RSA Conference Day 1: Cisco, VMware, New Products, DE&I
The conference follows the recent ransomware attack on Colonial Pipeline that made big news.
![Malicious hacker Malicious hacker](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt3fe3085aeb608f32/65245149f66dd9acd5a7c888/9-Malicious-Hacker.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
During his RSA keynote, Chuck Robbins, Cisco‘s chairman and CEO, said the cybersecurity skills shortage is impacting 70% of organizations.
“Seventy percent of cybersecurity professionals … have said that their organization is impacted by the skills shortage,” he said. “We have 2.8 million cybersecurity professionals in the world right now. That’s a lot of people. We also have 4 million unfilled jobs at the same time. We have to train people. We have to reskill people. We have to continue to develop the existing talent. We have to make it easier for people to get into cybersecurity.”
The industry needs to look at untapped sources, Robbins said. Women now make up just 24% of the cybersecurity workforce today, while they present the majority of new entrants into the workforce.
“We have to look in unconventional places for people with unconventional backgrounds that have the capacity and the capability to learn and then contribute constructively as we move forward,” he said. “We also have a program like Cisco Network Academy, where we’re taking technology education into high schools, community colleges, universities, military and into prisons to help educate these people, and allow them to participate and have jobs in the technology arena.”
Angela Weinman, VMware‘s head of global governance, risk and compliance, and Jimmy Sanders, who managed network security at Netflix DVD, shared three hard truths of cybersecurity to impact change.
The first hard truth is the cybersecurity risk picture is “out of focus.
“This is directly linked to greater resilience,” Sanders said. “If we can’t accurately determine risk, it becomes difficult to rapidly recover from impacts. We have to acknowledge this.”
Weinman said it’s essential that “risk drives what we do because security, after all, is one big risk management program.”
“We’re not managing our risk well enough,” she said. “Maybe we should be zooming out, trying a wide-angle lens instead, thinking in terms of the spectrum of impact, rather than a narrowly defined scenario.”
The second hard truth is that legacy security practices are “slowing us down.”
“I’ve spent my time railing against legacy security practices and the lack of diverse voices within our security community,” Sanders said. “We the collective must create an environment where the best ideas win. And what happens is this improves our security posture overall. These diverse thoughts stem from allowing competing ideas and viewpoints to be voiced without the fear of ridicule and condemnation.”
Many intelligent minority voices don’t get heard within the cybersecurity community, he said.
“Allowing all voices; in fact, requiring all voices to be heard is tremendously empowering,” Weinman said.
And the third hard truth is that “security is not a solo sport.”
“You may be a super security person at your current tech company,” Sanders said. “Whatever stage you are in your current career cycle, we in the security community need your ideas; we need the effort and the collaboration. We the security community need to ensure the best security practices are accessible to everyone. A single entity can’t curve the overall rise in security breaches regardless of how amazing their individual security structure may be.”
Relationships and connections are “table stakes” for success in security, Weinman said.
The Information Systems Audit and Control Association (ISACA) released its annual state of cybersecurity survey. More than 3,600 cybersecurity leaders participated in the survey.
Jonathan Brandt is ISACA’s information security professional practices lead.
“As is reported each year, there remain challenges in finding qualified, well-rounded candidates,” he said. “Research also shows that understaffed teams remain strongly correlated with an increasing number of cyberattacks.”
While cybersecurity jobs are in high demand, few organizations offer entry-level opportunities, leaving few entry points into the field, Brandt said.
While technical skills remain in highest demand, employers are seeking well-rounded candidates with solid soft skills, he said.
Caitlin McGaw is president of Candor McGaw. She’s a career management coach and executive recruiter.
“What I hear about, particularly from CISOs, is emotional intelligence,” she said. “That’s being able to understand and manage your own emotions in order to effectively communicate and empathize with others, as well as resolve conflict. One CISO I spoke with said he’d take emotional intelligence any day over certifications. It’s so much harder to train emotional intelligence and enthusiasm rather than the hard skill set.”
Also in demand is resilience, “continuing to push through even when you face challenges because cybersecurity can be a frustrating business, things can go terribly wrong, and you have to be able to get back on the horse and get going to solve those huge problems,” McGaw said.
Gregory Touhill is president of AppGate Federal. He said cybersecurity leaders need to nurture soft skills.
“Often you may get a new employee who is not necessarily fully experienced in those areas, but as a leader, you’ve got to help those folks gain those skills and nurture them along the way,” he said. “You’re not going to have an opportunity to find that perfect employee right off the bat. Sometimes you’re going to have to [decide] what skills I must have, and then where I can grow that employee to meet the needs of the team.”
