The RSA Conference 2023 has come and gone, but the excitement it brought to our community is still very much alive! As one of the most anticipated events in the cybersecurity world, this year's conference did not disappoint. With a plethora of insightful presentations, captivating booth displays, and cutting-edge cybersecurity solutions showcased, RSA 2023 was a memorable experience for everyone involved.
In this post, we'll take you on a visual journey through some of the highlights, featuring snapshots from innovative booths, introductions to our expert presenters, and a not-so brief synopsis of the thought-provoking briefings that I had the privilege of attending. Get ready to dive into the world of cybersecurity and relive the energy that permeated RSA Conference 2023!
The Expo hall at RSA Conference 2023 was a true embodiment of excitement and innovation, buzzing with energy as industry professionals and cybersecurity enthusiasts alike gathered to explore the latest breakthroughs in technology. Also tons of marketing buzzwords like “AI and ML” 😉
Attendees were treated to a dynamic array of interactive booths, riveting product demonstrations, and engaging discussions, all showcasing the best and brightest in the ever-evolving world of cybersecurity.
At our booth, we were thrilled to have the talented Lego master, Michael Kanemoto, who attracted attendees with his Lego building station.
Assembling a visually stunning mosaic dedicated to cybersecurity, Kanemoto's creation not only represented the complexity of our field but also highlighted the spirit of collaboration and innovation that drives our industry forward.
At our booth during RSA Conference 2023, we were delighted to offer attendees a fun and memorable giveaway – Star Wars Lego sets! These fantastic collectibles not only brought smiles to the faces of our visitors but also served as a reminder of our Lego prowess.
Our team members also had a stroke of luck at RSA 2023, scoring some fantastic prizes from other vendors' booths.
During RSA Conference 2023, we were excited to debut our highly anticipated Annual Threat Report, providing attendees with a comprehensive analysis of the latest trends and challenges in the cybersecurity landscape.
The report, which is the culmination of extensive research and collaboration, offers valuable insights and actionable intelligence for businesses and professionals to stay ahead in the ever-evolving world of cybersecurity.
Our booth boasted one of the largest screens in the South Expo Hall, ensuring that our presentations were unmissable. Throughout the RSAC Expo, we had an abundance of information to share with attendees. Here's a glimpse of some of our engaging sessions.
Data Security and Sustainability – from pledge to Program - Carole Murphy
"Eagle-Eye” threat detection with adversary signal analytics - Paul Reid
2023 Threat Report Rundown - Grayson Milbourne
OpenText Cybersecurity Portfolio - Yatin Chalke
2023 Threat Report Rundown - Myself 😎
We are incredibly proud to announce that at RSA Conference 2023, our team was honored with four prestigious Global InfoSec Awards. This recognition not only highlights our dedication to excellence and innovation in the cybersecurity field but also serves as a testament to the hard work and commitment of our team in providing cutting-edge solutions to protect businesses and individuals alike.
The conference briefings at RSA 2023 were an enlightening experience, featuring insights from some of the most esteemed cybersecurity experts. Addressing a wide array of subjects, from emerging threats to innovative solutions and policy, these sessions encouraged dialogue and collaboration among attendees. And of course, AI managed to "outsmart" every other topic, dominating the discussions 🤖😄
I'll be sharing my personal experience and insights from the briefings I had the opportunity to attend. Get ready for an exciting journey through the latest trends, innovations, and thought-provoking discussions that shaped this year's conference and left a lasting impact on the cybersecurity landscape.
Security as Part of Responsible AI: At Home or At Odds?
Rating - 8/10
Ram Shankar Siva Kumar, Microsoft Harvard (Moderator)Vijay Bolina, Deep Mind (Panelist)Dr. Rumman Chowdhury, Bias Buccaneers (Panelist)Daniel Rohrer, NVIDIA (Panelist)
This was a panel discussion and was quite worrying about where we are at with AI and how unchecked it is
- Google AI / NIVIDA / Deep Mind
- Try to coordinate releasing of information for data norms and DEI (diversity/equity/inclusion)
- Try to separate the “nodes of disinformation” from intentional and unintentional
- Things they wont do - Tech Weapons / Surveillance / Violation of human rights
- “We don’t know when a model is ready” when it’s released (excuse me wat 😨)
- Broad proliferation
- Do they ask the right questions in the design phase
- Cultivate output to marry the “wanted social norms”
- PII/ Access control is a problem
- “Hallucinations” are also a big problem and already caused issues
- Reactive vs Proactive
- Audience questions/input
- Is this going to turn into SkyNet and end of the world?
