'Skip Echelon' Thinking and Innovation for Cybersecurity
Although the RSA Conference (RSAC)—the cybersecurity conference, not the company—started more than 24 years ago, I have attended RSAC just three times over the past five years. The first time, I came to run (with my Carnegie Mellon University Software Engineering Institute team) one of the first cyber intelligence workshops, seeing for myself the power of open collaboration and community that RSAC brings to the cybersecurity arena. Last year I came as a TASC vice president, focused on cyber-related technical, operational and assurance work, attending as many thought leadership talks as humanly possible to hear firsthand the current thinking and direction of cybersecurity-related technologies and best practices. A year ago, I was struck by the dramatic growth of the conference in a relatively short time frame and the increasingly international flavor, the breadth of attendee backgrounds and the gamut of business sector representation.
Finally this year, as the founder of a cybersecurity e-marketplace community, I needed to focus primarily on the exposition halls and talk with hundreds of cyber vendor CEOs, chief technology officers and sales executives. Frankly, as someone who has worked in and around this space since the late 1990s, I was heartened by the expansion but concerned to find that the focus remains primarily on traditional network security and mobility approaches—simply doing them faster, bigger and with better analytics and integration. While this is important foundational work, it is not game changing and does not enable us to scale and stay on top of—and ahead of—current crime and threat vectors.
With this in mind, I connected immediately with the RSAC theme of "Change." And the CEO of RSA (the company), Amit Yoran, stole the show right up front with his frank and engaging discussion about our common belief that the perimeter-only approach is dead while at the same time we are not navigating differently, not focusing on what is really needed—we have in fact “sailed off the map.” Yoran’s background is truly impressive, but it is his challenge to all of us in his speech that is worth a listen.
Yoran’s top to-do list includes:
• Stop believing that advanced protections work—the challenge is to us vendors.
• Focus on pervasive and true visibility—go after what is stealthy and multidimensional. Don’t under-scope an incident and clean up quickly, vice seeing the broader threat intentions and campaign.
• Strong authentication and identity matter more today. Stolen credentials are now the preferred threat vector over malware.
• External threat intelligence must be operationalized into your environment.
• Know what is mission-critical to your organization. Prioritize your limited resources and focus on what is most important, and defend these assets with everything you’ve got.
As Yoran states, “This is not a technology problem—this is a mindset problem.”
The other event I always enjoy is the Innovation Sandbox, which is a “bake-off” across a top selection of innovative start-up companies. It includes a company executive providing a three minute overview to a panel of experts and the audience, followed by three minutes each of questions from the expert panel and ending in a vote for the most innovative company.
RSAC also has a compelling campaign to reach children of all ages about digital smarts and safety called the Cyber Safety Village. Please do share this link to short videos with anyone who has children from 6 to 17.
It is what we take from meeting such as RSAC and what we do across ourselves that is really the path to “thinking differently” and “skip echelon” innovation—each of us taking action to effectively stem the bleeding from cyber crime, fraud and disruption across all sectors globally.
Overall RSAC takeaways can be found on the conference website.
Terry Roberts, a former deputy director of naval intelligence, is the founder of CyberSync Inc.