A big problem continues to be the prevalence of “aspirational” job descriptions that tend to rule out too many people; women, in particular, McGaw said.
“There are many ways to expand that candidate pipeline if you think creatively about what it really takes to do the job and what can be trained from a hard skills perspective with a moderate investment in training,” she said.
Touhill said he’s looking for people who provide diversity, equity and inclusion in his workforce.
“For those folks who feel like they’re underqualified for portions of this particular job, if you’ve got the hard skills and you can contribute to that team, I still want to hear from you,” he said. “I still want you to apply for those types of jobs and go through the process. And don’t be deterred if you don’t have 100% of the skills I’m looking for.”
McGaw said it’s important to have a welcoming culture and work with populations that are underrepresented in cybersecurity. In addition, better job descriptions are needed to prevent discouraging people from applying.
During her RSA session, Meg Diaz, director of Cisco Cloud Security, gave a crash course on all things secure access service edge (SASE). She said SASE is all about moving security and networking to the cloud, and delivering it as a subscription service.
SASE combines SD-WAN, firewall-as-a-service, secure web gateway, cloud access security broker (CASB) and zero-trust network access, she said.
“The goal of the SASE model is to consolidate these functions, which were traditionally delivered as siloed point products, into a single, consolidated, integrated cloud service,” Diaz said. “And SASE is really designed to help you combine those networking and security functions to deliver secure connectivity as a service. You can connect users seamlessly to the applications and data that they need to access in any environment, from any location.”
Diaz also provided tips to be aware of and pitfalls to avoid when looking at how SASE fits into your organization. One tip is to look for a complete, integrated architecture. Also, consider use cases and what capabilities are needed to solve those use cases.
A pitfall to avoid: products from multiple vendors that are brought together through basic integrations, she said.
“You want to look for a vision of consolidation of those five core functions,” Diaz said. “Consolidation is key because even though you may only have zero trust or SD-WAN today, you’ll likely need to extend to some other services in the future and move more to the cloud. Even if it’s multiple products from a single vendor today, look at how easy it is to actually integrate them together and how they’re going to be brought together even more in the future versus having to always rely on product integrations across multiple vendors. That’s where this shift is happening, from best of breed to best of platform. That’s really going to drive efficiency for your network and security teams, particularly as vendors integrate more of these core services together in SASE.”
David Bicknell is principal analyst of thematic research at GlobalData. He said this week’s conference must “point the way forward to help organizations develop both defensive measures to prevent these attacks, and the requisite best practice for responding to them, especially in dealing with ransomware.”
“With cyberattacks getting more daring and sophisticated, but businesses still on the back foot in their cyber defenses as a result of remote working, cybersecurity companies must show they can provide defense against attacks that businesses in all sectors rely on,” he said. “The bad guys are winning, and the industry needs to send a message to hackers that it is up for a fight.”
Organizations are being ravaged by ransomware they don’t know how to contain or control, Bicknell said. The Colonial Pipeline attack might be the “tip of the iceberg” for future critical infrastructure attacks.
There needs to be a simpler, coherent product strategy that addresses cyber threats, said Rajesh Muru, GlobaData’s principal analyst and enterprise security lead.
“Here, although continuous product enhancements and new releases are welcomed in industry, there needs to be a simpler, coherent product strategy that addresses the cyber threats that lie ahead for businesses across all fields, providing better cybersecurity alignment to the dynamics that these sectors’ IT systems operate in across the entire supply chain, and with better threat information sharing,” he said.
At RSA, Digital.ai introduced Essential App Protection, a low-code solution that provides a first line of defense against application layer attacks.
Essential App Protection prevents apps from running in unsafe environments, while providing intelligence into how, when and where apps are being attacked. Together with its Premium App Protection solutions, Digital.ai provides application and data protection to prevent reverse engineering, code tampering, IP theft, data exfiltration, malware and more.
Aviad Arviv is Digital.ai’s general manager of security.
“With app security expertise in short supply, organizations are often limited to protecting only their most critical apps,” he said. “With Digital.ai Essential App Protection and Digital.ai Premium App Protection, organizations have the solutions they need to embed security right into their DevOps pipeline and protect all their apps, regardless of the organizations’ level of security expertise.”
Also at RSA, BlackBerry announced Optics 3.0, its next-generation cloud-based endpoint detection and response (EDR) solution, and Gateway, its first artificial intelligence (AI)-empowered zero trust network access (ZTNA) product. BlackBerry’s new endpoint and network security capabilities will help differentiate its extended detection and response (XDR) strategy.
Billy Ho is BlackBerry’s executive vice president of product engineering.
