Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
IANS was on stage as a Research Partner at this year’s RSA Conference in San Francisco. RSAC is the central meeting place for the cybersecurity community with the 2023 conference attracting more than 40k security professionals and luminaries. Nick
Kakolowski and Gina Glendening, two of IANS Senior Research Directors, attended and shared their feedback on RSAC 2023.
Gina: We saw this theme across a number of different areas:
Gina: ChatGPT period.
The buzz around Generative AI, Large Language Models, and ChatGPT specifically dominated presentations and conversations. Everyone was talking about it. With so much speculation and uncertainty about the technologies, more questions than answers were
Nick: The security industry is saying let's pump the brakes and understand the risk. Let's have a nuanced conversation about where we can use it safely, how we can control its use, and how we can set adequate boundaries around using these technologies
so we can gain the benefits while controlling risk.
There is an awareness that this technology can be used for bad as well. So how do we continue to stay a step ahead of the attackers and where they may be able to use it in disingenuous ways.
Nick: The topic of InfoSec staffing came up a lot.
We have to start getting strategic and smart as an industry when figuring out ways to attract and keep talent. This industry has been in an ad hoc state, growing fast as the security function matures and now hitting a tipping point. In security staffing,
there’s a need for:
We can't just keep hoping that we’ll eventually ‘somehow’ figure out security staffing and retention problems by organically growing these teams.
Gina: Zero Trust and Identity
Still much discussion around zero trust, identity, multi-factor authentication and cloud configurations and governance. These are areas we've been long talking about as organizations seek guidance and best practices to continue on their journeys, improve
Nick: Supply Chain Security
The complexity of the supply chain continues to be a major talking point and an underlying challenge across the industry. There's an increasing recognition that most small and mid-size organizations will just not be capable of protecting themselves against
the scale of attacks.
It's creating a situation in which the supply chain orgs have an opportunity to deliver more value to customers by taking on a bigger responsibility for security. This approach may also become a de facto expectation as the government’s cyber roadmap
includes strengthening supply chain security baselines across the board.
Gina: macOS Attacks
One of our IANS Faculty members, Ismael Valenzuela co-presented a session with his colleague that broke down the TTPs of recent attacks against macOS, which was interesting and just very timely. There’s been an assumption that Macs are “safer”
from a lot of targeted attacks - then the 3CX incident came along. Most organizations have made no investments to prepare for this new wave of attacks. This is alarming, considering macOS devices now constitute over 20% of the U.S. enterprise computing
market, and Mac enterprise adoption grew significantly over the last year.
This will be a challenge for organizations to manage the increased risks associated with the use of macOS devices. Defensive countermeasures were recommended, but nonetheless, it will be an interesting space to watch moving forward as we’ve heard
other IANS Faculty members warn of the growing threat of compromises to macOS devices.
Nick and Gina: As an official RSAC Research Partner, we were thrilled to have Faculty member George Gerchow speak on behalf of IANS during his session on hiring, development
and retention. It was also great to see so many IANS Faculty members on the agenda. While there were more than 650 speakers who took the RSAC stages, the level of deep domain expertise, tangible insights and actionable takeaways provided in the sessions
led by IANS Faculty members really stood out.
Outside of sessions delivered by IANS Faculty members, it also wasn’t uncommon to see some RSA presenters cite work that IANS Faculty have done. This just reinforced the pride we have in our Faculty as luminaries in the industry and such a valuable
resource to our clients.
Our Faculty are comprised of more than 100 renowned security practitioners with deep, domain-based knowledge who understand - firsthand - the challenges faced by CISOs and their teams.
IANS connects clients with Faculty to help them make better decisions, grow professionally, save time & stay compliant. Get in touch to learn more about how we can help move your security program forward.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 7, 2023
By IANS Research
Learn how to create an actionable CISO dashboard with meaningful security metrics using the three C’s principle that supports informed decision-making.
December 5, 2023
By Bryson Bort
As the year draws to a close, IANS Faculty provide their 2024 Cyber Predictions. Watch our video with Bryson Bort for tips on planning your 2024 IT/OT security strategy.
November 30, 2023
CISOs, find guidance on what to focus on within the first 30 days, 6 months and first year of your tenure to ensure a fast, successful start.