The RSA Conference 2023 has come and gone, but the excitement it brought to our community is still very much alive! As one of the most anticipated events in the cybersecurity world, this year's conference did not disappoint. With a plethora of insightful presentations, captivating booth displays, and cutting-edge cybersecurity solutions showcased, RSA 2023 was a memorable experience for everyone involved.
In this post, we'll take you on a visual journey through some of the highlights, featuring snapshots from innovative booths, introductions to our expert presenters, and a not-so brief synopsis of the thought-provoking briefings that I had the privilege of attending. Get ready to dive into the world of cybersecurity and relive the energy that permeated RSA Conference 2023!
EXPO HALL
The Expo hall at RSA Conference 2023 was a true embodiment of excitement and innovation, buzzing with energy as industry professionals and cybersecurity enthusiasts alike gathered to explore the latest breakthroughs in technology. Also tons of marketing buzzwords like “AI and ML”
Attendees were treated to a dynamic array of interactive booths, riveting product demonstrations, and engaging discussions, all showcasing the best and brightest in the ever-evolving world of cybersecurity.
At our booth, we were thrilled to have the talented Lego master, Michael Kanemoto, who attracted attendees with his Lego building station.
Assembling a visually stunning mosaic dedicated to cybersecurity, Kanemoto's creation not only represented the complexity of our field but also highlighted the spirit of collaboration and innovation that drives our industry forward.
At our booth during RSA Conference 2023, we were delighted to offer attendees a fun and memorable giveaway – Star Wars Lego sets! These fantastic collectibles not only brought smiles to the faces of our visitors but also served as a reminder of our Lego prowess.
Our team members also had a stroke of luck at RSA 2023, scoring some fantastic prizes from other vendors' booths.
THREAT REPORT
During RSA Conference 2023, we were excited to debut our highly anticipated Annual Threat Report, providing attendees with a comprehensive analysis of the latest trends and challenges in the cybersecurity landscape.
The report, which is the culmination of extensive research and collaboration, offers valuable insights and actionable intelligence for businesses and professionals to stay ahead in the ever-evolving world of cybersecurity.
BOOTH PRESENTATIONS
Our booth boasted one of the largest screens in the South Expo Hall, ensuring that our presentations were unmissable. Throughout the RSAC Expo, we had an abundance of information to share with attendees. Here's a glimpse of some of our engaging sessions.
Data Security and Sustainability – from pledge to Program - Carole Murphy
"Eagle-Eye” threat detection with adversary signal analytics - Paul Reid
2023 Threat Report Rundown - Grayson Milbourne
OpenText Cybersecurity Portfolio - Yatin Chalke
2023 Threat Report Rundown - Myself
AWARDS
We are incredibly proud to announce that at RSA Conference 2023, our team was honored with four prestigious Global InfoSec Awards. This recognition not only highlights our dedication to excellence and innovation in the cybersecurity field but also serves as a testament to the hard work and commitment of our team in providing cutting-edge solutions to protect businesses and individuals alike.
CONFERENCE BRIEFINGS
The conference briefings at RSA 2023 were an enlightening experience, featuring insights from some of the most esteemed cybersecurity experts. Addressing a wide array of subjects, from emerging threats to innovative solutions and policy, these sessions encouraged dialogue and collaboration among attendees. And of course, AI managed to "outsmart" every other topic, dominating the discussions
I'll be sharing my personal experience and insights from the briefings I had the opportunity to attend. Get ready for an exciting journey through the latest trends, innovations, and thought-provoking discussions that shaped this year's conference and left a lasting impact on the cybersecurity landscape.
Security as Part of Responsible AI: At Home or At Odds?
Rating - 8/10
Ram Shankar Siva Kumar, Microsoft Harvard (Moderator)Vijay Bolina, Deep Mind (Panelist)Dr. Rumman Chowdhury, Bias Buccaneers (Panelist)Daniel Rohrer, NVIDIA (Panelist)
This was a panel discussion and was quite worrying about where we are at with AI and how unchecked it is
- Google AI / NIVIDA / Deep Mind
- Try to coordinate releasing of information for data norms and DEI (diversity/equity/inclusion)
- Try to separate the “nodes of disinformation” from intentional and unintentional
- Things they wont do - Tech Weapons / Surveillance / Violation of human rights
- “We don’t know when a model is ready” when it’s released (excuse me wat )
- ChatGPT
- Broad proliferation
- Do they ask the right questions in the design phase
- Cultivate output to marry the “wanted social norms”
- PII/ Access control is a problem
- “Hallucinations” are also a big problem and already caused issues
- Reactive vs Proactive
- Audience questions/input
- Is this going to turn into SkyNet and end of the world?
- pseudo non-answer - “many other things to worry about like economy and joblessness” and “misinformation in elections”
- Not enough security practitioners - especially with AI
- Research being pushed into product too quickly - AI will only further accelerate this
- What about the “Halting AI/ML letter petition”
- 6 months is not a long time - what is happening in this time to address the problem?
- Most of the people who signed that letter went off and created their own AI/ML projects so they feel this is just so they can catch up.
- Can we trust what is produced from AI?
- If we are to implement in regards to security do we trust the data or make humans the focal points in these decisions?
