I’m not sure that it’s fair or relevant for a CISO or CSO to need to know the equations behind RSA. That’s what their techie’s are for. Also academia is driven by this view that to use and understand crypto you need to be able to write code to do it.

No sensible person, that is not a cryptographer, in industry should ever try to write their own crypto or implement the algorithms. That’s what reviewed and tested libraries are for.

They should certainly understand the features of RSA or Diffie Helman and describe how they work at a conceptual level.

It’s pretty amusing watching the speaker struggle to explain public private keys and especially his view that AES is used for data at rest but not in transit. Especially since RSA is mostly used to exchange the AES keys to encrypt data in transit.

I begin to see why some boo’d his pitch at Black Hat