RSAC 2020 Experience and Assessment

The Human Element. This is what RSA Conference 2020 was keying in on this year. In Cybersecurity, the human element is often overlooked as an asset to what we are trying to accomplish. The tech nerd in me was surprised to learn the value of the human element in our day to day work because it is typically seen as a hinderance or vulnerability. I will be re-capping some of my favorite talks and vendor booths from the conference and giving you an overview on how including the Human element is instrumental to our work in Cybersecurity.

Technical talks found to be useful

1)    XDR: Improving EDR Effectiveness by Adding Email/Network Visibility

Talk given by Eric Skinner of Trend Micro

2)    JavaScript Skimmers, Formjacking and Magecart: All You Need to Know

Talk given by Candid Wueest of Symantec

3)    Secure Sandboxing in a Post-Spectre World

Talk given by Johnathan Foote and Tyler McMullen both of Fastly

Most Influential talk

1)    I Had My Mom Break into a Prison. Then, We Had Pie.

Talk given by John Strand owner of Blackhills Security

Companies who’s booth or product stood out

  • Huntress https://huntresslabs.com/

    1. Huntress provides managed threat detection and response services to uncover and address malicious footholds.

  • SkySync https://huntresslabs.com/

    1. SkySync is an enterprise content integration & orchestration platform that enables organizations to orchestrate content across business systems to continuously monitor and govern unstructured content by business value and risk at scale

SkySync Booth

60443015065__C1FDBBB3-3BDB-4E27-850C-697E4EC70EB2.jpeg

The DeLorean at the SkySync booth

IMG_1278.jpeg

  • Securonix http://www.securonix.com

    1. The Securonix platform delivers positive security outcomes with zero infrastructure to manage. It provides analytics-driven next-generation SIEM, UEBA, and security data lake capabilities as a pure cloud solution, without compromise.

IMG_1283.jpeg

Beautiful ice sculpture at the Securonix booth

My experience at RSAC this year was packed with tons of vendor meetings and demos as well as some excellent presentations from speakers of all accomplishments. The expo floor was a sea of booths with over 700 companies displaying their vision for the cyber space future. Some vendors captured your attention with their colorful and lively booths such as SentinalOne. Others drew you in with the promise of showing you new technology such as TrendMicro and the next generation XDR. The conference talks ranged from advanced/technical to high overview/ influential. Candid Wueest presented an excellent talk on his research done on formjacking. This talk was expertly delivered and included a video demo of what formjacking was so the audience was not left guessing as to what the research was attempting to explain. Candid also concluded the talk with a solid list of recommendations on how to avoid these risks.

My major takeaway from the RSAC (besides the 20+ t-shirts, 119 pens, 2 swords and other vendor swag) was one talk that left half the audience in tears, while I was left with some deep food for thought. John Strand noted that in cybersecurity we tend to see others outside of the industry as a hinderance to what we are trying to accomplish. “We all need to be giving back and doing all we can to make others aware” – John Strand. Humans don’t know what they don’t know. If we continue to write security policy and put new tools in place without spending the time to sit with the others in the company who work and move the company forward, they tend to find workarounds and circumvent these measures. The human element should not be viewed as security or non security professionals but as a team effort. By acknowledging the value non security employees have to offer we can better work together towards the common goals of the company and improve the cybersecurity industry.