Threat Researchers’ Guide to RSAC 2020
Our bags are packed for RSAC 2020 and we’re looking forward to another busy and productive show.
Whether this will be your first time at RSA Conference or you’ve been attending for over a decade, we have to admit: the whole experience can be a bit overwhelming. To help make the most of your time, Gary Golomb and Eric Poynton, two of our threat researchers, combed through dozens of speaking abstracts to highlight some of the sessions they’re most looking forward to and why.
And, in the spirit of “work hard, play hard,” we’ve also identified a few after-hours events where you can let loose and relax after a full week* of networking and learning.
Hopefully, we’ll run into you at one of the following sessions, events or at the Awake Security booth (#N4228), but if you’d like some 1:1 time with our experts, be sure to schedule a meeting in advance. We also have an exclusive CISO networking dinner planned — reach out and let us know if you would like the deets!
*Still on the fence about attending RSAC 2020? Use code XE0UAWAKE to register for a free expo pass.
And now…here are the keynotes on Thursday, Feb. 27 that we’ll get in line early to attend:
Why? Because users are, and always will be, the weakest link in terms of a security program. As systems get harder to hack, people are not advancing at the same rate.
Why? As AI and self-driving cars become a reality, we need to ensure that they are ready for the attacks against them. This is our safety at stake here. Not only cars, but trains and planes as well.
Why? We need to look at past trends to ensure we are prepared to handle them if they arise again, and the past is a great predictor for the future.
Keynotes aside, here are some interesting sessions we’re eager to take in throughout the week:
Wednesday, Feb. 26
Why? Although AI-based approaches to almost anything these days romanticize the notion of algorithms that evolve as the system its analyzing evolves and changes, such notions have been far more marketing fodder than reality. Machine models ultimately make decisions about the future based on data of the past, which is perfectly fine and effective for many domains, but is not fine for a number of critical domains.
Why? Depending on the direction of this talk, this is absolutely terrifying. When mass surveillance, collection, and monitoring of people is advocated for as a response to such horrific events, all surveillance and privacy experts in our industry should engage in the discussion. As stated by Investor’s Business Daily about surveillance technologies, “What began as a well-intentioned campaign to harden targets and protect the nation from terrorists has metastasized into a sprawling and diffuse enterprise that has little to do with terrorists and a lot to do with government and employers spying on the citizenry — and citizens spying on each other.” Predictive Policing has the potential for the type of mission creep that should terrify any career cyber practitioner.
Thursday, Feb. 27
Why? Because it’s a talk about human-directed countermeasures involving intelligence gathering for criminal sources, which is a critical human factor to understand in the “people problem” of security.
Friday, Feb. 28
Why? Awake completed an unprecedented multi-year study of the cognitive and psychological characteristics of SoC analysts for the purpose of creating the best possible interface to support analysts and SoC demands. We used the Cognitive Work Analysis framework, most commonly used in naval, military, aviation, driving, and health care domains. We learned insights about analysts needs and methods for making decisions that challenged many of our preconceived notions and the assumptions held by many in the industry. Because of this, we’re very excited to see talks focusing on the psychological and emotional aspects of working in the SoC.
Why? As decades of security research shows us, “responsible disclosure” is frequently a tool for preventing zero days, but is anything but a framework for understanding the ethics of disclosure in the first place. Research is done under the banner of “security,” although that research frequently ultimately weakens security though loosely defined and inconsistent disclosure practices. Given the threat AI presents, combined with researchers track record of not self-regulating the control of weaponizable technology (in fact, because of conference accolades and the success metrics applied to researchers themselves, researchers are ultimately incentivized to disclose weaponizable work), legal “protections” for AI work worry us, gravely.
Finally, here are some after-hours events we’re excited to cut loose at:
Tuesday, Feb. 25
Woman’s Networking Reception @ Marriot Marquis (5 – 7 pm)
A relaxed and casual networking event celebrating the contributions and rich history of women in science and technology.
“Maiden” Movie Screening @ Marriot Marquis (7 – 9 pm)
Immediately following the Women’s Networking Reception, stay put for a screening of “Maiden” featuring RSAC Keynote Speaker, Tracy Edwards. Watch as she leads the first all-female crew in the Whitbread Round the World Race, a grueling yachting competition that covers 33,000 miles and lasts nine months.
Thursday, Feb. 27
RSAC After Hours @ Marriot Marquis (6 – 9 pm)
Once programming is done for the day, attend RSAC After Hours. Travel back in time to the 1980s for a night filled with entertainment, food, drink, and networking with industry peers and colleagues.
Dig Deeper with These Resources
Awake Security 2 Minute Explainer Video
What if security could think? What if it could sense danger, calculate risk, and react quickly based…
Real World Incidents Detected and Stopped by Awake
Organizations across industries use Awake every day to identify and stop modern threats from both internal and…