Transcript
Anna Delaney: Welcome to the ISMG Editors' Panel live at RSA Conference 2023 in sunny San Francisco. I'm Anna Delaney, and I'm joined by my colleagues, Tom Field, Mathew Schwartz and Michael Novinson. Gentlemen, hello, we're back.
Tom Field: We're here.
Mathew Schwartz: Great to be here, live.
Field: Good to be back.
Michael Novinson: Good to be with you, Anna.
Delaney: Very good. We are presenting coverage from the event on a daily basis. What are highlights for you today?
Field: Anna, I'm thrilled. First of all, we've got probably well over 150 interviews booked in our two studios over the course of four days, and it is the "who's who" of global cybersecurity industry. Personally, I'm excited that we're going to start our day with Alberto Yepez, who is the managing director, co-founder of Forgepoint Capital and he'll be in here talking about the state of the cybersecurity community and investments. I know Michael's got a ton of interviews going on with venture capitalists over the course of the week. Eric Goldstein from CISA will be in here today, and we will have Jamil Farshchi, the CISO of Equifax. Excited to talk about his topics and his leadership in this community. So it all starts now.
Delaney: Yeah, exactly. Michael, lots of interviews planned. So what are you looking forward to?
Novinson: Of course, I'm excited. Today, we have Nikesh Arora, chairman and CEO of Palo Alto Networks coming in. We're going to be talking about the role of artificial intelligence in the SOC. Also, we're going to be speaking to Mary O'Brien, GM of IBM Security, about evolutions and threat detection and response and streamlining that process. Out in the main stages, we have Lisa Monaco, from the U.S. Attorney General's Office giving a keynote about doing near-term disruption to cyberthreats and really taking the offense. So I think there'll be a lot of content on the stages in our studios that I'll be watching for.
Delaney: Michael, earlier on, we were having a discussion about what to look forward to. There's a lot of interviews around generative AI.
Novinson: Yes, generative AI. We are five months into the ChatGPT conversation.
Novinson: Certainly from the venture capital community, they're really trying to figure out how to monetize this. What's interesting is this is kind of phase 2.0 of AI, that if you think of AI 1.0 and security was really about embedding AI into technology to speed up that detection response process, companies like CrowdStrike that really pioneered that. Now people are really thinking about how to secure AI models and algorithms itself, what does it look like to ensure that the data in them is accurate that they can't be tampered with? And we're going to see a lot of startups trying to figure out how do we actually go about doing that? That's definitely on top of mind for a lot of the VC folks who I'm going to be speaking with.
Schwartz: I want to pick up on that as well, because one of the big themes, while the big theme this year is Stronger Together, I love a good theme. Okay, great. I can work with that, especially as a journalist, but Rohit Ghai, the CEO of RSA, is going to be speaking with us later this week, actually, I'm going to be interviewing him. And "The Looming Identity Crisis" is the name of his keynote. Obviously, identity, I think we can say it's a slightly abused word over the years. It means everything to so many people. But identity in AI is huge. And he's going to be talking about how we secure identity as AI looms, and we have all of these evolving security challenges. Obviously, just one of the themes, I'm really excited to be hearing, as usual, the latest threat intelligence, ransomware types of activity. So that's big on my agenda for this week.
Delaney: Any sessions in particular that you're looking forward to covering?
Schwartz: While the cryptographers panel is one of my favorites, on Tuesday, because you have world-class panel of cryptography experts, including Adi Shamir, very outspoken. They're going to - if history is any guide, they will be holding back in terms of what they actually think about things in the past that's included blockchain, mass surveillance, and privacy. This year, I am sure, we're going to be hearing a little bit about ChatGPT. And I'm really interested to hear what they think the use cases might be. Because they never hesitate to disabuse the industry of having too much love for something that isn't yet proven, you know, the latest shiny, flashy object. And I think we know what that is this year. So it'd be great to hear what they have to think about that, but with a bit of nuance, and with their incredible, rich background and history in cryptography that they all bring to that.
Delaney: Last year, the Ukraine crisis was a big issue and a big topic of discussion. Certainly in your interviews around cyber warfare, maybe less so this year. Who knows? Maybe that continues. I don't know what you're planning to discuss with your interviewees, but can that come up quite a bit?
Schwartz: Definitely. We're going to be talking about cyber operations. So there's a really interesting degree of nuance that's come into this discussion, because there were a number of people before Russia intensified its invasion of Ukraine, February 24, 2022. Before that happens, a lot of people thought we were looking at all that cyber war, we thought there would be reprisals against the West for the audacity to support Ukraine in Russia's eyes. And what we have seen is nothing of the sort. There is a huge increase in wiper malware that went away. We've seen ongoing cyber operations, but not in coordination, pretty much with what's happening militarily from a kinetic perspective. Missile strikes are still the quickest way to disrupt infrastructure. The really great hacking seems to be reserved, maybe for espionage and things that maybe we don't know about yet, because that is very useful from an intelligence gathering perspective for Russia. So I look forward to getting into that.
Field: Don't discount the impact of disinformation as well, because we certainly have seen that and continue to, and I know, I've done a lot of the pre-discussions with people we're going to talk to, The impact of Russia and Ukraine is a topic of discussion throughout our four days, and certainly critical infrastructure protection, including the government people that we're bringing in here who want to talk about the new national cybersecurity strategy.