- Is this going to turn into SkyNet and end of the world?
Joining Forces with the White Hat Researchers: Aviation Industry Lessons
Rating 7.5/10
Jean-Francois Simons, Aviation Information Sharing and Analysis Center Europe (Moderator)Brian Connolly, Boeing (Panelist)Deneen DeFiore, United Airlines (Panelist)Ken Munro, Pen Test Partners Inc. (Panelist)
This was panel discussion about the aviation industry and how they deal with vulnerability disclosures of aircraft. Also another worrying session that I did not leave with a good feeling about.
- E-integrated air craft opened door to white hats
- BOEING
- Focused on safety and getting it right in the design process and development
- Work with partners and regulators
- UNITED
- Work with OEMS for safety
- Bug bounty for United is PAID IN ARLINE MILES ONLY (you have to be kidding me )
- They now have a dedicated platform for tracking disclosures instead of just a spreadsheet of emails
- PEN TESTER PARTNERS
- Whitehats only have access to aircraft in boneyards and COVID filled them up with newer planes accelerating vulnerability research
- 2yrs+ to re-certify code on the planes so disclosures require ridiculous amounts of sensitivity and waiting which leaves researchers frustrated
- Many considerations, controls, procedures
- they will ground a plane if not safe
- No dedicated planes for vulnerability research
- lol why not?
- Almost half of industry are not mature with vulnerability disclosure
- some will get defensive and heated when you report a vulnerability
- some will completely ignore you and the community
- Report to FAA first, EXTREME caution before going to journalists
- “Hack airplane from seat” tabloids are very bad
What the Authn? Passkeys Offer a Fresh Take to Authentication Dilemmas
Rating 7/10
Derek Hanson, Yubico (Speaker)
- HOW TO GET RID OF THE PASSWORD
- Credentials live somewhere
- Suggest passkeys
- Synchronized vs Hardware
- Credit card vs ATM card
- Convenience vs Security
- SECURITY IS ONLY WHAT YOU CAN PROVE
- ENTERPRISE APPLICATION
- GOAL - Enable enterprise users to work in a manner that is secure and compliant
- BUILD - Security Key solutions for FIDO-based MFA
- VENDORS AND SUPPLIER APPLICATIONS
- GOAL - Reduce risk from the supply chain by requiring MFA to access your resources
- DEPLOY - Require attested security key solutions to meet MFA requirements
State of the Hack 2023
Rating 9/10
Rob Joyce, National Security Agency (Speaker)
This was by far the best session that I attended and the presenter was excellent and even had some funny jokes
- UKRAINE VS RUSSIA
- Russia running psychology operations // Info warfare
- Russia very disruptive to civil infastructure
- Hacktivists - Russia is very good at converting them at the early stages
- NSA gathering intelligence for war procecution
- NSA not seen “NotPetya” like warfare yet, but it is anticipated
- Kinetic warfare still rules, but cyber war still very effective
- Lots of malware campaigns are being used as a cloak for real nation-state movements
- Hacktivists are a “natural resource” for the Russian Government
- CHINA IS OUR PACING THREAT
- Strategic
- Long term investments, broad and very significant
- Big data, AI/ML
- Will not be western friendly and will poach talent
- Agile
- We have a problem of just accepting threats and hacks are part of life
- They are able to take over endpoint internet devices that are owned in US (doesn’t look bad behavior) hThink cheap IoT devices]
- Growing ability to set up and take down these devices faster than we can follow
- Brazen
- China is okay with getting caught - gave examples of hacks and breaches
- They will come back if you were a victim before and didn’t patch or fix the way they breached
- Innovative
- Exploit known unpatched, misconfiged, easily scanned vulns
- Patching is getting better and it does help
- leads to more 0 days - up 3x from previous year
- Goals to exploit commercial products
- They will host national contests for hackers to do this
- Enduring
- Log4j, Proxy Shell, Exchange
- STOP SELF HOSTING
- We’re going too slow and they will catch up
- Log4j, Proxy Shell, Exchange
STRONGER TOGETHER
The "Stronger Together" and "What is Our Common Thread" wall at RSA 2023 is a unique and interactive wall art project designed to celebrate the similarities and differences among the attendees. By inviting participants to take a colored thread and wrap it around various characteristics on the wall that describe them, the installation showcases the diverse backgrounds, experiences, and perspectives within the cybersecurity community while emphasizing the power of unity and collaboration in addressing global security challenges.
I wrapped my thread around “can eat a whole pizza” “owns bitcoin” “misses my kids” and “joker”
I want to acknowledge that the conference backpacks are of top notch quality again. During the COVID years it definitely felt like the quality of SWAG items for registration were severely lacking and I can say with full confidence that these are the best backpacks I’ve ever gotten at a conference and are geared heavily towards the tech crowd (go figure).
CONCLUSION
As we bid farewell to RSA Conference 2023, it's clear that this year's event has left an indelible mark on the cybersecurity community. From groundbreaking innovations and expert insights to the collaborative spirit that permeated the conference, RSA 2023 has inspired us all to continue pushing the boundaries in our quest for a safer digital world. Until next year, let's keep the momentum going and transform the lessons learned into actionable steps for a more secure future.