I recently read an article in SC Media magazine, “The Formative Moments: Women Share What Kept Them in Cyber or Drove Them Away.” The article references a recent study from Logitech and Girls Who Code, which identified shared experiences that have made “women feel more welcome in the workspace and more likely to remain in or pursue a career in STEM.” This article felt timely, as I planned for RSAC 365 content during October, which is also National Cybersecurity Awareness Month (NCSAM).
The theme for this year, See Yourself in Cyber, is at the heart of our Inclusive Security program and one of the core principles that drives our diversity, equity, and inclusion (DEI) strategy. We strive to ensure “diversity, equity, and inclusivity (DEI) in every aspect of our physical and virtual events. This includes the equal representation and expression of all genders, orientations, physical abilities, religions, ethnicities, and experiences.” We aim to be not only a hub of cybersecurity education but a mirror for the global community we serve.
In recognition of the unique individuals that comprise the collective “we” of RSA Conference, we are delivering a fantastic lineup of webcasts with speakers who will confront issues of toxic masculinity in the workplace and share personal stories of a life with Asperger’s and OCD. As NCSAM overlaps in part with Hispanic Heritage Month, we’ll also shine a spotlight on Raíces Cyber, who is working to change the world through diversity of thought in cyber. Additionally, you can explore this month’s featured content from our Library, including some Top-Rated Sessions from RSA Conference 2022.
While the first step to a career in cyber is seeing yourself as a stakeholder and change-maker, the ask this year is also to take action by “creating your own cyber awareness campaign and sharing this message with your peers.” According to CISA, there are key action steps everyone should take, whether you’re an individual, vendor, supplier, or critical infrastructure owner or operator. To help members of our community create their own cyber awareness campaigns, we’ve collected content from our Library related to each of the key action steps. Feel free to share these and other resources as part of your efforts this month.
Enable Multifactor Authentication
What started as 2FA, two-factor authentication quickly evolved into multifactor authentication (MFA). Regardless, the challenges of access management and authentication that security teams are trying to solve for are rooted in identity. Some believe that FIDO is the answer, while others argue that MFA has been a topic of conversation for several years now. But in 2020, these discussions started to include mobile devices, and for good reason. As the tactics and techniques of attackers continue to evolve, defending credential systems becomes more challenging. As experts continue to reimagine modern access security, some organizations might benefit from implementing continuous authentication.
Use Strong Passwords
Passwords have been the bane of security professionals’ existence for more than a decade. Many hoped that password managers would mitigate the risk of weak passwords, but this 2020 session revealed that hackers are able to extract secrets from locked password managers. Meanwhile, leaked credentials expose products to nefarious actors. Perhaps that’s why some security professionals are getting behind the passwordless movement. That’s definitely the argument Mario Duarte and Tom Jermoluk are making in this recent podcast.
Recognize and Report Phishing
A look back through the headlines over the past few months confirms that phishing campaigns are successful for attackers and destructive for victims. So, how can security teams defend against phishing attacks? It’s a topic addressed in a session Tracy Celaya Brown and Ira Winkler delivered at RSAC 2021 and RSAC 2022, Human Security Engineering: Stopping User Initiated Loss. As the threat landscape evolves, we see cybercriminals targeting schools and healthcare institutions with fervor. For more on phishing, read How to Fight the Phish.
Update Your Software
The Biden Administration has certainly brought software security front of mind for developers and vendors alike. In the upcoming Follow Up to the RSAC 2022 Top-Rated Session, Daniel Krivelevich and Omer Gil will discuss securing the engineering ecosystem all the way from code to deployment. In fact, several sessions this year focused on the importance of cyber diligence, particularly in third-party risk management. Security teams might benefit from building a vulnerability management program, but it is also likely that the industry at large needs a cloud vulnerability database.As always, you can explore a variety of content on these and other topics in our Library. If you do build your own security awareness campaign, consider sharing it with others through our RSAC 365 Cybersecurity Learning program. We accept submissions on any topic year-round, and we want to see you in cyber.