Schwartz: I was going to say, wonderful. It's wonderful from an emphasis standpoint that the war has allowed us. We've been talking about critical infrastructure since 9/11. It's allowed us to finally get ... I think, organizations like CISA, up and running, and getting their perspective on things to help strengthen it. And we're seeing that in Britain as well.
Novinson: I think from a critical infrastructure perspective, something that's come up for some of the conversations I had is how to bring that protection to resource constrained organizations, at least in the United States. You have a lot of water districts who are districts that are just municipal run. And it's one thing if you're talking about a state that they have the resources and they have the personnel to secure it. But when you're talking about tampering with water systems or tampering with electric grids. If you have a new municipal run electric system, how do you bring protection to those organizations? It's something that's I'm excited to talk about with multiple executives in the critical infrastructure board space.
Field: And OT will come up certainly. And as you're alluding to, what about the small to midsize organization whether it's an enterprise or an agency?
Delaney: One word that hasn't come out yet - ransomware. How do you see the conversation, perhaps, just by looking at the agenda? How has the conversation changed? And certainly by your interviews, what are people looking forward to discussing when it comes to ransomware?
Field: I've had some people actually want to come and talk about ransomware and it hasn't gone away. There's a theme I'm hearing about with some individuals or organizations wanting to say we've got ransomware taken care of when really we don't and it hasn't gone away. So I've had some people come to me and say we want to talk about why this is still a top level concern.
Schwartz: It hasn't gone away, and it won't go away. And if you have something that's working today, the criminals are going to try to find a way to make sure it doesn't work tomorrow. So we've got that constant innovation, which is always one of the great things about sitting down with the experts here at RSA is what are you seeing, where do you think things are headed? Because a lot of the people we're talking to have got their ear to the ground, threat intelligence, monitoring of cybercrime underground sort of stuff. There's a huge amount of innovation and creativity amongst the criminals. And so it's useful and important to track what's happening.
Field: It's real! This is our opportunity to find out what's real.
Delaney: We have been talking a lot about the turbulent economic times recently and the impact on the cybersecurity industry. Are you expecting to have conversations along these lines? Or is there a more positive tone in the room?
Novinson: 30,000 foot view, it's a very interesting time, because last year, we were really heading into the abyss and there was a lot of uncertainty. I think things have evened out, certainly for the public companies that pessimism has been baked in. And I think things are pretty stable in terms of stock prices and personnel - for the publicly traded companies. I think there's still some rationalizing going on in the private sector. We're certainly seeing some late-stage jobs growing quite a lot of folks like Wiz and Netskope and will be in our studios, but some of the other late stage startups have had to look toward layoffs. And they've had to bring in new CEOs, maybe with the eye toward finding an exit finding a buyer. And that if the early stage world that there's questions about trying not necessarily the seat in the A rounds, but getting that B and a C round, that investors are trying to think what are the things look like a couple years down for now? How do I make money on my investment? That's been tough. We had a company that was in the innovation sandbox here last year who just got acquired a few weeks ago at a pretty modest price. So I think trying to figure out how to get from that early stage, that mid stage. Late stage startup is tough along with the late stage startup having to think about what is the IPO market going to open and if an IPO is realistic for us, given our balance sheet. What are all our alternatives?
Delaney: This year reminds me more of 2018 - my first RSA. The last year, I felt there was a buzz and an energy and lots and lots of people. Already this year I feel there are more handshakes, fewer masks, we're promised maybe 40,000 people throughout the course of the week. So it just reminds you, this Stronger Together theme. What do you think it means for the industry? A bit of corny question.
Schwartz: I think it's a wonderful energy. I think I already feel that and I think there is a level of optimism perhaps in terms of where we're going now. I think last year, it was a little shell shocked. And you really felt that and saw that in terms of ... when you just looked around you. I think it felt that way. We all felt that way. And so I do think maybe we're coming out of the winter. And maybe hopefully it's springtime, again for cybersecurity.
Novinson: I'll say from a technology standpoint, that I think there is a lot of focus on partnership and integration that if you look at the evolution of single-vendor SASE, which was really 12 months ago, so a lot of debate about do you purchase the piece parts separately, or do you purchase it together. We've seen M&A activity, we've seen partnerships, really driving, getting that SD-WAN and SSE from a single vendor. We're seeing that a lot around XDR, and building that open up XDR network. So I think there's a lot of focus on trying to get more under one roof so that customers are having to manage fewer vendor relationships, both from a security standpoint, as well as from an economic standpoint.
Field: For me, it's the idea, from ISMG perspective, we have got the largest team we've ever had here at RSA, covering every one of our business units. We've got individuals here from North America, from the U.K., from Europe, from India, from Israel, and we've got the opportunity to speak to more people than we ever have before. And to bring this back to our audience. So I think to me stronger together is a group that we brought here from ISMG and I'm proud to work with you all. We got a week ahead of us.
Delaney: Well said! It's going to be an excellent week. Thank you very much. Thanks for watching and stay tuned for our daily updates. For ISMG, I'm Anna Delaney.