The Synack Experience at RSA
02 March 2020

Recap: The Synack Experience at the RSA Conference


At Synack, we live our values. At the 2020 RSA Conference, we shared our values.  This meant talking about how to scale security effectively and efficiently – without compromise. The 2020 RSA Conference theme focused on scaling up the human element. Synack scales security testing using an augmented platform: we harness the best in human intelligence from a crowd of top security researchers and artificial intelligence from proprietary scanning technology to keep pace with today’s digital environments and build trust into organizations by design.

As the trusted leader in crowdsourced security, we are committed to providing the most unbeatable experience for our customers, partners and peers in the industry. With a simple scroll down, you will get a taste of the highlights, key learnings and moments that made The Synack Experience, one to remember. We are grateful and proud to have partners, peers and customers who are dedicated to a proactive approach to advancing security and prioritizing trust in their brands and organizations. 

Day 1

Women Unite Over CTF 2.0 – Capture The Flag

Women Unite Over CTF 2.0 - Capture The Flag

In partnership with Point3 and six non-profits focused on women in cybersecurity, hundreds of women in security gathered once again for our Capture the Flag Event. Synack provided a quiet space for live collaboration, coffee and the exquisite Fogo Market Table breakfast. Reverse Engineering proved a popular challenge, accompanied by challenges in mobile, network and web as well. Open to all skill levels— brilliant minds gathered to gain some new skills off their skills and compete for prizes and glory! Congrats to the winners – Click here to see the final leaderboard.

The participants who attended were all invited to consider applying to the Synack Red Team, where they can keep their skills sharp year-round. 

CISO Panel Lunch

RSA 2020 CISO Panel Lunch

CISOs from Accenture, Freshfields Bruckhaus Deringer, Oak Ridge National Lab, CalAmp, and Navy Federal Credit Union gave their honest opinions about how to get more out of their security testing. The bottom line: modern digital environments are dynamic and require a continuous approach to penetration testing. To get continuous coverage without noise requires an augmented, scalable approach that harnesses the best of human intelligence from a crowd of top security researchers and of artificial intelligence from a smarter, noiseless scanning tool. Together, security teams can get the quality insights they need to act fast and share with DevOps.

All of these organizations knew that to secure their systems, their customers, and/or national security, they couldn’t keep testing using traditional methods. A few key themes emerged including ROI, the importance of DevSecOps, and the migration from a single annual pentest to continuous testing: 

“I had to change the way we think about security. We do this [testing] thing every year, but it’s not tied to any one process. I had to move us to a continuous cadence and get us to speak the same language as the engineers. Synack’s platform can scale, and their researchers are speaking the same way as the engineers. The board loves it.”

“The idea of tying risk management to cyber has been a big investment area for our company.”

“Crowdsourced security testing gives you a tool. How do you convince your DevOps team not to be complacent? You can incentivize the right kind of behavior. You can take the learnings from the testing and create a  flywheel effect.”

“ I’m getting Synack for the cost or 3 or 4 people, but in actuality, I’m getting access to dozens of people on target on every test.”

Federal Closed Door Roundtable

Synack welcomed leaders from seven federal agencies, as well as policy experts, to our government-only roundtable. With an upcoming Binding Operational Directive from DHS Cybersecurity and Infrastructure Security Agency (CISA) encouraging crowdsourced security adoption, agencies convened to discuss best practices and a path forward. While a “see something, say something” vulnerability disclosure program (VDP) provides some blanket attack surface coverage, participants agreed that quality, controlled crowdsourced penetration testing was a key ingredient to a robust security posture.

“Escape from RSA” Happy Hour

Escape from RSA Happy Hour 2020 - 1

Synack had a full house for the best party of the week as cybersecurity professionals, veterans, and civil servants came together to honor those dedicated to securing our nation! 

Day 2

Courageous Women CISO Brunch

Courageous Women CISO Brunch - RSA 2020

Once again, female changemakers in security came together during RSA to discuss the progress we’ve made within the cybersecurity industry. But discussion in isolation is not nearly enough to move the needle. 

“Women play a critical role within the cybersecurity industry and it’s up to us to say yes to opportunities that demonstrate our impact on the industry.” – Aisling MacRunnels, Chief Growth Officer, Synack. 

Importance of advocating for others, being a self-advocate, mentorship, balancing the focus on the women aspect versus the women doing the work aspect were all topics of discussion.

To hear more about Synack’s take on women in cybersecurity, give this podcast, featuring Aisling MacRunnels, Chief Business Officer of Synack, a listen.

Executive Trust Lunch & Awards

RSA 2020 - Executive Trust Lunch & Awards

At the Executive Trust Lunch, CISOs took part in a conversation on positioning for board seats and building accountability and buy-in from your board on your security program. It was an engaging conversation on a topic that both participants and panelists know is key: elevating the voice of the CISO in the boardroom.

Panelists included Ted Schlein, Kleiner Perkins partner & security company board member; Dr. Edward Amoroso, CEO of TAG Cyber LLC and former CSO of AT&T; and Mark Walmsley, CISO at Freshfields Bruckhaus Deringer. 

“CISOs should always give two reports to the board. A hygiene report and a preparedness talk.” – Ted Schlein 

The 2020 Guardians of Trust winners were also announced and presented with their awards. The class of 2020 is made up of an impressive list of companies that make up a combined revenue of $150B+ and rank at the top of the Fortune 500 and Global 2000.

Security 2020: Industry Agenda & Roadmap Discussion

Security teams convened to share their perspectives on where security is headed in 2020 and exchange what they are doing to stay ahead. Security veterans with experience on the frontlines at Morgan Stanley, PayPal, and the government presented their perspectives on what the future of security looks like, how to scale security in a pragmatic and programmatic way to achieve a continuous security lifestyle, and what great security teams do to build more secure code. 

Day 3

Synack Suite at the Warriors Game

Synack Suite at the Warriors Game

Even though the Warriors didn’t bring home a “W”, spending time together at the New Chase Stadium, cheering on our home team against their rivals, connecting with our peers, and celebrating a wonderful RSA Conference #TheSynackWay is what it was all truly about!