SAN FRANCISCO -- In their own ways, all three RSAC keynote speakers pushed forward the narrative that the infosec community must focus on incremental
SAN FRANCISCO — In their own ways, all three RSAC keynote speakers pushed forward the narrative that the infosec community must focus on incremental cybersecurity improvements in order to enact real change.
Rohit Ghai, president of RSA, opened the 2018 RSA Conference with a number of sports metaphors espousing the value of teamwork, small improvements
“There are 50,000 of us here which is a great testament to the growing power of our community, and what we do with our time together matters more now than ever,” Ghai said in his opening RSAC keynote. “Now matters because it drives what’s next. So, let’s not talk about the hackers’ advantages; they can do that in their own conference. Let’s talk about our advantages. Instead of talking about the future of threats, let’s talk about the future of security.”
Ghai noted that it can be hard to celebrate the successes of the cybersecurity community because good security doesn’t make headlines, but he laid out three “Cybersecurity Silver Linings” that can help infosec pros focus more on positive cybersecurity improvements.
“We need to pay attention not just to the technology of defense but the psychology of defense. The spirit of the defender matters as much as the shield that she or he wields,” Ghai said. “For years, we have motivated ourselves by the fear of what happens if we fail. What if we could inspire ourselves with the glory of what we enable when we are successful?”
Ghai’s silver bullets — ending the “silver bullet” fantasy, the quicksilver law of cyberdefense, and the magic of sterling teamwork — advocated focusing more on incremental improvements, anticipating risk when adopting new technology, and enabling better cooperation and collaboration both within infosec and across business teams to improve security.
Ghai noted that the adoption of new tech has been speeding up and with that comes the need to be much better about anticipating risk. “There is huge value in security that is built-in rather than bolted-on,” Ghai said.
Beyond fostering teamwork within security teams, Ghai said the importance of cybersecurity has been spreading to those outside of the infosec community.
“If necessity is the mother of invention,
Chris Young said in his RSAC keynote that this increased teamwork needs to become top of mind for everyone in order to truly see cybersecurity improvements.
Chris YoungCEO, McAfee
“Despite a-breach-a-day headlines, we all have to agree cybersecurity has not yet reached a level of priority that it needs to reach for us to truly be able to manage the attack landscape that we face,” Young said, adding that, “Cybersecurity is still a sidebar conversation in so many
Young said cybersecurity awareness is there in enterprise C-suites, but those executives “don’t yet know how to translate that awareness into action that permeates an entire organization.” Young said it was the responsibility of infosec professionals to help execs understand, but he said the responsibility
“Many people don’t believe that cybersecurity is their job and their responsibility, but part if it is because we haven’t yet taken up the cultural mantle as part of ours,” Young said. “We must prioritize cybersecurity across different domains of society — in the public sector, the private sector, for consumers — if we are
Raising the awareness of cybersecurity and being able to translate that awareness
“How do we make security the new sustainability in corporate America so that it becomes part of the culture, part of how we think about what we do everywhere?” Young asked. “On September 12, 2001, it wasn’t a technical breakthrough or solution that changed air travel. Instead, every stakeholder — because of the risk — ultimately got on board, from world leaders to CEOs of airlines to the crew to all of us that travel… decided that we’re going to now be a part of the safe and secure air travel culture. We can’t wait for that to happen in our industry.”