I had never attended a RSA® conference before. In fact, it was my first time at a Cybersecurity conference. I had previous experience attending other conferences, such as the ACM/IEEE Supercomputing Conference (SC) and the Grace Hopper Celebration (GHC) of Women in Computing. However, they were not as “big” as RSA®C.
When I found out I was nominated to represent New York University as a Security Scholar at RSA®C, I started doing research on the conference itself, attendance numbers, sessions, etc…, but had no idea what to expect. There is so much to do; and on top of that, as Security Scholars we must attend some events tailored exclusively for us. Some advice from this is: look up the entire conference program ahead of time and create your schedule at least a week before, save it in your phone’s calendar if possible. It will come in handy. There will be a lot of learning throughout the week; keep a small journal and jot things down as you go.
What is a Security Scholar?
Security Scholars are students (undergraduate and graduate level) enrolled in universities in the United States that have been nominated by their school to represent them at the annual RSA® Conference in San Francisco.
As Security Scholars, students have the opportunity to participate in exclusive activities with fellow scholars, have VIP seating at the opening keynote, network with program sponsors and attend an exclusive dinner with leading experts in Cybersecurity. Security scholars are issued a full conference badge. They have access to the Expo floor and all of the activities available at the conference –including keynotes, sessions, labs, sandbox and more.
Building Bikes for Charity
Most of the Security Scholars were scheduled to arrive on Monday, the first day of the conference. Building bikes for charity was one of the events that was exclusive for scholars. Giving back to the community is a great way to kick off the week. The event started with ice breaker challenges, and we built the bikes as we completed each of the challenges. rsac_charity To finish up the day, we attended a casual dinner with fellow scholars at the Golden Gate Tap Room.
Attending the Opening Keynote as VIP
This year’s theme, the Human Element, was particularly of interest to me. As Security Scholars, we had designated VIP seats about 20 rows from the main stage. The Opening Keynote with George Takei had sort of an outer-space touch, with unique ideas around the human element theme.
Here is one of my favorite quotes from it:
“Every mind in this room works in its own unique way. Like fingerprints, no two brains are the same. Each thought is informed by your genetic disposition, and your environment, life experiences, race, gender, age, beliefs, brain chemistry. This exquisite diversity enables us to handle problems that might perplex us if we faced them alone.”
George Takei’s Opening Keynote was followed by RSA’s President, Rohit Ghai’s talk on “Reality Check: The Story of Cybersecurity.” I have compiled some of my favorite quotes from the talk to give a summary of the overall message:
“The highest increase in threat actions was social engineering and the human asset was the highest growing target asset category from 2013 to 2018.”
“Their advantage is not that they have the best tech, or the best techies. Their advantage is that they are more organized.”
“We continue to spend an inordinate amount of energy preparing for the most sophisticated thread vectors, while most incidents occur due to very, very basic issues or unforced errors.”
Talk by the Numbers
“71% of the threat actors in breaches are financially motivated.”
“Use of stolen credentials is more than 60% of the top hacking action varieties.”
“80% unemployment of neurodiverse talent pool population.”
Lastly, but not least. My favorite quote from this talk:
“We need to rethink our culture and shift from a culture of elitism to a culture of inclusion. Expanding our talent pool, filling the talent gap, however you look at it, requires finding defenders outside the tech community. Let’s stop being STEM snobs.”
Lunch with Industry Partners
During this activity, we had the opportunity to discuss a variety of topics in Cybersecurity, from healthcare and entrepreneurship, to politics and voting machines. I had the pleasure to have lunch and engage in some interesting discussions with Maggie MacAlpine, Project Manager / Co-Founder at Nordic Innovation Labs.
Zee Abdelnabi, Linda Gray Martin, Gen. Keith Alexander (Ret.), Ted Harrington, Nina Alli, Ash Kulkarni, Robert Lee, Cecilia Marinier, Allison Lorentson Dunn, Christopher Painter, Theresa Payton and Dr. Hugh Thompson were the experts sitting at other tables with the rest of the Security Scholars and were also available for us to answer any questions we had.
Dinner with Industry Leaders
One of my favorite Security Scholar activities! Sitting down with not only one, or two but three top industry leaders to have a discussion over dinner (and wine) was one of the most memorable and valuable experiences I had.
I had the honor to sit at the table with:
- Arthur W. Coviello, Jr., Executive Chairman (retired), RSA, The Security Division of Dell Technologies (EMC)
- Adam Ely, Vice President and Deputy Chief Information Security Officer, Walmart
- Alyssa Miller, Application Security Advocate, Snyk, Ltd.
Top industry leaders in attendance: Paul Asadoorian, Kevin Cross, Pete Boden, Whitfield Diffie, Arthur W. Coviello, Jr., Dr. Taher Elgamal, Adam Ely, Emily Heath, Peter Fischer, Kim L. Jones, Allan Friedman, Paul Kocher, Shannon Lietz, Alyssa Miller, Andrea Little Limbago, Matthew Miller, Wendy Nather, Brandon Neff, George Ressopoulos, Tal Rabin, Cesar Rios, Zulfikar Ramzan, Ronald L. Rivest, Adi Shamir, Bruce Schneier, Mignonette Silot-Chang, Suzanne Schwartz, Ed Skoudis, Lance Spitzner, Dafina Toncheva, Camille Stewart, Ellison Anne Williams, John Strand, Beau Woods and Erez Yalon.
Keynotes, Sessions, Labs
There were keynotes every day, as well as sessions and labs. There are plenty of topics to explore and many of them happen at the same time — hence, the importance to plan your schedule ahead of time but leave room for change.
Our Tuesday was full of Security Scholar activities, so I decided to plan for other events, sessions and programs for Wednesday and Thursday. Some of my scheduled activities did not go as planned, but it was all for the better. During dinner on Tuesday night, I met Alyssa Miller and I found out she was giving a talk on “Deepfakes” the next morning. I never really put a lot of thought into the topic, but I was curious — and it definitely blew my mind.
You can check the talk here:
I supported some of my fellow Security Scholars at the poster presentations and pitch-off session. I also attended other sessions that covered topics such as forensics, kubernetes, cyber-incident response using open source, and red team webapp hacking lab to mention some.
However, Alyssa’s talk happened to be inside of what is called “The Sandbox.” The minute I walked into the Sandbox, I knew I wanted to spend a good amount of time in there.
The Sandbox
This was by far my favorite section of the RSA®C. There was a lab, a stage for general sessions, hacking station villages — from healthcare devices, voting machines, airplanes and cars to everyday IoT devices used by millions of people around the world.
I really enjoyed the labs and learning sessions in the Sandbox, especially exploiting IoT devices such as a D-Link router and a Wemo Smart Light.
The Sandbox is a MUST visit for anyone who enjoys hands-on activities at the RSA® Conference.
Main Takeaways from the Conference
- Everything comes down to Humans
- Embrace your uniqueness
- Let’s stop being STEM snobs; talent is everywhere
- Collaboration
- Educating the users
- Making it easier for others to practice Cybersecurity
- Vulnerabilities are tied to risk
- (Risk = ease of exploitation + impact to system)
- Most attacks are financially motivated