We have a great lineup of speakers presenting in less than two months at RSA Conference 2020 APJ, but you don’t have to wait for our virtual or physical events to access the educational resources delivered at Conference. That’s right, they are available for free on our website. Over the past several weeks, we’ve highlighted some of the top sessions presented in February, with added insights from the speakers. Here’s a look at what this week’s speakers said they would do differently if they delivered their session today.

1. Air Gap Hopping with Musical Fans: Proving a False Sense of Security

“The discussion was about covert c2 channels that leverage alternate means of communication. In the instance of the demoed capability in my talk, sound created by the fans creates a viable channel of connecting two machines,” explained Aaron Rosenmund, Author and Evangelist at Pluralsight. “Normally, this would be limited to times when someone would not notice the fans behaving in such a way, so the imperative to monitor the fans’ speeds for binary fluctuation would be lower on your priority. However, many of those secure rooms now sit empty all day and night. If no one is watching, that is the perfect opportunity for attackers to exfiltrate large amounts of data. Further, with your secure data now primarily at home with you, where you don’t have the same electromagnetic emanation protections, those with the most valuable data need to be aware of the capability to pull data from your screen or CPU through walls and over surprising distances without an Internet connection, and whether or not you are using a VPN.”

2. API Abuse through Mobile Apps: New Attacks, New Defenses

Skip Hovsmith, Principal Engineer at CriticalBlue said, “A key point of the session, that mobile app security must not rely on user authentication alone, has moved front and center during the ongoing wide debate about contact tracing apps. Back-end systems are the conduit of COVID-19-exposure notifications between app users. While such apps will become fundamental to life after lockdown, we shouldn’t be forced to trade our privacy to use them. API security with anonymity is the key ingredient to success here. We simply can’t risk the societal disruption caused by malicious actors subverting the system and throwing us into chaos. If giving my talk today, a contact tracing app would be a great teaching example.”

3. How to Build Engaging, Low Cost Awareness Videos

“The way to appeal to your audience has changed,” said Jill Barclay, Cybersecurity Awareness and Communications Lead at CommonSpirit Health. “In these unprecedented times of telecommuting, the lines between home and office have become blurred. Security awareness professionals should recognize that their audience is working from completely new environments. The façade of working in a protected office space is gone. In a way, employees need to be their own IT departments and set up protected home networks. What emotions are employees experiencing? How do they feel? Whatever education or training you serve up to them has to reconcile these feelings. Consider how their new environment influences the link between their emotion and what they’ll be able to absorb. People who experience emotions that fit the context at hand will be more likely to connect with your message.”

4. Analyst View: Cybersec/Risk/Governance Jobs, Skills, Pay Review and Forecast


“Those of you working in the industries that have been most vulnerable to the pandemic should consider jumping to employers in other industries less directly affected. Review the quarterly tech job and skills analyses and forecasts you will continue to receive from our firm as an opt-in,” said David Foote, Chief Analyst at Foote Partners, LLC. 
Contributors: