Main Stage Keynotes/Meeting with SureCloud:
To start our second day at the conference (hard to believe it’s just the second day) my coworker Riann Stroud and I headed over to South Moscone to see the keynotes. After a fancy light show Dame Helen Mirren, yes that Helen Mirren, came on to the stage to kick the day off. Helen spoke about all the good work people in cybersecurity do to protect the world. She also had us pull up a picture on our phone of a loved one and show it to the others around us to remind us who we are really working to protect. It was honestly a nice way to start the day.
Next up on stage was the president of RSA, Rohit Ghai, and another cybersecurity specialist, Niloofar Razi Howe. They offered an interesting peek into the year 2049 and the state of security of the future. They walked through the world events that had gotten us to the year 2049. They also announced there were more than 40,000 attendees at the conference this year, which is staggering.
After this keynote I headed over to the Marriott Marquis to touch base with a few folks I know from SureCloud. SureCloud is doing some unique things in the GRC space in relation to GDPR, ISO, and other frameworks and processes. They had some exciting things in the works, and are worth checking out.
After my SureCloud meeting, I headed back to the keynote stage. Next up was an interview with Christopher A. Wray, Director of cyber at the FBI. A few notes of interest from the interview:
- Cyber threat is bigger than one agency, and the agencies need to work together
- The FBI has the best tools in govt to combat the cyber threat
- The need to engage the private sector is higher in this realm than any other
Lunch with Censys:
After the keynotes I had lunch with the team from Censys. We have known the folks over at Censys for many years from past adventures, but Censys is fairly new as a company. Per their website, Censys continuously gathers data about every Internet server so you can secure your organization. How they are doing this and the uses for the data are worth investigating. Check them out at www.censys.io. To speak to the credibility of what they are doing, Dug Song of Duo Security fame is one of their investors and board members.
Catch-up with NIST:
We have been speaking with NIST on a few items related to cyber risk, so I stopped by their booth to say hi to a few of the folks we know there. The incredible amount of free resources NIST provides in relation to cyber risk are invaluable to the industry, and it was great to see them having a presence at the conference. With the literally hundreds of “silver bullet solutions” on the conference floor, NIST’s unassuming booth is one of the most important in my mind.
Afternoon panel on cyber metrics:
After being in different sessions throughout the day, Riann and I met up again and closed the day out with what we thought was going to be a session on metrics, but really spoke more about incident management and response. Items of note from that panel:
- We are seeing adversaries encrypting data in place instead of pulling data out of networks
- How are people still not using multi factor ???
- Assessments may be known as the A word, but are very independent sources of great information to create a plan moving forward
- Red team and adversary simulation are great measures
I had planned on attending the RSA after hours Game Night event, but the day’s activities and still being on eastern time caught up with me. There's still so much to learn and see during day 3, I'm looking forward to another full day of speakers and networking.