In a recent column I wrote about cyber attack rhythms. Today I will discuss some additional cyber cycles that help keep security practitioners hopping — and a new reason these cycles might be important to you.
I’ll See You There
The dominating factor these days in the timing of announcements in the cyber security industry is the annual RSA conference. This year it runs from April 20th through the 24th.
For more than a decade, “RSA” has been the dominant event on the cyber calendar. It’s held every year about this time at the Moscone Conference Center in downtown San Francisco. Last year set an attendance record: 28,500 attendees listened to 410 sessions from 604 speakers. The exhibit hall housed 400 companies or so.
This week, folks like me all over the world are working late, even pulling all-nighters. We are hustling to close deals we want to announce there; getting products ready for demos; practicing and polishing presentations and speeches; and just plain clearing the decks for the intense industry-wide coffee klatch/reunion/tent revival/glad-handing-orgy that is “RSA”.
“Are you going to be at RSA?” That’s the question zipping around in email and texts the month before, as we all prepare to descend on the Moscone one more time. “I’ll see you there” has been the prelude to many a business deal in my career.
Whose Hat is This?
There is a second annual conference just as important to security practitioners in the United States, and that’s the Black Hat Conference.
Whereas RSA aims mostly at business-oriented types like CEOs, CIOs, and CISOs, Black Hat has traditionally had more of a counter-culture flavor. It used to be that the techno-dweebs there played “Spot the Fed” with great hilarity; but in recent years the FBI Director has been a featured speaker, so perhaps those days are gone.
Whatever the tone, “Black Hat”—held in August this year, in Las Vegas—always seems to generate Big News about vulnerabilities, hacks, and what the “Bad Guys” will be doing to “Us” in the near future.
Right on Schedule
Another cyclical event that drives headlines and brings attention to cyber security occurs in October. That’s “National Cyber Security Awareness Month”,  launched by the National Cyber Security Alliance (NCSA) and the U. S. Department of Homeland Security (DHS) in 2004.
I got to be on center stage in 2013 and 2014 as we kicked off the month at the NASDAQ event center in Times Square. I hosted the Secretary of DHS, several Congresspersons, leaders from NCSA, and other distinguished guests. Perhaps those bright lights have swayed my thinking, but it seems likely to me that, at the very least, there is a yearly uptick in discussions at the Board level about cyber as a result of this campaign. A great many large corporations, additionally, hold annual cyber awareness events that month in synchronicity with the national event.
Does the publicity spike actually increase awareness as intended? Do more people “Think Before You Click” in October?
Google Trends does show that at least the news media are talking more about “cyber security awareness” in October.
Figure 1. Google Trends Result for “Cyber Security Awareness”
I haven’t seen a seasonal downturn in attacks, yet; but perhaps that’s due to the “damping effect” of cyber-crime prevalence I discussed in the previous column.
As of last November, there is a new reason you might want to be able to discern the kind of cyclical effects I’ve been exploring in these columns.
Do you know about the HACK index? It’s listed on NYSE, and was created “to provide the market with a transparent vehicle to invest in the increasingly important Cyber Security industry.” 
Now I haven’t any idea whether the index, which is related to the current stock price of several major cyber vendors, will respond in some way to big cyber events or seasonal rhythms. You’ll have to decide that for yourself. As a start, here’s the performance of the index to date. You can see it began after Cyber Security Awareness Month last year, so there’s zero indication of any effect of the publicity spike so far.
Figure 2. Performace of HACK index (NYSE Arca)
It does seem to me that if you could reliably predict cyber cycles, it might be worth some money. I bet a lot of folks are working on that these days, come to think of it.
Special Note: I am not qualified to give financial advice. My mention of the HACK index does not represent an endorsement, and my speculation about profiting from cyber trend prediction does not constitute investment advice. Seriously.
I’d better close this out now. I have to pack. Are you going to be at RSA? Maybe I’ll see you there.
Sources and Resources
 RSA Conference, http://www.rsaconference.com.
 Black Hat Conference USA 2015, https://www.blackhat.com/us-15/.
 For information about the HACK index, see http://pureetfs.com/etfs/hack.html.