As RSAC wrapped up, the conversation shifted to operationalizing threat intelligence, meeting customized attacks where they are, recovery, reimagining the CISO, and of course, where humans fit into the loop.
What we learned:
Humans are still very much in play. But they will work collaboratively with their non-human counterparts, providing the necessary skills, conscious and guidance that can only come from real-life experience. They will sit in data centers and SOCs and perhaps coalesce into highly skilled teams that support the CISO.
MCP is passé. Depending on who’s talking, MCP will being an ongoing thorn in the sides of security, but many see it becoming a part of essential infrastructure and protected as such.
Cyber marketers are becoming an important line of defense. Not only do they have to understand complex solutions and business environments, they are sharpening their security skills. Good thing, too, because many are having to step up to protect brands from scams, working with security teams and the C-suite to reduce and eliminate risks.
Put to bed the notion that security is simply a cost center. Yes, it costs money to defend organizations but think of security as reducing unrealized loss. That’s something that every CFO can understand.
Cyber war is already underway. Call it what you want, but nation-state attackers have ramped up their attacks on critical infrastructure. TIme to marshal the troops from the public and private sector to do battle with the best outcomes.
Overheard at RSAC:
“Statistically, an SMB business is three times more likely to get breached than an enterprise company because of the criminal enterprise. The new application of AI that is most impactful is notifying a customer of a security event and what we did about it.” –Robert Johnston, Chief Innovation Officer, N-able
“You hear about guardrails but that’s on the server side. No one talks about guardrails for the client, that’s where data leaks out. The rubber really hits the road when someone has to interface with the data.” —Jason Trunk serves as Vice President and Field CTO
“The CISOs I know that are reasonably happy in their jobs are the ones that have a really good incident commander. When they’ve got incidents and they get the call, they’ve got such confidence in [those commanders] that they just let them do it.” –John Watters, CEO, iCounter
“Everybody wants a silver bullet and they think AI is going to be that silver bullet. But you don’t think of the humans that are going to operationalize it and make that productivity and mass data analytics actually actionable.” –Nicole Carignan, Senior Vice President, Security and AI Strategy, Darktrace
“A cyberattack doesn’t have to be persistent to be possible, it just has to be believable.” TK Sarah Gosler, Managing Director, Head of Cyber Human Defense, Wells Fargo
“Cyber conflict isn’t some frontline thing. It implicates all of us and everything we do. If you think about the private sector, it really has become another domain of warfare.” – Jen Easterly, Executive Director, RSAC; former CISA Director
RSAC may be over, but the information keeps flowing. Stay tuned to Tech-Channels for more insights from the top leaders in security.