RSA Conference™ 2023: Stronger Together
The theme for 2023’s RSA Conference™ is “Stronger Together.” It’s easy to roll your eyes at and ignore conference themes (especially when so many vendors ignore them themselves), but at a time when information security is more important than ever, so is collaboration.
“We are a community of many. No one goes it alone; we build on each other’s diverse knowledge to create the next breakthrough — exchanging ideas, sharing our success stories, and bravely examining our failures. With a world of evolving threats to stop and solve, only by working as a team and continually adding new perspectives will we be able to affect the kind of progress that can shape policy, establish new best practices, and ensure our defenses become more diverse, more resolute, and far more effective. When collaboration is our foundation, the future is bright. RSA Conference 2023. Stronger Together.” -RSA Conference™ on this year’s theme
One of the best things about information security is how tight-knit the industry is. It’s a relatively small field; everyone seems to know each other and likes to talk about what they know. Sharing tips and practices with security counterparts at similar companies is widespread: collaboration is woven into the very fabric of infosec. Even within an organization, tabletop and red team exercises require cooperation from the whole company, and every team relies on security for training/guidelines to know what to report and to whom.
Though information security is crucial to every aspect of an organization, and it can be a difficult domain to break into — especially given the lack of formal education programs like there are in fields like IT or Computer Science. Collaboration is vital within security, but it’s also crucial interdepartmentally. Your CISO and infosec analyst are stronger together, but so are your CSO and IT director.
Everyone ultimately has the same goal: to keep your organization as secure and productive as possible. While these two goals can sometimes clash or seem incompatible, they can come together “when collaboration is our foundation.”
Security and IT: Improve your technology
The first step toward collaboration — and being “stronger together” — is understanding each other and our shared objectives. While security and IT both want to improve their organization’s tech, it’s hard for this common goal to be top of mind all the time, especially without an understanding of each other’s motivations.
For genuine, productive collaboration to occur, security can’t be seen as just “ivory tower” policies, and IT needs to be seen as more than just tickets. There are myriad ways security and IT can collaborate, from utilizing tools to automate access to SSO implementation, and these collaborations make each department stronger than they would be alone.
Security and Compliance: Improve your operations
Compliance isn’t just checking boxes or unthinkingly making security jump through hoops, and security isn’t ignoring compliance policies or trying to ruin their life via SOC 2. Security (like any aspect of tech) can come to be viewed as “magic,” and compliance has the difficult job of turning that into tangible policies.
Compliance can assist security by helping document and enforce security policies operationally, while security can assist compliance by providing insight into the technical aspects of going beyond compliance requirements. Together, they can ensure that their organization’s security and compliance efforts are aligned and as effective as possible.
Security and Product: Improve your product
Security doesn’t want to postpone or get in the way of launches, and your product team doesn’t want to create a product that’s not secure. Both departments want to make the best product they can as efficiently and securely possible. Security and product can become stronger together than they could alone by including security considerations (or even the security team itself) into the product development process from the beginning.
Security can help out product by providing guidance and documentation on secure practices, threat modeling, and vulnerability scanning. Product can help out security by ensuring they’re a priority through actions like including security requirements in their specifications. By working together, security and product teams can ensure that the final product is secure and meets the needs of both teams, in addition to the organization at large and its customers.
Security and Vendors (… hear us out): Improve the industry
We know this will be the hardest part to hear, but being stronger together includes collaboration between security and vendors. This relationship is in no way free from annoyance on either side: security is often annoyed because they feel that vendors aren’t respectful of their time or space, and vendors are often annoyed because they can find CISOs icy and resistant to engagement (to hear more about identity from the CISO's perspective, check out our interview with Crossbeam CISO Chris Castaldo and Applied Systems CISO Tanner Randolph: "CISOs on Identity Security Maturity in the Enterprise").
These concerns are not without some merit; there are real bad actors and snake oil salespeople out there peddling products in bad faith and security folks that are acutely distrustful of others, becoming insular. However, security and vendors can’t truly collaborate without building a relationship based on mutual respect and understanding. Security professionals can provide vendors with clear guidelines and expectations for products and services, while vendors can be more transparent about their product’s capabilities and limitations and more respectful of security’s time and resources.
There are countless benefits to these two spheres working together; for example, security professionals can provide feedback on vendors’ products and services, helping to improve them and make them more effective. Similarly, vendors can also work with security professionals to develop and help them find new solutions that meet security’s unique needs and challenges. By working together, security and vendors can ensure that organizations have access to the best possible security solutions and services and that the industry can thrive through honest communication and collaboration.
Crosswire is especially excited to participate in this year’s RSAC™ (come see us at Booth 21!). We don’t exist as an organization without collaboration between every team member. This is reflected in every value we have as a company, from “We give a shit” to “Have each other’s backs” (we have an entire piece on our values and how they influence our practices here). Despite the admitted cheesiness of the sentiment, we really are stronger together, and we hope that we can help every organization to be through our identity/security solutions.
To stay up to date with Crosswire on all things infosec — trainings, webinars, blog posts, and more — sign up to receive our updates below.
More from our blog
A comprehensive timeline and breakdown of the October 2023 Okta Support Case Management System breach.
In light of October 2023 Okta support compromise, Crosswire sent the following message to its customers.
The term Identity Threat Detection and Response (ITDR) has gained significant popularity this year, but what is ITDR, actually?
CISOs Chris Castaldo and Tanner Randolph share insights on security maturity and identity in the enterprise.
Whether this is your 1st or 21st time at Black Hat, these tips can help you weather a jam-packed and intense week.
False positives are a huge problem in security: see what Crosswire is doing to prevent them and mitigate their effects.
We've made the modern identity stack entirely too convoluted and broken, but not for the reasons you think.
How are you protecting your accounts before an incident can occur (or slowing an incident down before it really ramps up)?
This is Solution 2: Remediate of a two-part series on how to detect and remediate evolving identity threats.
This is Solution 1: Detect of a two-part series on how to detect and remediate evolving identity threats.
Explore the historical use, modern approaches, and future applications of AI in detection and response (D&R).
If you’re looking for the right time to join a high-risk, high-reward venture, we’d argue that there’s never been a better opportunity.
IT security audits can be a pain for everyone involved: check out our solutions to make this auditing season just a little bit easier.
RBAC lacks sophistication and flexibility, failing to address the access needs of the modern company.
Who owns identity at your org? Identity is (and should be treated as) a co-owned problem between security and IT.
Yep, you heard that right; we at Crosswire believe that your Okta groups should be as empty as possible.
Crosswire, and its co-founders Johnny and Nick, are building the future of enterprise identity in new and exciting ways.
It’s no secret that your IT organization is crucial to your company. But are they getting all of the resources they need?
Why cybersecurity is more crucial than ever and what you can do to make your organization more secure, no matter your role.
Five significant ways to improve your workflows with automation and get more results than your resources permit.
Crosswire’s technical usability guide to Okta Lifecycle Management (LCM), from onboarding to offboarding.
Subscribe to our blog
Get Crosswire's security insights delivered straight to your inbox. No frills, no spams, unsubscribe anytime!