After a frantic weekend of getting in and setting up, the bulk of the messaging began in full-force on Monday. As a long-time participant of the RSA Conference, and similar conferences around the world, I was thrilled to see a female focus called ‘She Speaks Security’ in the Monday talks. One session in particular held court and was the first all-female panel I believe I have ever seen at RSAC.
In a panel on ‘Becoming Resilient’, led by newly minted CISO Cameron Forbes Over, she really kicked things off telling the packed room that “resilience is not just a technical term to describe a network or business, but a concept we need to build in our people.” This is an important topic, especially as CISOs are thrown into increasingly stressful situations, often with plenty of technical training but not enough focus on how best to handle things from a personal standpoint. This message was further anchored by US CERT’s Bobbie Stempfley, who added that “resilience is also about the community, which is enriched when new voices are heard.” Truth.
RSAnticipation — the holy grail for cyber security professionals
Tuesday’s talks shifted from these personnel aspects to some of the broader issues that affect the critical infrastructure of the civilised world. An important panel with the new director of America’s Cyber and Infrastructure Security Agency (CISA) Chris Krebs ticked off many of the biggest threats he sees in cyber, from basic hygiene to state-sponsored terrorism, elections and everything in between. Chris also focused on “shifting the way we’re trying to understand what’s happening in the world,” going on to describe a very inclusive CISA that will foster a new way of understanding the functions of our Nation’s critical infrastructure. Echoing these thoughts and expanding to a global scale, Frank Cilluffo, who heads the McCrary Institute for Cyber & Critical Infrastructure Security at Auburn University, focused on the grey area between the absolute black and white positions in cyberspace, and the establishment of the National Risk Management Centre’s that is tasked with much of this work from the US Government perspective.
The loudest theme coming across so far has been the concept of zero trust
Often misunderstood, it’s really just the concept that you only grant access to someone or something after trust is proven, and not by default. This results in a much stronger enterprise security by design, as it assumes everything is malicious and access is granted only for a particular time and requirement. Speakers were talking about it, signage blared its siren song, and even TV news networks led with it in their onsite reporting. If RSAC had a face this year, it would be zero trust.
The important thoughts didn’t just emanate from the main stages, but this week has been filled with evening events that also carried weight with the attendees. The team that brings you the cyber futurist conference in Davos every January held a powerful event on “Cyber War and Peace and Everything in Between,” where Cyber Future Foundation founder Val Mukherjee led a robust discussion that focused on the grey “area in between”. Just down the street the Global Tech Accords celebrated their one year anniversary with a power packed group from Microsoft, Capgemini, Unisys and more, where a panel led by Michèle Flournoy who has served as the Under Secretary of Defence, focused on addressing the difficult problems of getting the sometimes competitive global players to work together toward a safer and saner cyber future.
With all of these events vying for the attention of the attendees, day and night, no one need be alone. No matter the particular security passion or proclivity, there is a talk, panel, or party that addresses it, and everyone is welcome to join in.
Next up: What Happened on the Expo Floor!