By Kim Crawley
If you’ve ever been to the RSA Conference, you’re well aware that it’s impossible to see everything. That’s why we’re helping you find some of the most interesting, engaging and inspiring talks, presentations and events while you’re in San Francisco.
I also had the opportunity to chat with several speakers ahead of the conference this year to give you a better idea of what you can expect during their talks. Here’s what I found out:
After spending years working between the US government and the private sector, Slowik is now the Senior Manager in Threat Intelligence and Detections for Gigamon. During his RSA talk, “Evaluating Indicators as Composite Objects,” he’ll discuss how IOCs are misunderstood and how they intersect with threat intelligence.
“The idea of the ‘Indicator of Compromise’ as originally intended has never really been implemented,” Slowik told me. “IOCs are supposed to be composite objects of known historical, malicious activity, but instead the IOC has become conflated with mere ‘indicators’ — a single IP, a domain name, a hash value. As a result, the industry and defenders have lost a lot of potential in how to use ‘IOCs’ for defensive and forensic purposes.”
I asked Slowik if he thought Security Information and Event Management, or SEIM, vendors have influenced how people think about IOCs.
“Absolutely, as mere indicators are relatively easy to implement search and similar criteria for, whereas more complex objects require more complex (and expensive) systems to perform correlation and enrichment.”
Slowik suggested that analysts should work to better understand what could make something malicious in the first place. “By understanding what makes up a known piece of adversary infrastructure or tooling, analysts need to understand how new observations may (or may not) map to those characteristics to classify newly observed items.”
Wolfgang Goerlich has held a variety of leadership roles in cybersecurity and is currently an Advisory CISO for Cisco Secure. He has two talks this year, “Risk Management: Hindsight is 2020” and “Transforming Security Through Design.”
I asked him what we can look forward to in his risk management.
“The way we talk about, teach and practice risk management often runs afoul of human nature,” Goerlich said. “The pandemic gave us an opportunity to see that nature on the broad stage. Though the controls differ — masks and vaccines versus MFA and patches — there are many parallels in how people react. Attendees will come away with practical tips and guidance on how better to tune their approaches to risk management.”
He said there will definitely be an emphasis on human psychology in the talk. “While I walk through the phases of risk management, I’ll pull psychology lessons from the pandemic, to highlight cognitive biases, risk habituation and more.”
In Goerlich’s other session, he said he’ll propose a framework for evaluating how people interact with security technology. “While the primary focus is on usability, I’ll also touch on defensibility and manageability,” he said.
I was curious about how his psychological approach to user security benefited his CISO career.
“Keeping human factors in the forefront of my approach to identifying risks and implementing security controls has meant better executive support, greater support from peers in the business, and generally aided in fostering security culture. It’s usually when placing technology before people that’s gotten me into trouble,” Goerlich said.
At both of his talks, he said RSAC attendees can count on exploring the role that UX can play in the adoption of security products. “For those into design, I will be covering choice architecture, nudge and sludge, affordances and wayfinding.”
Messdaghi, the founder and principal of Impactive Consulting, is committed to improving diversity in the tech industry. She has three talks at RSAC this year: “The Transformation of Post Pandemic Mental Health,” “Representation Matters,” and “Inclusive Mentorship: Building A Framework.”
Regarding her first talk about mental health, I asked her how that intersected with cybersecurity.
“In general, mental health has been an ongoing issue across security professionals. Humans tend to develop mental health issues when we are unable to balance work and personal life. Working in cybersecurity means working 24/7/365 and expected to work longer hours than most departments. In return, there isn’t a moment of balancing work and personal life – and security folks bear the mental health costs,” she said.
She went on to say that anyone who attends her talk will learn that when people are diagnosing burnout, it could be something much more significant.
“Overall, our industry needs to change and the workplace needs to learn how to reduce such situations from occurring,” she said. “Attendees will learn why PTSD, PCSD, burnout, depression is high in cybersecurity, and how to change the workplace to bring more balance for security professionals to reduce forming mental health issues.”
Her second talk on representation will explore the latest data of representation and discuss the Open Tech Pledge, which she created with Camille Eddy, a Senior Product Engineer at Sector Software.
“Basically we have learned that the best way to actually have DEI is to have representation on the board,” Messdaghi told me. “Open Tech Pledge is a pledge that companies take to ensure representation will occur at the top. When we have representation at the top, it does cause a trickle-down effect where it’s ingrained in the growth strategy for the company and workplace culture. Overall benefit is for us as an industry to recognize that a change is needed. It’s no longer talk, it requires actions to reduce the discrimination, harassment and abuse that has occurred due to the lack of representation.”
Messdaghi’s final talk will be on the value of Inclusive Mentorship to bring more diversity into cybersecurity.
“Mentoring is a strong part of career success,” she said. “No matter what your gender is, one should be able to have mentoring as well. The talk dives into how mentoring helps marginalized genders and best practices when mentoring.”
Synack’s Journey by the Bay experience at RSAC
Synack also has some engaging programming across the street from The Moscone Center at Fogo de Chão.
On June 7 at 7:30 a.m. there’s the “Celebrating Women in Cyber Breakfast” that will feature a panel of women in cybersecurity who will explore solutions for today’s cybersecurity talent gap.
That night is all about Synack’s “Journey By The Bay” party. The “Journey” part is literal. Yes, there will be a Journey cover band!
On June 8, you can start the day with the “A Better Way to Pentest” breakfast. Synack CTO Dr. Mark Kuhr will discuss why traditional pentesting is broken and offer a solution that’s responsive and scalable to what the enterprise needs now and in the years to come.
Stick around for Happy Hour with Synack and friends and enjoy some drinks and some enlightening cyber conversation. It’ll also be the place to catch Game 3 of the NBA Playoffs, Warriors vs. Celtics.