“Traditional endpoint security alone is not enough to tackle the sophisticated threat landscape,” he said. “Our end-to-end approach to cybersecurity is deeply rooted in Cylance AI and machine learning (ML) to provide enhanced visibility and protection against current and future cyberthreats. As part of our XDR road map, we will continue to add new products and additional sources of security telemetry, such as user behavior, identity, network, data, application and cloud to the Optics 3.0 cloud data lake. This will enable data correlation, automated workflows, automated threat hunting, to enable more efficient and effective detection and response.”
At RSA, Digital.ai introduced Essential App Protection, a low-code solution that provides a first line of defense against application layer attacks.
Essential App Protection prevents apps from running in unsafe environments, while providing intelligence into how, when and where apps are being attacked. Together with its Premium App Protection solutions, Digital.ai provides application and data protection to prevent reverse engineering, code tampering, IP theft, data exfiltration, malware and more.
Aviad Arviv is Digital.ai’s general manager of security.
“With app security expertise in short supply, organizations are often limited to protecting only their most critical apps,” he said. “With Digital.ai Essential App Protection and Digital.ai Premium App Protection, organizations have the solutions they need to embed security right into their DevOps pipeline and protect all their apps, regardless of the organizations’ level of security expertise.”
Also at RSA, BlackBerry announced Optics 3.0, its next-generation cloud-based endpoint detection and response (EDR) solution, and Gateway, its first artificial intelligence (AI)-empowered zero trust network access (ZTNA) product. BlackBerry’s new endpoint and network security capabilities will help differentiate its extended detection and response (XDR) strategy.
Billy Ho is BlackBerry’s executive vice president of product engineering.
“Traditional endpoint security alone is not enough to tackle the sophisticated threat landscape,” he said. “Our end-to-end approach to cybersecurity is deeply rooted in Cylance AI and machine learning (ML) to provide enhanced visibility and protection against current and future cyberthreats. As part of our XDR road map, we will continue to add new products and additional sources of security telemetry, such as user behavior, identity, network, data, application and cloud to the Optics 3.0 cloud data lake. This will enable data correlation, automated workflows, automated threat hunting, to enable more efficient and effective detection and response.”
RSA CONFERENCE — This week’s virtual RSA Conference began with a call for diversity, inclusion and cooperation in cybersecurity to successfully battle cyber threats.
This is the 30th RSA conference. The theme of the event is resilience.
The conference follows the recent ransomware attack on Colonial Pipeline, which pushed gas prices higher and disrupted supply in the eastern United States. According to the Wall Street Journal, the Darkside group, linked to the attack, has told its hacking associates that it’s shutting down operations.
Securing Chaos
Rohit Ghai, RSA‘s CEO, gave the RSA opening keynote. He said the world has not yet faced a global cyber pandemic, but the industry needs to be prepared for this inevitability.
RSA’s Rohit Ghai
“We have not been fully tested yet and must remain vigilant,” he said. “There will certainly be challenges, stumbles and failures.”
Ghai said amid the randomness of malicious actors trying to “disrupt, steal, subvert and instill fear,” the big question is how you secure chaos.
“You can’t, he said. “You focus on resilience by embracing chaos. How? One, expect the unexpected. Two, trust no one. And three, compartmentalize failure zones. In cybersecurity, to practice chaos and reliability engineering, teams should constantly assess and test their responses. Attack your own network and see if you recorded that attack, because if you don’t have visibility, then you don’t know what to defend.”
Once you have visibility, use threat intelligence to understand your verticals’ likeliest antagonists, including their methods, Ghai said.
“Zero trust was always important,” he said. “But in the post COVID-19, work-from-anywhere always world, it is imperative. It is a mindset, not just an architecture. Microsegmentation, providing layer 7 threat prevention and risk-based, continuous multifactor authentication (MFA) are critical components.”
But what is most important is limiting trust to what is absolutely required and never elevate trust based on unreliable factors, Ghai said.
By some estimates, 127 new devices are connecting to the internet every second, he said. And it’s not just the connected devices. It’s connected organizations and the private data flowing through this value chain.
Prioritize Intelligently
Everyone is working with limited resources, “so we have to prioritize intelligently,” Ghai said.
“We have to protect areas that will present the greatest risks, not where we see the most holes,” he said. “By prioritizing based on risk and protecting what matters most, we will ensure that when we fall, we will withstand.”
Those who belong to a community rise up stronger because they rise up together, Ghai said.
“We must be inclusive to nurture and grow our community,” he said. “We need to bring not just the security professionals, but IT and business as well into our community.”
Attracting diverse talent is also important, Ghai said.
“For 30 years, the RSA conference has helped us do just that,” he said. “Today, we have broader participation, deeper sharing and wider representation than ever before.”
Scroll through our gallery above for more highlights from RSA.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like