Having attended most of the San Francisco RSA Conferences over the past decade, I can safely assert that they never fail to send me away with a full brain. Over the course of the week, there are always countless opportunities to learn, exchange, share, grow, and be blown away.
I'm sure all of you would agree that the just concluded 2019 edition did not disappoint.
From the moment the earliest arriving attendees sat down Monday morning for their all-day seminars, up until conference program chairman Hugh Thompson closed things with his conversation with Tina Fey, there were choice tidbits lurking around every corner. Even when the topic strayed far from security, there were still lessons for the industry to glean.
For instance, how many of us knew that Donna Brazile and Mary Matalin were such fast friends? I suppose Matalin's long-standing marriage to James Carville should have tipped us off that she has an easy time reaching across the aisle, but watching these two political rivals chum it up on stage served as a reminder that the white hats and black hats in the cybersecurity battlefield aren't as different as some of us might imagine. (Which explains why so many of the greatest hackers end up becoming valued consultants.)
As an aside, Brazile served up perhaps my favorite quote of the conference when she let loose with this crack about her time as chair of the Democratic National Committee: "I was hacked so much I turned black in the process."
But I digress. Because when we get right down to it, we all know what we come to the RSA Conference for: to take a deep dive into the world we work and live in, and to come away feeling that we — and the larger cybersecurity community — have taken a little step closer to a secure cyber world.
Along the way, we also learn lots of little things we didn't know, and since I've been hitting on so many of the bigger themes all week, I thought I'd share some of those little takeaways I'm leaving with:
-I learned from FBI Director Christopher Wray that 90 percent of the infrastructure in the U.S. is controlled by the private sector, which makes us somewhat unusual in the world. This fact underscores the importance of public-private collaboration in dealing with the very real threats to that infrastructure. (It also explains why our infrastructure has a relatively strong standing in the world. If it were in the hands of our government, it would more closely resemble that infamous wall our President is trying to get built.)
-I learned from Ethan Landow, head of strategy and operations for startup NuID and a participant in the inaugural Launch Pad session, that 57 percent of all breaches result in the exposure of passwords. That's more than the combined percentage of breaches that expose social security and credit card numbers, according to Landow. (Later in the week, the SANS Institute's Ed Skoudis recommended putting a space on the end of passwords so that bad guys just end up locking themselves out of our accounts. Genius! Wait…aren't they likely paying attention? D'oh!)
-I learned from Nathanial Gleicher, head of cyber security at Facebook, that the social media giant estimates the portion of accounts that are fake at between 4 and 5 percent. I've seen much higher estimates, but even this official number is striking. One in 20 Facebook accounts is fake? I don't know about the rest of you, but I'm going to have to have some tough conversations with family members — if that's who they really are.
-I learned from Megan Smith, CEO of Shift7 and former CTO of the U.S., that Chattanooga, Tenn., has the fastest Internet in the Western Hemisphere. (This information, were it pertinent in 1953, might have helped Yosemite Sam avoid some serious embarrassment at the hands of Bugs Bunny.)
-I also learned from Smith that in 1792, pennies were embossed with a very interesting declaration: "Liberty, parent of science and industry." It's an idea that speaks directly to the cybersecurity mission today, and how it ties the protection of freedom to the thriving of technology and business. (Of course, in the current political climate, the phrase could be updated to "Liberty, parent of division and misinformation.")
But, of all the things I learned this week, the one that put the biggest smile on my face was learning that Helen Mirren carries every bit the gravitas amid a sea of thousands of cybersecurity professionals that she has in her long and distinguished acting career. And anyone who's seen her in "Eye in the Sky" probably wasn't surprised at all that she was such a natural fit on the RSA Conference stage.
With that, I'm going to drop the blogger's mic, return home to digest all of these learnings, and look forward to finding out what's in store for all of us next year.
Until then, happy hunting!