27 April 2018

Crowdsourced Security at RSAC 2018


We closed out all of our RSA events last week, but we’re still buzzing about all of the great discussions had, insights learned and shared, parties thrown, and memories made. From our CISOs and hacker panel, our women in security lunch, our government roundtable, CISO lounge, exclusive HackerHangout, and our “If I were a betting CISO” party– we hope you experienced firsthand what Security Without Compromise is all about.

Thank you to everyone who joined us. For anyone who couldn’t make it, or for anyone just wanting to relive the memories made — Here’s your recap for Synack Crowdsourced Security at RSA 2018:

We launched the Attacker Resistance Score

Synack Attacker Resistance Score

Synack CEO and Co-Founder Jay Kaplan introduced Synack’s newest product: the Attacker Resistance Score. This security score, which is the first of its kind in the industry, uses real security testing performance data to give CISOs and security team leaders the ability to accurately measure and improve their own security risk through a practical, easy scoring system. They can also measure their relative performance against others in the industry. Read more about it:

A Security Score Built for Attacker Resistance | Synack blog

Building Attacker Resistance: Ethical Hackers Help Determine Realistic Security Scores | PRWeb release

How to build resistance to cyberattacks in 2018 and beyond | The Hill

We put Synack customers and hackers together on center stage

Synack CISO and hacker panel at RSAC 2018

CISOs from Domino’s, Herbalife, and Santander took the stage with a Russian Synack Red Team hacker to talk about how they fight off the adversary with crowdsourced security. Moderated by Ed Amoroso (Founder of TAG Cyber and former CISO of AT&T), the panel delved into the importance of vetting hackers, reviewed the landscape of crowdsourced testing and the evolution of bug bounty programs, and traded tips and tricks that made for successful crowdsourced security programs.

So what are our customers saying?

“We are using Synack to change the way we do penetration testing… Developers know that they need to be ‘Synack-ed’ before shipping.” —Synack Food & Beverage customer

“You’d be a fool not to take [Synack’s] advice; it makes my life so much easier” —Synack EMEA customer

“Synack is the Navy SEALs that give you true insight” —Synack Financial Customer

@BrianDNeely tweeted:
“Excellent luncheon today with CISOs and a Russian hacker @hexlogic @JayKaplan on controlled, crowdsourced, #bugbounty hacking, can’t wait to explore the concept further @synack #RSAC2018”

We hosted a BSides HackerHangout with some of our top hackers

We had the best time mixing cocktails with some of our top Synack Red Team hackers after the BSides SF conference. Does mixing cocktails count as a new hacker skill? It was so fun!

Synack HackerHangout after BSides SF

@nuttaay tweeted:
“Thank-you @synack for a great night with some of our @Shopify security team visiting #SF! #lifeatshopify”

@MrTuxracer tweeted:
“I’d also like to send out a special thanks to the ppl at @synack specifically @FrankiCreek and @y0y0n3m1tsu for organizing a cool event in San Francisco! I was about to quit the #BugBounty business to start a career as a bartender”

@pirataborracho tweeted:
“I had so much fun these last two days, and I learned a lot. I got to meet a lot of great people and I hope to see them all in the future. @SynackRedTeam @rohk_infosec @HomeBrewedSec @umessick”

We partied with hackers, CISOs, product owners, CEOs, and security team leads from around the world

Synack "If I were a betting CISO" party at RSAC 2018

Synack Red Team members gave an RSA talk about hacking VICE in Russia

Synack Red Team members Patrick Wardle and Mikhail Sosonkin hacking VICE

Synack Red Team members Mikhail Sosonkin and Partrick Wardle took the stage at RSA to share their story of traveling to Russia to hack a VICE producer abroad. The audience learned how they hacked her through hotel room cards, safe passcodes, webcam stream access, credit cards, and more.

@hexlogic tweeted:
“Super stoked to share the stage with the the top rated hacker and speaker, @patrickwardle, and to represent @synack at #RSAC2018”

@patrickwardle tweeted:
“slides for our RSA talk, “When in Russia: Hacking Vice Abroad” https://www.patreon.com/posts/18269741 …who isn’t down for (hacker) shenanigans when in Moscow? #RSAC18 @hexlogic @digita_security @SynackRedTeam

Synack Red Team member Patrick Wardle

We met with Courageous Government Cyber Leaders and Courageous Female CISOs

Synack government lunch RSAC 2018

Government cyber leaders gathered for the annual closed-door, government-only discussion on crowdsourced security, hosted by Synack Government. DoD and civilian agencies shared their experiences with Synack building a crowdsourced security testing program that they could trust – with zero compromise.

Synack and Microsoft women in security lunch at RSAC 2018

While we may not have seen many women on the RSA mainstage, Synack and Microsoft Ventures were thrilled to gather the women security leaders at Synack’s Ground Zero last week. Did you know that female CISOs adopt crowdsourced security 2x faster? Security pioneers from the public and private sector got together to share the bold ways that they are moving the industry forward and pragmatic methods of winning the war against cyber threats.

@MicrosoftVC tweeted:
“We had a great time with the @synack team today – if only every lunch could be filled with so many impressive women! A big thank you to our amazing hosts: Lisa Nelson, Microsoft Ventures and Aisling MacRunnels, Synack. #RSAC”

@nelsoli tweeted:
“Who knew one could have so much fun at RSA 😉 Thanks @synack”


Thanks from all of us at Synack 🙂