- pseudo non-answer - “many other things to worry about like economy and joblessness” and “misinformation in elections”
- Not enough security practitioners - especially with AI
- Research being pushed into product too quickly - AI will only further accelerate this
- What about the “Halting AI/ML letter petition”
- 6 months is not a long time - what is happening in this time to address the problem?
- Most of the people who signed that letter went off and created their own AI/ML projects so they feel this is just so they can catch up.
- Can we trust what is produced from AI?
- If we are to implement in regards to security do we trust the data or make humans the focal points in these decisions?
- Is this going to turn into SkyNet and end of the world?
Joining Forces with the White Hat Researchers: Aviation Industry Lessons
Jean-Francois Simons, Aviation Information Sharing and Analysis Center Europe (Moderator)Brian Connolly, Boeing (Panelist)Deneen DeFiore, United Airlines (Panelist)Ken Munro, Pen Test Partners Inc. (Panelist)
This was panel discussion about the aviation industry and how they deal with vulnerability disclosures of aircraft. Also another worrying session that I did not leave with a good feeling about.
- E-integrated air craft opened door to white hats
- Focused on safety and getting it right in the design process and development
- Work with partners and regulators
- Work with OEMS for safety
- Bug bounty for United is PAID IN ARLINE MILES ONLY (you have to be kidding me 🤣)
- They now have a dedicated platform for tracking disclosures instead of just a spreadsheet of emails 🤐
- PEN TESTER PARTNERS
- Whitehats only have access to aircraft in boneyards and COVID filled them up with newer planes accelerating vulnerability research
- 2yrs+ to re-certify code on the planes so disclosures require ridiculous amounts of sensitivity and waiting which leaves researchers frustrated
- Many considerations, controls, procedures
- they will ground a plane if not safe
- No dedicated planes for vulnerability research
- lol why not?
- Almost half of industry are not mature with vulnerability disclosure
- some will get defensive and heated when you report a vulnerability
- some will completely ignore you and the community
- Report to FAA first, EXTREME caution before going to journalists
- “Hack airplane from seat” tabloids are very bad
What the Authn? Passkeys Offer a Fresh Take to Authentication Dilemmas
Derek Hanson, Yubico (Speaker)
- HOW TO GET RID OF THE PASSWORD
- Credentials live somewhere
- Suggest passkeys
- Synchronized vs Hardware
- Credit card vs ATM card
- Convenience vs Security
- SECURITY IS ONLY WHAT YOU CAN PROVE
- ENTERPRISE APPLICATION
- GOAL - Enable enterprise users to work in a manner that is secure and compliant
- BUILD - Security Key solutions for FIDO-based MFA
- VENDORS AND SUPPLIER APPLICATIONS
- GOAL - Reduce risk from the supply chain by requiring MFA to access your resources
- DEPLOY - Require attested security key solutions to meet MFA requirements
State of the Hack 2023
Rob Joyce, National Security Agency (Speaker)
This was by far the best session that I attended and the presenter was excellent and even had some funny jokes 😂
- UKRAINE VS RUSSIA
- Russia running psychology operations // Info warfare
- Russia very disruptive to civil infastructure
- Hacktivists - Russia is very good at converting them at the early stages
- NSA gathering intelligence for war procecution
- NSA not seen “NotPetya” like warfare yet, but it is anticipated
- Kinetic warfare still rules, but cyber war still very effective
- Lots of malware campaigns are being used as a cloak for real nation-state movements
- Hacktivists are a “natural resource” for the Russian Government
- CHINA IS OUR PACING THREAT
- Long term investments, broad and very significant
- Big data, AI/ML
- Will not be western friendly and will poach talent
- We have a problem of just accepting threats and hacks are part of life
- They are able to take over endpoint internet devices that are owned in US (doesn’t look bad behavior) [Think cheap IoT devices]
- Growing ability to set up and take down these devices faster than we can follow
- China is okay with getting caught - gave examples of hacks and breaches
- They will come back if you were a victim before and didn’t patch or fix the way they breached
- Exploit known unpatched, misconfiged, easily scanned vulns
- Patching is getting better and it does help
- leads to more 0 days - up 3x from previous year
- Goals to exploit commercial products
- They will host national contests for hackers to do this
- Log4j, Proxy Shell, Exchange
- STOP SELF HOSTING
- We’re going too slow and they will catch up
- Log4j, Proxy Shell, Exchange
The "Stronger Together" and "What is Our Common Thread" wall at RSA 2023 is a unique and interactive wall art project designed to celebrate the similarities and differences among the attendees. By inviting participants to take a colored thread and wrap it around various characteristics on the wall that describe them, the installation showcases the diverse backgrounds, experiences, and perspectives within the cybersecurity community while emphasizing the power of unity and collaboration in addressing global security challenges.
