For nearly two decades, SHIFT has been supporting the world’s largest cybersecurity event: RSA Conference. The 2019 event took place last week at San Francisco’s Moscone Center and the SHIFT team was on site along with 42,500+ attendees and 700+ exhibitors in what was a very successful week.
While each year is unique, the show never fails to have its share of newsworthy moments from the top minds and companies in the big world of cybersecurity. Here are some of those moments:
Backstory (From Google X)
Incubated within Google X’s cybersecurity startup Chronicle, Backstory is “a global security telemetry platform designed for a world that thinks in petabytes.” In layman’s terms, it offers real-time analysis of cybersecurity alerts.
Backstory helps companies investigate cyber incidents, pinpoint vulnerabilities and hunt for potential threats, capabilities that are typically complex and costly due to a patchwork of cybersecurity products these alerts usually come from. Backstory relies on Google’s vast infrastructure, machine learning and data analytics tools to simplify managing security alerts at lower cost, helping companies to more easily filter out real threats from false alarms. For more on Backstory, check out this blog post on the product from Google.
NSA’s Ghidra Toolkit
On stage at RSA Conference, the National Security Agency officially announced it would open source Ghidra, a formerly classified toolkit for reverse-engineering malware. As WIRED put it, “it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does.” The process of reverse engineering is so important for security researches because it lets them work backwards from threats they see in the real world carried out by bad actors and understand how it works, its capabilities, who wrote the software and where it came from. Now open-sourced and freely available, Ghidra can be seen as the NSA’s gift back to the private sector, which is expected to use the tool widely.
Humans + Machines = Trust
Artificial intelligence and machine learning were both big topics at RSA Conference, but despite concerns around eroding trust and fears that they will put us all out of a job, most experts at the event view them as complementary to humans and key to the future trust landscape.
On stage, RSA President Rohit Ghai and cybersecurity strategist Niloofar Razi Howe preached “pair programming” between humans and machines, the idea that when two programmers work collaboratively on code they have better outcomes. Humans and machines working together are, as Howe said, “trustworthy twins.” They imagined a future in which trust in companies evaporated in the mid-2020s (a result of things like fake news and failure with autonomous tech) but was repaired by 2049 via a combination of humans and machines working together.
IBM’s Mary O’Brien said that security programs will always involve tech, but often tech is easier than humans to bypass due to its inherent vulnerabilities and object of most cyber attacks. No matter where the weak link is with cybersecurity, O’Brien emphasized that humans are critical to improving security.
Cybersecurity’s People Problem
According to ISACA’s State of Cybersecurity 2019 survey, released at RSA Conference, cybersecurity professionals are still in short supply and hard to find, particularly for roles that require technical proficiency.
58 percent of respondents said their organization has unfilled cybersecurity positions, and 45 percent of female respondents said they believe both men and women have equal opportunity for career advancement.