RSA Conference™ 2023: Stronger Together

Hannah Young
Hannah Young
.
March 6, 2023
6 min
 read

The theme for 2023’s RSA Conference™ is “Stronger Together.” It’s easy to roll your eyes at and ignore conference themes (especially when so many vendors ignore them themselves), but at a time when information security is more important than ever, so is collaboration.

“We are a community of many. No one goes it alone; we build on each other’s diverse knowledge to create the next breakthrough — exchanging ideas, sharing our success stories, and bravely examining our failures. With a world of evolving threats to stop and solve, only by working as a team and continually adding new perspectives will we be able to affect the kind of progress that can shape policy, establish new best practices, and ensure our defenses become more diverse, more resolute, and far more effective. When collaboration is our foundation, the future is bright. RSA Conference 2023. Stronger Together.” -RSA Conference™ on this year’s theme

One of the best things about information security is how tight-knit the industry is. It’s a relatively small field; everyone seems to know each other and likes to talk about what they know. Sharing tips and practices with security counterparts at similar companies is widespread: collaboration is woven into the very fabric of infosec. Even within an organization, tabletop and red team exercises require cooperation from the whole company, and every team relies on security for training/guidelines to know what to report and to whom.

Comic of two men at RSAC 2020, Man A says, “my talk on ‘Advanced Nuclear AI based Zero Day Detection’ got rejected.” Man B says, “Bummer. Mine got accepted.” Man A says, “Really? What was the topic?” Man B says, “Hacking a Silly String can.”
Image from Charlie Ciso Comic

Though information security is crucial to every aspect of an organization, and it can be a difficult domain to break into — especially given the lack of formal education programs like there are in fields like IT or Computer Science. Collaboration is vital within security, but it’s also crucial interdepartmentally. Your CISO and infosec analyst are stronger together, but so are your CSO and IT director.

Everyone ultimately has the same goal: to keep your organization as secure and productive as possible. While these two goals can sometimes clash or seem incompatible, they can come together “when collaboration is our foundation.”

Interdepartmental Collaboration

Security and IT: Improve your technology

The first step toward collaboration — and being “stronger together” — is understanding each other and our shared objectives. While security and IT both want to improve their organization’s tech, it’s hard for this common goal to be top of mind all the time, especially without an understanding of each other’s motivations.

For genuine, productive collaboration to occur, security can’t be seen as just “ivory tower” policies, and IT needs to be seen as more than just tickets. There are myriad ways security and IT can collaborate, from utilizing tools to automate access to SSO implementation, and these collaborations make each department stronger than they would be alone.

Security and Compliance: Improve your operations

Compliance isn’t just checking boxes or unthinkingly making security jump through hoops, and security isn’t ignoring compliance policies or trying to ruin their life via SOC 2. Security (like any aspect of tech) can come to be viewed as “magic,” and compliance has the difficult job of turning that into tangible policies.

A comic of two men standing back to back both on cell phones. Man A says, “We’ve implemented zero trust.” Man B says, “I don’t believe you.” Man A says, “Exactly.”
Image from Charlie Ciso Comic

Compliance can assist security by helping document and enforce security policies operationally, while security can assist compliance by providing insight into the technical aspects of going beyond compliance requirements. Together, they can ensure that their organization’s security and compliance efforts are aligned and as effective as possible.

Security and Product: Improve your product

Security doesn’t want to postpone or get in the way of launches, and your product team doesn’t want to create a product that’s not secure. Both departments want to make the best product they can as efficiently and securely possible. Security and product can become stronger together than they could alone by including security considerations (or even the security team itself) into the product development process from the beginning.

Image by xkcd

Security can help out product by providing guidance and documentation on secure practices, threat modeling, and vulnerability scanning. Product can help out security by ensuring they’re a priority through actions like including security requirements in their specifications. By working together, security and product teams can ensure that the final product is secure and meets the needs of both teams, in addition to the organization at large and its customers.

Security and Vendors (… hear us out): Improve the industry

We know this will be the hardest part to hear, but being stronger together includes collaboration between security and vendors. This relationship is in no way free from annoyance on either side: security is often annoyed because they feel that vendors aren’t respectful of their time or space, and vendors are often annoyed because they can find CISOs icy and resistant to engagement (to hear more about identity from the CISO's perspective, check out our interview with Crossbeam CISO Chris Castaldo and Applied Systems CISO Tanner Randolph: "CISOs on Identity Security Maturity in the Enterprise").

These concerns are not without some merit; there are real bad actors and snake oil salespeople out there peddling products in bad faith and security folks that are acutely distrustful of others, becoming insular. However, security and vendors can’t truly collaborate without building a relationship based on mutual respect and understanding. Security professionals can provide vendors with clear guidelines and expectations for products and services, while vendors can be more transparent about their product’s capabilities and limitations and more respectful of security’s time and resources.

There are countless benefits to these two spheres working together; for example, security professionals can provide feedback on vendors’ products and services, helping to improve them and make them more effective. Similarly, vendors can also work with security professionals to develop and help them find new solutions that meet security’s unique needs and challenges. By working together, security and vendors can ensure that organizations have access to the best possible security solutions and services and that the industry can thrive through honest communication and collaboration.

Crosswire is especially excited to participate in this year’s RSAC™ (come see us at Booth 21!). We don’t exist as an organization without collaboration between every team member. This is reflected in every value we have as a company, from “We give a shit” to “Have each other’s backs” (we have an entire piece on our values and how they influence our practices here). Despite the admitted cheesiness of the sentiment, we really are stronger together, and we hope that we can help every organization to be through our identity/security solutions.

