Few weeks ago we attended RSA Conference, the biggest cyber security conference in the world. The conference took the whole week starting on Monday February 24th and ending up in the afternoon of February 28th with the great Penn & Teller show. It was exhausting but rich week during which we got a lot of insights and better understanding of the current state of the art in the world of software security. We have learned a lot, but there is no space here to describe everything, especially in detail. This post is aimed to be a conclusion of the conference.
Human element was the key aspect of the whole conference. Starting with the keynote where speakers pointed out the importance of humans in cyber security, not only in finding solutions to the problems but also in understanding the problems and attackers better, human element took its part in every presentation.
The world is moving forward and traditional passwords are becoming less and less popular. The reasons could be different, such as weak passwords selected by users, problems remembering and storing all the passwords, and so on. Mutlifactor and passwordless authentication seems to be a suitable move in this area. Nevertheless, how many of you own iPhone? How many of you didn’t use authentication before iPhone introduced fingerprint authentication with the home button? I think it was an excellent idea as it was also stated during one of the presentations, because whatever you want to do in (older) iPhone you have to touch home button. There is no annoying pin typing required. And this is our job, we have to make security as user friendly as possible because users sometimes may not understand the risks.
Risk management, online elections, bringing up CISOs or crypthographic algoritms were another topics of the conference. How do you treat risk management in your organization? Do you know where you are vulnerable? How do you find new CISO? How do you prevent data breaches? How do you prepare your team and CISO to handle data breach if any occurs? How does your organization change when a new generation comes? These are the questions the presentations were aimed to answer during the conference.
The last but not least thought which remained in my mind is readiness of current solutions for handicapped and diverse people. Does the user’s skin color affect the usability of your product? Can blind people use your product? I think this is an emerging area in the current world and we should pay more attention to “who” we develop or rather don’t develop the software for.
Even when timing with regards to COVID-19 was not perfect, it was an excellent conference. People, presentations, expo (where I also spent a lot of time) and overall organization – all was awesome. I hope everyone is in good health and enjoyed the conference as I did.
