RSA Conference™ 2023: Stronger Together

The theme for 2023’s RSA Conference™ is “Stronger Together.” It’s easy to roll your eyes at and ignore conference themes (especially when so many vendors ignore them themselves), but at a time when information security is more important than ever, so is collaboration.

“We are a community of many. No one goes it alone; we build on each other’s diverse knowledge to create the next breakthrough — exchanging ideas, sharing our success stories, and bravely examining our failures. With a world of evolving threats to stop and solve, only by working as a team and continually adding new perspectives will we be able to affect the kind of progress that can shape policy, establish new best practices, and ensure our defenses become more diverse, more resolute, and far more effective. When collaboration is our foundation, the future is bright. RSA Conference 2023. Stronger Together.” -RSA Conference™ on this year’s theme

One of the best things about information security is how tight-knit the industry is. It’s a relatively small field; everyone seems to know each other and likes to talk about what they know. Sharing tips and practices with security counterparts at similar companies is widespread: collaboration is woven into the very fabric of infosec. Even within an organization, tabletop and red team exercises require cooperation from the whole company, and every team relies on security for training/guidelines to know what to report and to whom.

Though information security is crucial to every aspect of an organization, and it can be a difficult domain to break into — especially given the lack of formal education programs like there are in fields like IT or Computer Science. Collaboration is vital within security, but it’s also crucial interdepartmentally. Your CISO and infosec analyst are stronger together, but so are your CSO and IT director.

Everyone ultimately has the same goal: to keep your organization as secure and productive as possible. While these two goals can sometimes clash or seem incompatible, they can come together “when collaboration is our foundation.”

Interdepartmental Collaboration

Security and IT: Improve your technology

The first step toward collaboration — and being “stronger together” — is understanding each other and our shared objectives. While security and IT both want to improve their organization’s tech, it’s hard for this common goal to be top of mind all the time, especially without an understanding of each other’s motivations.

For genuine, productive collaboration to occur, security can’t be seen as just “ivory tower” policies, and IT needs to be seen as more than just tickets. There are myriad ways security and IT can collaborate, from utilizing tools to automate access to SSO implementation, and these collaborations make each department stronger than they would be alone.

Security and Compliance: Improve your operations

Compliance isn’t just checking boxes or unthinkingly making security jump through hoops, and security isn’t ignoring compliance policies or trying to ruin their life via SOC 2. Security (like any aspect of tech) can come to be viewed as “magic,” and compliance has the difficult job of turning that into tangible policies.

Compliance can assist security by helping document and enforce security policies operationally, while security can assist compliance by providing insight into the technical aspects of going beyond compliance requirements. Together, they can ensure that their organization’s security and compliance efforts are aligned and as effective as possible.

Security and Product: Improve your product

Security doesn’t want to postpone or get in the way of launches, and your product team doesn’t want to create a product that’s not secure. Both departments want to make the best product they can as efficiently and securely possible. Security and product can become stronger together than they could alone by including security considerations (or even the security team itself) into the product development process from the beginning.

Security can help out product by providing guidance and documentation on secure practices, threat modeling, and vulnerability scanning. Product can help out security by ensuring they’re a priority through actions like including security requirements in their specifications. By working together, security and product teams can ensure that the final product is secure and meets the needs of both teams, in addition to the organization at large and its customers.

Security and Vendors (… hear us out): Improve the industry

We know this will be the hardest part to hear, but being stronger together includes collaboration between security and vendors. This relationship is in no way free from annoyance on either side: security is often annoyed because they feel that vendors aren’t respectful of their time or space, and vendors are often annoyed because they can find CISOs icy and resistant to engagement.

These concerns are not without some merit; there are real bad actors and snake oil salespeople out there peddling products in bad faith and security folks that are acutely distrustful of others, becoming insular. However, security and vendors can’t truly collaborate without building a relationship based on mutual respect and understanding. Security professionals can provide vendors with clear guidelines and expectations for products and services, while vendors can be more transparent about their product’s capabilities and limitations and more respectful of security’s time and resources.

There are countless benefits to these two spheres working together; for example, security professionals can provide feedback on vendors’ products and services, helping to improve them and make them more effective. Similarly, vendors can also work with security professionals to develop and help them find new solutions that meet security’s unique needs and challenges. By working together, security and vendors can ensure that organizations have access to the best possible security solutions and services and that the industry can thrive through honest communication and collaboration.

Crosswire is especially excited to participate in this year’s RSAC™ (come see us at Booth 21!). We don’t exist as an organization without collaboration between every team member. This is reflected in every value we have as a company, from “We give a shit” to “Have each other’s backs” (we have an entire piece on our values and how they influence our practices here). Despite the admitted cheesiness of the sentiment, we really are stronger together, and we hope that we can help every organization to be through our identity/security solutions.

To stay up to date with Crosswire on all things infosec — trainings, webinars, blog posts, and more — sign up to receive our updates below.