Last week, RSA Conference, one of the world’s premier cybersecurity events, took place in San Francisco with nearly 45,000 attendees. And even though the conference agenda promised a wide variety of topics, from next-generation cyber attacks to how to inspire creativity in security, there was one topic that kept coming up again and again: generative artificial intelligence and how it might impact the future of cybersecurity.
Echoed both on and off the Expo floor, in keynotes and speaking sessions, and even during conference parties, AI and chatbots like ChatGPT seem to have everyone on edge. Why? Because for all their buzz, the reality is that no one quite understands the role AI and Large Language Models (LLMs) will play in cybersecurity in the future. And that’s both scary and exciting.
But even though there were many opinions and predictions shared, we’re at least in agreement on one key matter: we’re not anywhere close to experiencing “The Terminator” in real life. Yet.
Here’s a recap of what else we experienced and saw during RSAC this year – and the key themes and topics that we believe will lead the cyber agenda for the rest of 2023.
Day 1: RSAC Innovation Sandbox and AustCyber
To say that the RSAC Innovation Sandbox is the single most important cybersecurity startup competition is an understatement. When Axonius was named Most Innovative Startup in 2019, it put us on the map. This year's two finalists were HiddenLayer, a product that stops adversarial attacks and provides visibility into the health and security of machine learning assets, and pangea, which provides security services for developers. HiddenLayer's CEO Chris Sestito began his presentation with a deepfake of himself, quickly demonstrating a concrete example of the need for AI security. Combining perfect timing (we’re flooded with AI-related stories this year), a great pitch, and an impressive pedigree, HiddenLayer was named this year's winner.
Axonius sponsored AustCyber’s RSAC Australia House event, which brings together government and industry leaders from Australia and the United States to discuss the primary cybersecurity challenges facing both nations. Throughout the event, various roundtables were held to engage CISOs and government officials to solve top pain points.
First, in a roundtable discussion featuring the Australian government and the Australian Cyber Centre, the role of public-private partnerships were heavily discussed. With the recent news that the 2023-2030 Australian Cyber Security Strategy is in development along with an ambitious goal to become the most cyber secure nation in the world by 2030, attendees wanted to know exactly how the Australian government plans to achieve its goal. Solutions will include enhancing regulatory frameworks like SOCI, strengthening international collaboration between the Australian and the U.S. governments, and working with the private sector to secure government systems. Notably, the conversation also touched on the importance of having an asset inventory and how only once you have the security foundations down can you start to implement regulation.
Next in a roundtable discussion with CISOs from Uni Super, IBM, Woolworths Group, and more, pain points were shared. Unsurprisingly, the current economic climate was the star here, with nearly everyone in the room acknowledging they’re either working with a lower budget this year or a flat budget that’s prohibiting them from purchasing new or better solutions. However, many believe the true impact of the economy won’t be felt until 2024.
Day 2: Cybersecurity can be creative
The day kicked off bright and early with our Senior Director of Security, Daniel Trauner, speaking on the panel, “Who Says Cybersecurity Can’t Be Creative?”, alongside Chris Cochran, CEO and co-founder of Hacker Valley Media, Caitlin Sarian, global lead of cybersecurity advocacy and culture at TikTok, and Mari Reisberg, creativity coach and podcast host. Moderating the panel was Sam Sabin, cybersecurity reporter and author of Axios Codebook.
Each panelist was tasked with answering the question, “Is cybersecurity a creative field?”, to which everyone agreed the answer was “yes”. Creativity is not only restricted to the arts, such as painting or playing a musical instrument. Instead, creativity is about using your imagination and solving complex problems. In cybersecurity, that shows up in identifying new phishing training techniques to figuring out how to use the skills of your team members effectively. And creativity even includes learning how to share information about threat intelligence in stories and not figures.
From left, panelists Daniel Trauner, sr. director of security for Axonius; Mari Reisberg, creativity coach and podcast host; Chris Cochran, CEO and co-founder of Hacker Valley Media; Caitlin Sarian, global lead of cybersecurity advocacy and culture at TikTok; and Sam Sabin, cybersecurity reporter at Axios.
As cybersecurity gets more complex, practitioners need to flex their creative muscles to develop new offensive methods. As Dan and Chris both warned, it’s typically the adversaries who embrace creativity first, so the more we can teach our teams to think outside the box, the safer we’ll be.
Day 3: Demonstrating value during economic uncertainty
Our CISO Lenny Zeltser had a packed schedule this year, from presenting on Monday in the session, “Whoa, You’ve Been the CISO for 3 Years at Your Firm—Now What?” with Yael Nagler, CISO at Yass Partners, to being on a panel, “What Does Progress Mean in Cybersecurity?” and later interviewing with CyberRisk Alliance (CRA).
Speaking with Adrian Sanabria during his interview with CRA, Lenny confronted the elephant in the room – with the market downturn leading to lower budgets and fewer resources, how can you still drive value in your security program? While one of the key aspects involves aligning security objectives with those of the business, the biggest impact during this current period of economic uncertainty actually involves gaining visibility into what assets you have.
According to Lenny, security professionals who invest in asset management will be better able to identify where overlap is, which assets aren’t being used, and where they might be able to recover costs – while also reducing the organization’s attack surface at the same time. Lenny shares more in the video below.
Day 4: How public-private collaboration is evolving
Aside from the near constant chatter surrounding AI and ChatGPT, another topic permeating the conversation on the RSAC show floor was public-private partnerships. Several keynotes included joint participation from key government officials alongside private sector CEOs. The Biden Administration’s National Cybersecurity Strategy was often referenced, especially regarding the fact that it notes, “robust collaboration, particularly between the public and private sectors, is essential to securing cyberspace.”
But we’ve been talking about public-private collaboration for years, and its effectiveness is still unclear. In sessions, “The Role of Partnerships in Advancing Cyber Diplomacy” and “From Public-Private Partnerships to Operational Collaboration”, panelists agreed that more information sharing is necessary for the public and private sectors to work together, especially as modern cyber attacks and AI make incident response more complex. Guardrails for how to use newer technologies need to be developed, but they can’t be done without better feedback loops between the government and the private sector. In the next few months, expect more guidance from federal agencies on how we can start to achieve this.
The big picture
Whether you came to RSAC to catch up with colleagues and peers or to learn about the latest attack techniques, the takeaway is the same: cyber attacks will only continue to get more complex, and new technologies are key to preventing them. However, if we don’t innovate fast enough, we’re going to lose against our adversaries.
Even though the underlying theme borders on FUD, one thing is clear. We’re at another inflection point in cybersecurity. We’ve moved past the digital age, and we’re entering a new era. Those who take advantage will ultimately become market leaders.