The keynote presentation this year at RSA carried three major themes: Better Together, Trust, and Artificial Intelligence.
We were treated with a surprise keynote opening by Dame Helen Mirren, who gave an inspirational speech on the influence that every security practitioner in the room has on the security of our world. She walked us through an exercise, asking everyone to hold up their favorite picture on their phone, and share it with the people sitting nearby, to remind us all we are humans.
It’s important in trying times, when we are all working hard every day to combat the cyberattacks against our nation, our companies, and our people to remember that we are all humans doing our best. When things are hard, it’s okay to look to your left and your right, and share in a positive experience with a neighbor. None of us can protect our world without each other.
“We can build a better future together.” – Dame Helen Mirren
Next Rohit Ghai and Niloofar Razi Howe treated us to a visionary walk through the future, painting a picture of the year 2049 when the world is in the middle of a new era: the Biodigital Era. The main takeaway was that the security landscape is rapidly changing, and moving away from just understanding risk and attacks, and towards a world where trust is the most important thing.
They painted a picture of a future where people lost faith in democracy, in media and news, and in the companies they had loved for so many years. We were brought back to the current year, 2019, where over 40K attendees at RSA made the conscious decision to work toward fixing the trust landscape so that the vision of an untrusting world of 2049 does not come to reality.
They challenged everyone to get there by working toward three visionary objectives:
1) Consider both risk and trust together: Risk and trust coexist, and you have to understand, prioritize, and manage your risk so you can continue to keep trust.
2) Embrace the machine/human relationship: The trustworthy twins are here, meaning that humans and machines together are more trustworthy than either individually. As an industry, we should work to continue embracing this relationship, because our adversaries are working towards this.
3) Build a chain of trust by measuring your reputation to measure your trustworthiness. There is a connection between the reputation of your business and its trustworthiness, and we need to ensure that we make “deposits” to our global reputation account by celebrating successes and sharing knowledge between companies. Too often, we make “withdrawals” when things go wrong, but don’t spend enough time working with others, even our competitors, to understand the attackers and threats that work to taint our reputations.
The last common theme was around AI, which resonated through all the presentations during the keynotes. AI is important to the success of our companies moving forward, and we must embrace this change. Our adversaries leverage machine learning and artificial intelligence to prioritize their attack vectors toward the weakest points uncovered by these algorithms. However, AI has limitations that still require human partnership, which we were reminded of during a story about the Cold War era. The Soviets “detected” the US launching five missiles towards them, but one man decided to ignore the “by the book” protocol and dismiss it as a false positive (which was correct), rather than escalating us into World War 3.
Adversaries are working on a number of fronts to combat the work that security companies do leveraging AI, including things like tainting machine learning classifiers in order to throw off the detection of their attacks.
It’s amazing being at a conference of over 40K people who are all working toward the same goals: to protect our customers, our data, our country, and our people. There is an incredible honor and pride in this work and a sometimes overwhelming challenge when the targets are moving. It’s important for all of us to continue to understand how the threats are changing and stay laser focused on the needs of companies to combat those threats. Veracode works every day toward these goals, with a heavy focus on ensuring that our customers can trust the results of the security tests we give them. For us, trust is important, and the world shifting towards a focus on trust is critical to the success of our security practices.
Stay tuned for more from RSA …