Quick RSAC 2023 Recap: We’re Back (and Stronger Together)

Hannah Young
Hannah Young
.
May 10, 2023
4 min
 read

We’re back (and stronger together)! After a fully virtual RSA Conference in 2021 and an RSAC delayed by Omicron in 2022, it seems that the conference was finally back in full swing at San Francisco’s Moscone Center this past April 24th-27th. With over 40,000 attendees, 650 speakers, and 500 exhibitors in attendance, RSAC 2023’s attendance almost doubled compared to last year.

“The enthusiasm and buzz felt in and around RSA Conference all week was palpable as we welcomed our community to San Francisco. Gathering the world’s most efficient and innovative cybersecurity problem solvers to tackle current and future threats remains critical.” -Linda Gray Martin, Senior Vice President, RSA Conference
Image of Crossswire's booth at RSAC, a screen that says "THE NEXT GENERATION IDENTITY OS" and a physical sign that says "Secure Identity At Scale" behind a table with Crosswire-branded fortune cookies, stress balls, bottle openers, phone wallets, and stickers on it

While, in true security conference form, there were a couple of flashy bits and star-studded appearances (like Fred Armisen opening up the conference with a rendition of “All You Need Is Love” by the Beatles for some reason?), the heart of the conference remained great conversations with community leaders discussing the future of security.

Keynotes: New attacks and the future of risk

Brian Markham (left) and Chris Castaldo (right) speaking at “Your Third-Party Risk Management Program is Bad and You Should Feel Bad"

Highlights from the talks included “The Five Most Dangerous New Attacks” session by the SANS Institute—the new attacks being SEO attacks, malvertising, attacks against developers, ChatGPT in malware (ransomware) development, and generative AI in phishing/social engineering—and stand out “Your Third-Party Risk Management Program is Bad and You Should Feel Bad” session by Brian Markham and Chris Castaldo. In their session, Markham (CISO, EAB Global) and Castaldo (CISO, Crossbeam) spoke on the future of third-party risk, highlighting transparency and trust over conventional measures like security questionnaires.

“Security leaders understand the importance of third-party risk. We have created questionnaires and invested in tools to support the process. Even with these investments, orgs find themselves on a hamster wheel; pouring resources into a process that doesn’t make anything more secure. We're here to challenge old ways of thinking and to inspire new approaches to third-party risk management.” -Brian Markham and Chris Castaldo on their Risk Management & Governance Track Session

Okay fine, we’ll mention AI

While identity, threat detection and response, operational difficulties, and supply chain issues remain top of mind, to repeat what you’ve probably been hearing nonstop: AI is the hot new topic. However, there’s less consensus around AI than one would think. While it’s clear to everyone that AI will change everything, no one is sure what those changes will look like or how to decisively answer the big questions—like if AI should continue to be a “co-pilot” for human decision-making or move into the decision seat itself.

Image by xkcd

One of the most frequent questions we at Crosswire were asked was “Okay, but what does AI actually do for you?” (to which we answered by talking about our AI-powered ITDR to monitor for permission anomalies, configuration drifts, account takeovers, cookie theft, and other emerging threats—more on that soon!). Everyone is looking to each other for guidance on what’s just hype and what’s real as well as how to usefully apply AI in the security space (stay up to date with Crosswire as we navigate these questions ourselves here).

Security is still about people: Stronger Together

On the note of camaraderie and helping each other out, an account of RSAC wouldn’t be complete without talking about its theme: “Stronger Together.” Every person we talked to was pleasantly surprised by their industry’s willingness to chat with and help out everyone, including their competitors, and by the general spirit of togetherness that permeated the entire conference. At the end of the day, security is about people solving people’s problems.

An attendee laughing with our sales associate in front of a screen that says "Detect, Alert, and Remediate Identity-Based Security Threats in Okta, Azure AD, and Google"

Even just with us at Crosswire, we had a range of… interesting “people” experiences, from being roped into a long conversation about half-baked chicken to seeing Sugar Ray performing at an offsite event (note: asking people who work in security to “make some noise” goes about as well as you’d think). We even had another vendor help us retrieve our swag (shown below) trapped by a faulty lock, an act of kindness and solidarity that’s hard to encounter when we’re isolated but so abundant when our community’s together.

