The Art of Possible permeated every facet of RSA Conference 2024. From navigating the takedown of criminal marketplaces to mitigating risks from digital adversaries, industry luminaries shared stories of their journeys, which have been riddled with challenges and opportunities alike. Here’s a look at some sessions worth exploring or revisiting.
Possible, but Uncertain
In the dynamic world of cryptocurrency, where value fluctuates like a rollercoaster ride, one thing remains constant: the willingness of its community to take risks. In her talk, Outta Luck: Security Lessons from Crypto Forums, Rachel Parker Solem, Security Operations and Compliance Administrator, Protect AI, said, “This is a community that is willing to gamble and invest unbelievable sums of money on digital assets." That sliver of hope—the belief in what is possible, drives these investments. For some, the investment pays off. Still, Solem noted, "to make money in the crypto space is often a crap shoot.” Amidst the allure of potential riches, the landscape is fraught with uncertainty, which means making money is more often a game of chance.
The Genesis of a Possible Takedown
Crypto investors aren’t the only ones taking chances, though. Another RSAC 2024 session explored the FBI’s takedown of the Genesis marketplace and serves as a valuable lesson in different approaches to combating cybercriminals. Faced with the challenge of targeting malicious actors from jurisdictions beyond national borders, the FBI got creative and took a collaborative approach in what they called Operation Cookie Monster. According to Amanda Knutson, FBI, Supervisory Special Agent, the team relied on the joint law enforcement efforts of over 16 countries. What seemed potentially impossible—dismantling this nefarious operation—became a reality in large part because of crucial partnerships.
The Art of Tokenization
Creative thinking and collaboration also proved beneficial for Capital One’s journey to tokenization. In his session, Costume Jewelry: How Capital One Uses Tokenization to Protect Data, Andy Ozment, Chief Technology Risk Officer, EVP, Capital One explained that the company made the decision to shift towards cloud-native infrastructure. The journey that started in 2015 and culminated in the closure of all data centers by 2020, now serves as an example of how forward-looking ethos can allow organizations to thrive in today's digital age. Ozment emphasized that tokenization has been a useful tool in mitigating risks associated with sensitive data, and his session exemplifies all that is possible at the intersection of security and innovation.
Potential Harmony
When we think of the convergence of IT and OT, we aren’t thinking about space, which Patrick Lin, Director, Ethics + Emerging Sciences Group, California Polytechnic State University, SLO said is the next big growth area of cybersecurity. It’s no surprise Why Outer Space Is the Next Frontier for Cybersecurity given that, " We rely on the benefits of space exploration on a daily basis for positioning, navigation, and communications.” The space business is booming, Lin said, however, the reality is it’s driven by technology, which is hackable.
Mitigating the threat of being hacked is an ever-concerning challenge for those dealing with critical infrastructure and industrial control systems where there are prominent IT/OT gaps. Bryson Bort, CEO, SCYTHE and Jennifer Minella, Founder, Principal Advisor, Viszen Security talked about the unique challenges inherent in bridging the gaps between IT and OT in their session, Harmonizing IT and OT Security in the Era of Convergence. “IT value quickness and agility,” Minella said, “while in OT we value resilience and availability.” If harmony is the goal, teams need a holistic security strategy that reconciles these divergent priorities.
The Art of Inclusive Leadership
Amidst all the sessions on cloud security, software vulnerabilities, AI, and materiality, what also resonated was the imperative of inclusivity. In the session Avoid Being Accidentally Offensive (Guys Guide to Being an Ally), Jeff Pollard, Vice President & Principal Analyst, Forrester reminded audience members, "Exclusion does not require intentionality and it can be accidental.” Lynn Dohm, Executive Director, WiCys, echoed Pollard’s sentiment in her session, Cybersecurity Leadership: Mobilize, not Paralyze. While the cybersecurity community may espouse support for underrepresented populations, inadvertent acts of exclusion serve as a sobering reminder of the need for introspection and allyship, which underscores the importance of fostering an inclusive culture both within the organization and across the industry.
As it is with life’s most challenging situations, you have to go through it to get through it. These industry experts have certainly been through it, and sharing their stories and advice left attendees inspired. Each encouraged folks to think creatively about problem solving while emphasizing that it is through collaboration, innovation, and a commitment to inclusivity that we can collectively build a more secure and equitable future.