RSAC 2023 is a wrap! The Forrester security and risk team had 11 attendees at the RSA Conference last week. We really enjoyed meeting with clients and colleagues old and new — and now we’re exhausted. It’s no mystery why; as a team, we collectively participated in over 230 meetings and took more than 1.5 million steps (thank you, smartwatches!).
Forrester also hosted a standing-room-only reception for Forrester clients on Tuesday night, with an analyst panel discussing RSAC’s trending topics moderated by Laura Koetzle and featuring analysts Heidi Shey, Sandy Carielli, Geoff Cairns, and Allie Mellen.
Forrester had three team members who spoke at RSAC 2023, including:
- Enza Iannopollo — Enza spoke on How to Design and Execute Superior Employee Privacy Practices, a topic she has written on extensively at Forrester.
- Laura Koetzle — Laura moderated a keynote on Standards on the Horizon: What Matters Most? with Juhan Lepassaar, the executive director of the European Union Agency for Cybersecurity; Dr. Laurie Locascio, the director of the National Institute of Standards and Technology; and Patricia Titus, the chief privacy and information security officer at Markel Corporation. Laura has served on the Program Committee for RSAC since 2013.
- Ron Woerner — Ron delivered three sessions this year on Using Influence to Stop the Unfluence: The Secret Sauce of Cybersecurity, The Cybersecurity Trusted Advisor — Building Influence to Reduce Risks, and Human Hackers Anonymous.
Here are the Forrester security and risk team’s key perspectives from RSAC 2023:
- There’s growing hype on generative AI. Generative AI was the nonstop talk of the town this year. It gave the impression that there is no security problem that a healthy dose of generative AI cannot solve — despite that being the opposite of the truth. Multiple announcements and booth demos on generative AI flooded our email inboxes and conversations. Forrester’s advice: Don’t rush to adopt. There’s a lot that remains to be seen with how generative AI should be applied to security tooling. While there’s a lot of potential, there’s also potential for disaster — for example, using generative AI to create detection-as-code is interesting but short-circuits important steps such as peer review and unit testing that must be done to ensure code quality.
- There’s no consensus on the timeline for cryptographically-relevant quantum computing, but it is still best to prepare for a post-quantum world. The RSA Conference’s cryptographers disagreed on when we’ll see cryptographically-relevant quantum computing (meaning: quantum computers with the generality, power, scale, and stability needed to break current public key cryptography). The experts’ estimates for cryptographically-relevant quantum computing ranged from 10 to 40 years. Regardless of the timeline, they recommended taking the following steps: 1) Don’t use public key cryptography for long-term security requirements — instead, use a classical cryptosystem and go through the hassle of manual key exchange; 2) replace difficult-to-upgrade signing keys with ones that are quantum-resistant; and 3) remember that switching to any of the candidate quantum-resistant algorithms is much more complicated than switching from DES to AES was, so start now and don’t rush.
- Protecting machine-learning models and making security easy(ier) for developers claim the top spots at Innovation Sandbox. As those of you who’ve joined our annual RSA Conference key takeaways webinars know, a subset of us faithfully attend Innovation Sandbox to assess some of the up-and-coming cybersecurity startups. This year’s winner was HiddenLayer, a startup that protects machine-learning models. This is not surprising, given that securing machine-learning models is a hot topic what with the current generative-AI conversations. The runner-up: Pangea, which makes critical security functions into APIs for developers to use. Anything that makes it easier to get developers to ship more secure code is worth prioritizing, as we talk about with the Forrester Secure What You Sell Model.
A special shoutout to the Mental Health in Cybersecurity Leadership Summit hosted by nonprofit Cybermindz, which was a highlight of the week. It brought much-needed attention to mental health support for cybersecurity teams, with an engaging lineup of speakers, from an interview with the founder and chief operating officer of SOC Prime, a Ukrainian cybersecurity company, to a CISO panel speaking about the challenges of leading cybersecurity teams today. The summit also introduced the launch of Cybermindz.org in the US and demoed the Integrative Restoration (iRest) protocol, which has been used by the Australian and US military for years to treat PTSD, anxiety, depression, insomnia, and pain management.
These are just a few of our RSAC insights. To hear more about our collective RSAC 2023 experiences, please join us for a client-exclusive webinar on Tuesday, May 30, at 11 a.m. Eastern Time and an accompanying full report.