Quick RSAC 2023 Recap: We’re Back (and Stronger Together)

We’re back (and stronger together)! After a fully virtual RSA Conference in 2021 and an RSAC delayed by Omicron in 2022, it seems that the conference was finally back in full swing at San Francisco’s Moscone Center this past April 24th-27th. With over 40,000 attendees, 650 speakers, and 500 exhibitors in attendance, RSAC 2023’s attendance almost doubled compared to last year.

“The enthusiasm and buzz felt in and around RSA Conference all week was palpable as we welcomed our community to San Francisco. Gathering the world’s most efficient and innovative cybersecurity problem solvers to tackle current and future threats remains critical.” -Linda Gray Martin, Senior Vice President, RSA Conference

While, in true security conference form, there were a couple of flashy bits and star-studded appearances (like Fred Armisen opening up the conference with a rendition of “All You Need Is Love” by the Beatles for some reason?), the heart of the conference remained great conversations with community leaders discussing the future of security.

Keynotes: New attacks and the future of risk

Highlights from the talks included “The Five Most Dangerous New Attacks” session by the SANS Institute—the new attacks being SEO attacks, malvertising, attacks against developers, ChatGPT in malware (ransomware) development, and generative AI in phishing/social engineering—and stand out “Your Third-Party Risk Management Program is Bad and You Should Feel Bad” session by Brian Markham and Chris Castaldo. In their session, Markham (CISO, EAB Global) and Castaldo (CISO, Crossbeam) spoke on the future of third-party risk, highlighting transparency and trust over conventional measures like security questionnaires.

“Security leaders understand the importance of third-party risk. We have created questionnaires and invested in tools to support the process. Even with these investments, orgs find themselves on a hamster wheel; pouring resources into a process that doesn’t make anything more secure. We're here to challenge old ways of thinking and to inspire new approaches to third-party risk management.” -Brian Markham and Chris Castaldo on their Risk Management & Governance Track Session

Okay fine, we’ll mention AI

While identity, threat detection and response, operational difficulties, and supply chain issues remain top of mind, to repeat what you’ve probably been hearing nonstop: AI is the hot new topic. However, there’s less consensus around AI than one would think. While it’s clear to everyone that AI will change everything, no one is sure what those changes will look like or how to decisively answer the big questions—like if AI should continue to be a “co-pilot” for human decision-making or move into the decision seat itself.

One of the most frequent questions we at Crosswire were asked was “Okay, but what does AI actually do for you?” (to which we answered by talking about our AI-powered ITDR to monitor for permission anomalies, configuration drifts, account takeovers, cookie theft, and other emerging threats—more on that soon!). Everyone is looking to each other for guidance on what’s just hype and what’s real as well as how to usefully apply AI in the security space (stay up to date with Crosswire as we navigate these questions ourselves here).

Security is still about people: Stronger Together

On the note of camaraderie and helping each other out, an account of RSAC wouldn’t be complete without talking about its theme: “Stronger Together.” Every person we talked to was pleasantly surprised by their industry’s willingness to chat with and help out everyone, including their competitors, and by the general spirit of togetherness that permeated the entire conference. At the end of the day, security is about people solving people’s problems.

Even just with us at Crosswire, we had a range of… interesting “people” experiences, from being roped into a long conversation about half-baked chicken to seeing Sugar Ray performing at an offsite event (note: asking people who work in security to “make some noise” goes about as well as you’d think). We even had another vendor help us retrieve our swag (shown below) trapped by a faulty lock, an act of kindness and solidarity that’s hard to encounter when we’re isolated but so abundant when our community’s together.

From running into old friends to meeting new people at after-hours events, we’re reminded that people are at the heart of security, and, despite the admitted cheesiness of the sentiment, we really are stronger together for it.

“We are a community of many. No one goes it alone; we build on each other’s diverse knowledge to create the next breakthrough — exchanging ideas, sharing our success stories, and bravely examining our failures. With a world of evolving threats to stop and solve, only by working as a team and continually adding new perspectives will we be able to affect the kind of progress that can shape policy, establish new best practices, and ensure our defenses become more diverse, more resolute, and far more effective. When collaboration is our foundation, the future is bright. RSA Conference 2023. Stronger Together.” -RSA Conference on this year’s theme

To stay up to date with Crosswire on all things infosec — events, webinars, blog posts, and more — sign up to receive our updates below!