I wrapped my thread around “can eat a whole pizza” “owns bitcoin” “misses my kids” and “joker” 🤠
I want to acknowledge that the conference backpacks are of top notch quality again. During the COVID years it definitely felt like the quality of SWAG items for registration were severely lacking and I can say with full confidence that these are the best backpacks I’ve ever gotten at a conference and are geared heavily towards the tech crowd (go figure).
As we bid farewell to RSA Conference 2023, it's clear that this year's event has left an indelible mark on the cybersecurity community. From groundbreaking innovations and expert insights to the collaborative spirit that permeated the conference, RSA 2023 has inspired us all to continue pushing the boundaries in our quest for a safer digital world. Until next year, let's keep the momentum going and transform the lessons learned into actionable steps for a more secure future.
@TylerM for posting the great information.
Thank you Tyler, that is a lot of interesting info, I will take a better at the weekend though.
WoW that was great info indeed thanks
@TylerM and @Grayson and the rest of the OpenText Teams.
Thanks for this great little read
@TylerM . Wish I was there this year.
Great stuff. Thanks
Will have a proper read when I get a chance.
Awesome content thankyou Tyler
I do agree with AI and how unchecked it is, before, I thought it was fearmongering to a certain extent, but I’ve heard reports of AI models employing a service used by the blind/near sighted to complete captchas!
It doesn’t help that governments like my own in the UK refuse to put together a proper board to properly regulate this.
While I hope to have pithier commentary after a more in-depth second read, one thing that keeps coming to my mind is the number of things branded as AI that is actually just programming. IVR phone systems (which have been around for 40+ years), for example, aren't AI but they're being marketed as such nowadays.
AI is still at the stage, and I suspect will be for the foreseeable future, merely synthesizing from the body of work by humans before it. There is no self-awareness, there is no ego- except that of the programmers who designed it to give Doomsday quips when asked the right questions. ELIZA but with Google...
Great info....have to read it couple of times again.
Cong to lucky people who got star wars lego 😀
Great info and a good read for the train ride to work
The SWAG Backpack looks really nice, just a pity I’m based in Scotland, so did not really have an opportunity to go to the event and participate with everyone!
The AI side of things caught my attention straight away, and that would have been a really interesting part to be involved in. There wasn’t any video done on any of the parts that others could watch and listen to was there??
We never seem to get any decent tech events in Scotland, such a pity as it’s clear there really is some great stuff worth checking out.
Those crowds! <shudder>
I’ll take a Bsides conference over this any day! 😃
Great summary though. Thanks for sharing the experience.
Good stuff! I still can’t get over that United is pays bug bounties in airline miles! What in the world! Please tell me it’s at least enough for a first class seat!
Considering I live on an island, the complacency of the air industry is a concern.
Really curious about the future with ChatGPT and AI in grneral..…
Get rid of the password....the moment is arrivederci?!
I really envy Tyler and all the staff for their participation in the event. I wish I could have been with them...
Thanks for the update!
I really am sorry i couldnt be there :(
This is a really great comprehensive rundown. Good effort!
Great post and a good read, thanks for the info. Wish we could have been there!
Thanks for the run down, love the use of lego to add a bit of fun to what can be a very serious convention.
Also interesting read on the state AI panel and the State of Hack presentation, both very relevant to current world development.
Wow, looks like it was a really fun experience. The activities to involve the attendees are awesome and meaningful.
@TylerM , thumbs up for sharing the notes on the sessions, it’s really great.
And congrats for the awards!
Great to see these events so well attended again in person. fantastic review as always and nice bullet point highlights of the keynote panel events.
Not going to lie that actually looks like it was so much fun! Sometimes I see these kind of events and they are really lacking the interactive element which I think is the best part, why would you go all the way and scour through stands to just look at stuff, I want to be immersed! Love the Lego element by the way, who doesn’t love Lego :D