Kicking things off
The conference began with a keynote from RSA CEO Rohit Ghai on the topic of transformation. Ghai noted several unpredictable factors have forced changed in the last two years, including the pandemic, which meant a near overnight shift to remote work and accelerated digital transformation initiatives and the Colonial Pipeline ransomware attack that prompted gas shortages for several days and brought the high-stakes of breaches and cyberattacks into sharp focus.
Many in attendance tweeted quotes from the stage.
âWe need to stop prioritizing convenience over securityâ -Rohit Ghai, RSA Conference, opening keynote #rsac #rsac2022 #rsaconference,â tweeted Todd Fitzgerald (@SecurityFitz), vice president, Cybersecurity Strategy with the Cybersecurity Collaborative.
Ghai called for a massive rethink on risk, saying "Transforming security will require us to reorient our thinking."
He made several suggestions for a path forward, including a different approach to identity. He advocates for a focus on identity that doesnât rely on traditional access approaches, like the password.
"Identity is the one constant in cybersecurity," he said. "It's time to hold a requiem for passwords."
Tackling mental health and burnout in infosec
Mental health was also on the agenda at RSA as Chloe Messdaghi,Chief Impact Officer, Cybrary,gave a talk titled The Transformation of Post Pandemic Mental Health.
Messdaghi also spoke on mental health issues, specifically burnout, at the nearby B-Sides San Francisco event, which is held concurrently with RSA annually.
âThe issue burnout was a serious challenge facing cybersecurity, which hit overwhelm levels in the last several years, as explained by @ChloeMessdaghi in her #BSidesSF talk Burnout: The Weakness to your Security Plan,â tweeted Chris Brown, and executive coach focused on cyber strategy. Messdaghi says that burnout can often be PTSD or depression and is frequently the result of bad management on the job. It is an even more prevalent problem among women in the industry, who regular deal with harassment and discrimination. Even in an industry with high turnover, women often leave roles at a faster pace than men. Today, Messdaghi says the response from the industry is not enough to tackle the massive level of mental health struggles that exist among the ranks of security professionals.
âThe industry isnât doing anything about it,â Messdaghi told Eleanor Dallaway of the publication Infosecurity. âIn hacker communities, we keep learning about suicides, thereâs no personal work life balance and that has tragic consequences.â Candidly, she stated: âthis industry is costing people their mental health.â
âI was so happy that I was able to make this talk! So many things resonated with me, especially that the industry hasn't changed yet,â tweeted McKenna Yeakey (@CyberKenna), a corporate security engineer with Plaid. âWe see so many people leaving because of burnout and orgs need to start caring about their defenders,â
AI gets smart. Too smart.
Well-known security luminary technologist Bruce Schneier spoke at RSA on the topic of Artificial Intelligence (AI), specifically AIâs eventual ability to hack humans.
âAt a 2022 RSA Conference keynote, technologist Bruce Schneier asserted that artificial intelligence agents will start to hack human systems â and what that will mean for us. âHuman systems need to have the same agility as software,ââ tweeted security professional David Bork (@davidbork).
Schneier, an accomplished author and currently a lecturer at Harvard Kennedy School, hypothesizes that while humans created AI, they have no control over how it evolves to make decisions.
âAI will hack humanity unlike anything thatâs come before,â Schneier said in the presentation. âAI systems will hack other AI systems and humans will just be collateral damage.â
AIs today are âblack boxes,â according to Schneier.
âData goes in one end; an answer comes out the other. And it can be impossible to understand how the system reached its conclusion even if you're a programmer and look at the code."
What does mean for the future precisely? Schneier predicts AI technology will only become more intelligent and develop hacks on its own and those hacks will spread.
âAIs will inadvertently hack systems in ways that we wonât anticipate all of the time,â Schneier said. âAny good AIs will naturally find hacks. Once AI systems start discovering hacks, they will move at a scale we are not prepared for.â |