers will be more secure. I don’t doubt it, but how can it be measured, and how much is ‘more’?
Some argued that with PSIM, you can integrate silos to create better situational awareness, and consequently stop bad things from happening. I’m not convinced that this is the best or only value proposition for PSIM, since many integrations can be done directly without a 3rd party software such as PSIM.
I argued that if you can’t use PSIM to stop bad things from happening, you can at least use it to resolve incidents as quickly and painlessly as possible. The ability to help operators make sense of seemingly unconnected information (situational awareness) and guide operator actions through adaptive, automated response plans (situation management) is the real magic sauce of PSIM, not integration. The ability to form a common operational picture, to adapt real-time responses to evolving threats, to record every action and outcome for 360° incident debriefing, to learn from mistakes as part of a continuous improvement cycle, to ensure business continuity and regulatory compliance – these are all real impacts of PSIM.
People who ‘get it’ recognize that PSIM is not so much a technology product as it is a solution to achieve better security, safety and operational results. This is a GIANT shift in thinking for most in the Security industry, and shifts require a proactive change in skills sets.
So what was the biggest take-away for me from ISC West this year? It wasn’t PSIM per se. Rather it was that the conversations about PSIM are starting to change.