Crosswire-branded stress ball and phone wallet and fortune cookies that say "Your security team will find great peace and success this year with Crosswire"
Don't worry, these cookies were not stolen

From running into old friends to meeting new people at after-hours events, we’re reminded that people are at the heart of security, and, despite the admitted cheesiness of the sentiment, we really are stronger together for it.

“We are a community of many. No one goes it alone; we build on each other’s diverse knowledge to create the next breakthrough — exchanging ideas, sharing our success stories, and bravely examining our failures. With a world of evolving threats to stop and solve, only by working as a team and continually adding new perspectives will we be able to affect the kind of progress that can shape policy, establish new best practices, and ensure our defenses become more diverse, more resolute, and far more effective. When collaboration is our foundation, the future is bright. RSA Conference 2023. Stronger Together.” -RSA Conference on this year’s theme

To stay up to date with Crosswire on all things infosec — events, webinars, blog posts, and more — sign up to receive our updates below!

More from our blog

How to Detect and Remediate Identity Threats; Solution 1: Detect

This is Solution 1: Detect of a two-part series on how to detect and remediate evolving identity threats.

Hannah Young
.
5 min
 read
AI D&R: AI (in Security) is Dead; Long Live AI (in Security)

Explore the historical use, modern approaches, and future applications of AI in detection and response (D&R).

Hannah Young
.
8 min
 read
Defending Against Threats in Identity Security; Part 2: Remediate

This is Part 2: Remediate of a two-part series setting up emerging problems in identity security.

Hannah Young
.
6 min
 read
Why Now’s the Perfect Time to Join an Early-Stage Startup

If you’re looking for the right time to join a high-risk, high-reward venture, we’d argue that there’s never been a better opportunity.

Hannah Young
.
3 min
 read
It’s Not Just You: IT Security Audits are Stressful

IT security audits can be a pain for everyone involved: check out our solutions to make this auditing season just a little bit easier.

Hannah Young
.
5 min
 read
Why RBAC is obsolete

RBAC lacks sophistication and flexibility, failing to address the access needs of the modern company.

Hannah Young
.
3 min
 read
Defending Against Threats in Identity Security; Part 1: Detect

This is Part 1: Detect of a two-part series setting up emerging problems in identity security.

Hannah Young
.
5 min
 read
Identity Is a Co-owned Problem Between Security and IT

Who owns identity at your org? Identity is (and should be treated as) a co-owned problem between security and IT.

Hannah Young
.
5 min
 read
Your Okta Groups Should Be (Mostly) Empty

Yep, you heard that right; we at Crosswire believe that your Okta groups should be as empty as possible.

Hannah Young
.
2 min
 read
The Founding of Crosswire as Told by Its Values

Crosswire, and its co-founders Johnny and Nick, are building the future of enterprise identity in new and exciting ways.

Hannah Young
.
7 min
 read
RSA Conference™ 2023: Stronger Together

The theme for 2023’s RSA Conference™ is “Stronger Together.” When info security is more important than ever, so is collaboration.

Hannah Young
.
6 min
 read
6 Early Warning Signs of an Under-Resourced IT Organization

It’s no secret that your IT organization is crucial to your company. But are they getting all of the resources they need?

Hannah Young
.
5 min
 read
Cybersecurity Is More Critical Than Ever, and You (Yes, You) Can Do Something About It Now

Why cybersecurity is more crucial than ever and what you can do to make your organization more secure, no matter your role.

Hannah Young
.
7 min
 read
Understanding Automation: How To Do More Than You Have the Resources For

Five significant ways to improve your workflows with automation and get more results than your resources permit.

Hannah Young
.
5 min
 read
Google Workplace Organizational Units (OUs) according to Parks and Rec

What are Google Workplace Organizational Units, and how do they work (according to Parks and Rec)?

Hannah Young
.
5 min
 read
Practical Survival Guide to Okta Lifecycle Management

Crosswire’s technical usability guide to Okta Lifecycle Management (LCM), from onboarding to offboarding.

Hannah Young
.
6 min
 read
Authorization (AuthZ) and Authentication (AuthN): A Brief History

Authentication is who you are, and authorization is what you can do. Here, we dive into the history of these terms.

Hannah Young
.
5 min
 read