[RSAC 2023] Quotes from speakers

[RSAC 2023] Quotes from speakers
Designed by Sangseon Kim, The Readable

By Kuksung Nam, The Readable
May 3, 2023 10:05AM GMT-7

San Francisco ― Cybersecurity professionals gathered at the world’s largest cybersecurity conference from April 24 to 27 at the Moscone Center to share insights and look out to the future of the industry. Artificial intelligence was one of the most frequently mentioned topics during the RSA Conference. Speakers acknowledged AI as a gamechanger in the future of cybersecurity. In addition, ongoing threats and tactics were highlighted along with the latest technologies. The Readable covered the event from top to bottom and selected a handful of meaningful quotes.

1. John Chambers (Founder and CEO, JC2 Ventures)

Cybersecurity and military defense in an increasingly digital world

John Chambers is introducing himself to the audience during the RSA Conference. Photo by RSA Conference

“You must lead in these [artificial intelligence and cybersecurity] two areas. The economic success of our country depends upon this, and our defense depends on this.”

2. Kevin Mandia (CEO, Mandiant at Google Cloud)

The state of cybersecurity – year in review

Kevin Mandia is delivering his speech during the RSA Conference. Photo by RSA Conference

“The threats will change all the time. Don’t ever forget the advantage that you do have. You should know more about your business, your systems, your topology, your infrastructure than any attacker does. This is an incredible advantage.”

3. General Richard D. Clarke (Retired Military General)

Cybersecurity and military defense in an increasingly digital world

General Richard D. Clarke is introducing himself to the audience during the RSA Conference. Photo by RSA Conference

“The future of warfare is going to be autonomous, with smaller systems that are enabled by AI, like one person controlling twenty planes. In World War I, we are getting the first tanks and the first motorized vehicles, but we still have the chevaliers with horses and sabers. What did the chevaliers say about motorized vehicles? We are going to use those motorized vehicles to get the horses to the front so that we could start the fight. We have to envision the future with AI and think how we are going to fight with AI.”

4. Ken Munro (Partner and Founder, Pen Test Partners)

Joining forces with the white hat researchers: aviation industry lessons

Ken Munro, first from the right, is waiting to give his speech during the RSA Conference. Photo by Kuksung Nam, The Readable

“A lot of the troubles on disclosures in the past have been with the researchers who didn’t particularly understand how the aviation industry operated. A great example of that would be a vulnerability. Most researchers would start a clock of 90 days and disclose it after 90 days. You can’t do that in aviation. It might take a day or a week to fix your code, but it could take up to two years to recertify that code. Anyone who is finding and disclosing vulnerabilities in aviation can’t just publish them after 90 days. Take time. Work with the organization. Listen to the pains that they are experiencing and figure out a way that you can disclose it in a coordinated fashion at the right time.”

5. Katie Nickels (Certified Instructor and Director of Intelligence, SANS Institute and Red Canary)

Real world stories of incident response and threat intelligence

Katie Nickels is introducing herself to the audience during the RSA Conference. Photo by RSA Conference

“One of the challenges we have seen recently is that adversaries will email the customers and say ‘We are whatever ransomware group. Here is some data that we’ve stolen from you. Pay us or we are going to post it onto the dark web.’ If you don’t know where that data might have come from, and if you haven’t captured it from a previous intrusion, you don’t know whether it is old data or new data. I see this commonly with extortion intrusions where people don’t take the time to think about what it is and when it was stolen.”

6. Catherine Gellis (Internet Lawyer and Policy Advocate)

Misinformation is the new malware

Catherine Gellis, first from the left, is taking notes during the panel discussion at the RSA Conference. Photo by Kuksung Nam, The Readable

“Wrongness happens. If you had a law that forbids speaking wrongness, you would have a chilling effect. You also have a fundamental problem. Who decides what is right or wrong? Who decides what is truth and what is not truth? When you put the government in charge of that decision, some politicians would decide truth in one way, and others would decide it another way.”

7. Hande Guven (Threat Intelligence Analyst, Recorded Future)

Turning the backpage: combating human trafficking with threat intelligence

Hande Guven is delivering her speech during the RSA Conference. Photo by Kuksung Nam, The Readable

“Most of you are familiar with the famous, or the infamous, metaphor of the internet as an iceberg. The top part is the surface level, which is the internet. Underneath, we have the deep web. The deepest darkest part is the dark web. Much like the real-life icebergs, the metaphor itself is also melting. This is no longer applicable. According to research by Recorded Future published in 2019, live onion sites only make up about 0.005% of live clear websites.”

8. Fabio Bottan (Senior Messaging Specialist, Arelion)

The old is new again: an intro to SMS security and why it’s vital

Fabio Bottan is delivering his speech during the RSA Conference. Photo by Kuksung Nam, The Readable

“Wikipedia says that SMS phishing, or smishing, can be just as effective as email phishing. I don’t agree with that. SMS is more personal than an email. Email phishing normally goes to a junk folder or the trash bin. But, according to market research, 98% of SMS is opened within 3 minutes. The open rate of SMS is close to 100%, while the open rate for email is around 20-30%. If you want to have a good phishing attack, maybe SMS is better than email.”

9. Yoel Roth (Technology Policy Fellow, UC Berkeley)

Misinformation is the new malware

Yoel Roth, first from the right , is delivering his speech during the RSA Conference. Photo by Kuksung Nam, The Readable

“When we were first developing our policies related to misinformation at Twitter, we had a three-part task for what misinformation was. The first is ‘does this tweet advanced a specific claim of fact?’ Say something like ‘the sky is green.’ This is clearly articulated statement. The second part is ‘is this provably false according to experts and publicly available evidence?’ You can go outside and observe that the sky is not green, or you can turn to an expert on the color of the sky. The third piece, which was important for us, was ‘is it harmful?’ People say untrue things on the internet all the time. I can say that I’m six feet tall and that’s not dangerous. It’s just a lie. We employed that three-part task to help us identify not just what is misinformation but what is worth dealing with.”

nam@thereadable.co


Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.