To stay up to date with Crosswire on all things infosec — trainings, webinars, blog posts, and more — sign up to receive our updates below.

More from our blog

Identity Governance Best Practices for Security Leaders

Explore essential identity governance best practices for security leaders, ensuring robust security frameworks and compliance adherence. Learn more today.

Johnny Wang
.
4 min
 read
UPDATE: Customer Impact in the Okta Salesforce Breach

An update on Crosswire and the September 2023 breach of Okta’s Salesforce instance.

Crosswire Security Team
.
1 min
 read
Breaking Down the October 2023 Okta Breach

A comprehensive timeline and breakdown of the October 2023 Okta Support Case Management System breach.

Hannah Young
.
7 min
 read
October 2023 Okta Compromise Guidance

In light of October 2023 Okta support compromise, Crosswire sent the following message to its customers.

Crosswire Security Team
.
5 min
 read
What is ITDR?

The term Identity Threat Detection and Response (ITDR) has gained significant popularity this year, but what is ITDR, actually?

Hannah Young
.
5 min
 read
CISOs on Identity Security Maturity in the Enterprise

CISOs Chris Castaldo and Tanner Randolph share insights on security maturity and identity in the enterprise.

Hannah Young
.
5 min
 read
Black Hat Guide for Conference Veterans

Whether this is your 1st or 21st time at Black Hat, these tips can help you weather a jam-packed and intense week.

Hannah Young
.
10 min
 read
You Should Feel ‘Positively’ About Your Security Tools: How We’re Mitigating False Positives in Identity Security

False positives are a huge problem in security: see what Crosswire is doing to prevent them and mitigate their effects.

Hannah Young
.
5 min
 read
Decoding the (Broken) Modern Identity Stack

We've made the modern identity stack entirely too convoluted and broken, but not for the reasons you think.

Hannah Young
.
10 min
 read
The Secret Third Step to Threat Detection and Response: Protection

How are you protecting your accounts before an incident can occur (or slowing an incident down before it really ramps up)?

Hannah Young
.
6 min
 read
How to Detect and Remediate Identity Threats; Solution 2: Remediate

This is Solution 2: Remediate of a two-part series on how to detect and remediate evolving identity threats.

Hannah Young
.
5 min
 read
How to Detect and Remediate Identity Threats; Solution 1: Detect

This is Solution 1: Detect of a two-part series on how to detect and remediate evolving identity threats.

Hannah Young
.
5 min
 read
AI D&R: AI (in Security) is Dead; Long Live AI (in Security)

Explore the historical use, modern approaches, and future applications of AI in detection and response (D&R).

Hannah Young
.
8 min
 read
Quick RSAC 2023 Recap: We’re Back (and Stronger Together)

From Armisen to AI/ML, catch up on what you missed from RSA Conference 2023 with Crosswire!

Hannah Young
.
4 min
 read
Defending Against Threats in Identity Security; Part 2: Remediate

This is Part 2: Remediate of a two-part series setting up emerging problems in identity security.

Hannah Young
.
6 min
 read
Why Now’s the Perfect Time to Join an Early-Stage Startup

If you’re looking for the right time to join a high-risk, high-reward venture, we’d argue that there’s never been a better opportunity.

Hannah Young
.
3 min
 read
It’s Not Just You: IT Security Audits are Stressful

IT security audits can be a pain for everyone involved: check out our solutions to make this auditing season just a little bit easier.

Hannah Young
.
5 min
 read
Why RBAC is obsolete

RBAC lacks sophistication and flexibility, failing to address the access needs of the modern company.

Hannah Young
.
3 min
 read
Defending Against Threats in Identity Security; Part 1: Detect

This is Part 1: Detect of a two-part series setting up emerging problems in identity security.

Hannah Young
.
5 min
 read
Identity Is a Co-owned Problem Between Security and IT

Who owns identity at your org? Identity is (and should be treated as) a co-owned problem between security and IT.

Hannah Young
.
5 min
 read
Your Okta Groups Should Be (Mostly) Empty

Yep, you heard that right; we at Crosswire believe that your Okta groups should be as empty as possible.

Hannah Young
.
2 min
 read
The Founding of Crosswire as Told by Its Values

Crosswire, and its co-founders Johnny and Nick, are building the future of enterprise identity in new and exciting ways.

Hannah Young
.
7 min
 read
6 Early Warning Signs of an Under-Resourced IT Organization

It’s no secret that your IT organization is crucial to your company. But are they getting all of the resources they need?

Hannah Young
.
5 min
 read
Cybersecurity Is More Critical Than Ever, and You (Yes, You) Can Do Something About It Now

Why cybersecurity is more crucial than ever and what you can do to make your organization more secure, no matter your role.

Hannah Young
.
7 min
 read
Understanding Automation: How To Do More Than You Have the Resources For

Five significant ways to improve your workflows with automation and get more results than your resources permit.

Hannah Young
.
5 min
 read
Google Workplace Organizational Units (OUs) according to Parks and Rec

What are Google Workplace Organizational Units, and how do they work (according to Parks and Rec)?

Hannah Young
.
5 min
 read
Practical Survival Guide to Okta Lifecycle Management

Crosswire’s technical usability guide to Okta Lifecycle Management (LCM), from onboarding to offboarding.

Hannah Young
.
6 min
 read
Authorization (AuthZ) and Authentication (AuthN): A Brief History

Authentication is who you are, and authorization is what you can do. Here, we dive into the history of these terms.

Hannah Young
.
5 min
 read