Bixal
Published in

Bixal

Attending the RSA Conference as a Security Scholar

Bixal believes in supporting continuing education and professional development for its team members and encourages employees to seek ways to enhance their skills and knowledge base. Paola Garcia Cardenas, a Drupal developer at Bixal, recently attended the RSA Conference as a security scholar and captured her experience. An abbreviated version is provided here from her original blog.

I had never attended a RSA® conference before. In fact, this was my first time at a Cybersecurity conference. I had previous experience attending other conferences, such as the ACM/IEEE Supercomputing Conference (SC) and the Grace Hopper Celebration (GHC) of Women in Computing. However, they were not as “big” as RSA®C.

When I found out I was nominated to represent New York University (NYU) as a Security Scholar at RSA®C, I started doing research on the conference itself, attendance numbers, sessions, etc., but had no idea what to expect. There is so much to do; and on top of that, as Security Scholars, we must attend some events tailored exclusively for us.

Some quick advice from this: look up the entire conference program ahead of time and create your schedule at least a week before, save it in your phone’s calendar if possible. It will come in handy. There will be a lot of learning throughout the week; keep a small journal and jot things down as you go.

What is a Security Scholar?

Security Scholars are students (undergraduate- and graduate-level) enrolled in universities in the United States that have been nominated by their school to represent them at the annual RSA® Conference in San Francisco.

With Cecilia Murtagh Marinier, RSA Conference Program Director, Innovation and Scholars
With Cecilia Murtagh Marinier, RSA® Conference Program Director, Innovation and Scholars

As Security Scholars, students have the opportunity to participate in exclusive activities with fellow scholars, have VIP seating at the opening keynote, network with program sponsors, and attend an exclusive dinner with leading experts in Cybersecurity. Security scholars are issued a full conference badge. They have access to the Expo floor and all of the activities available at the conference –including keynotes, sessions, labs, sandbox, and more.

Personally, this was a once-in-a-lifetime experience that would be hard to find anywhere else. Here’s my story to find out why.

Building Bikes for Charity

Most of the Security Scholars were scheduled to arrive on Monday, the first day of the conference. Building bikes for charity was one of the events that was exclusive for scholars. Giving back to the community is a great way to kick off the week. The event started with ice breaker challenges, and we built the bikes as we completed each of the challenges.

To finish up the day, we attended a casual dinner with fellow scholars at the Golden Gate Tap Room.

Completing one of many ice breaker challenges to build bikes for charity
Completing one of many ice breaker challenges to build bikes for charity

Attending the Opening Keynote as VIP

This year’s theme, the Human Element, was particularly of interest to me. As Security Scholars, we had designated VIP seats about 20 rows from the main stage. The Opening Keynote with George Takei had sort of an outer-space touch, with unique ideas around the human element theme.

Here is one of my favorite quotes from it:

“Every mind in this room works in its own unique way. Like fingerprints, no two brains are the same. Each thought is informed by your genetic disposition, and your environment, life experiences, race, gender, age, beliefs, brain chemistry. This exquisite diversity enables us to handle problems that might perplex us if we faced them alone.”

Reality Check: The Story of Cybersecurity.

George Takei’s Opening Keynote was followed by RSA’s President, Rohit Ghai’s talk on “Reality Check: The Story of Cybersecurity.”

I have compiled some of my favorite quotes from the talk to give a summary of the overall message:

“The highest increase in threat actions was social engineering and the human asset was the highest growing target asset category from 2013 to 2018.”

“Their advantage is not that they have the best tech, or the best techies. Their advantage is that they are more organized.”

“We continue to spend an inordinate amount of energy preparing for the most sophisticated thread vectors, while most incidents occur due to very, very basic issues or unforced errors.”

Talk by the Numbers:

“71% of the threat actors in breaches are financially motivated.”

“Use of stolen credentials is more than 60% of the top hacking action varieties.”

“80% unemployment of neurodiverse talent pool population.”

Lastly, but not least. My favorite quote from this talk:

“We need to rethink our culture and shift from a culture of elitism to a culture of inclusion. Expanding our talent pool, filling the talent gap, however you look at it, requires finding defenders outside the tech community. Let’s stop being STEM snobs.”

Lunch with Industry Partners

During this activity, we had the opportunity to discuss a variety of topics in Cybersecurity, from healthcare and entrepreneurship to politics and voting machines. I had the pleasure to have lunch and engage in some interesting discussions with Maggie MacAlpine, Project Manager / Co-Founder at Nordic Innovation Labs.

RSA®C Security Scholar’s Lunch with Industry Partners
RSA®C Security Scholar’s Lunch with Industry Partners

Dinner with Industry Leaders

One of my favorite Security Scholar activities! Sitting down with not only one, or two but three top industry leaders to have a discussion over dinner (and wine) was one of the most memorable and valuable experiences I had.

I had the honor to sit at the table with:

  • Arthur W. Coviello, Jr., Executive Chairman (retired), RSA, The Security Division of Dell Technologies (EMC)
  • Adam Ely, Vice President and Deputy Chief Information Security Officer, Walmart
  • Alyssa Miller, Application Security Advocate, Snyk, Ltd.
With top industry leaders Adam Ely (second left to right) and Alyssa Miller (fourth right to left)
With top industry leaders Adam Ely (second left to right) and Alyssa Miller (fourth right to left)

Top industry leaders in attendance: Paul Asadoorian, Kevin Cross, Pete Boden, Whitfield Diffie, Arthur W. Coviello, Jr., Dr. Taher Elgamal, Adam Ely, Emily Heath, Peter Fischer, Kim L. Jones, Allan Friedman, Paul Kocher, Shannon Lietz, Alyssa Miller, Andrea Little Limbago, Matthew Miller, Wendy Nather, Brandon Neff, George Ressopoulos, Tal Rabin, Cesar Rios, Zulfikar Ramzan, Ronald L. Rivest, Adi Shamir, Bruce Schneier, Mignonette Silot-Chang, Suzanne Schwartz, Ed Skoudis, Lance Spitzner, Dafina Toncheva, Camille Stewart, Ellison Anne Williams, John Strand, Beau Woods and Erez Yalon.

RSA®C Security Scholar’s Dinner with Top Industry Leaders

Keynotes, Sessions, Labs

There were keynotes every day, as well as sessions and labs. There are plenty of topics to explore and many of them happen at the same time — hence, the importance to plan your schedule ahead of time but leave room for change.

Our Tuesday was full of Security Scholar activities, so I decided to plan for other events, sessions, and programs for Wednesday and Thursday. Some of my scheduled activities did not go as planned, but it was all for the better.

During dinner on Tuesday night, I met Alyssa Miller and I found out she was giving a talk on “Deepfakes” the next morning. I never really put a lot of thought into the topic, but I was curious — and it definitely blew my mind.

Check out the talk here:

I supported some of my fellow Security Scholars at the poster presentations and pitch-off session. I also attended other sessions that covered topics such as forensics, kubernetes, cyber-incident response using open source, and red team webapp hacking lab to mention some.

However, Alyssa’s talk happened to be inside of what is called “The Sandbox.” The minute I walked into the Sandbox, I knew I wanted to spend a good amount of time in there.

The Sandbox

This was by far my favorite section of the RSA®C. There was a lab, a stage for general sessions, hacking station villages — from healthcare devices, voting machines, airplanes, and cars to everyday IoT devices used by millions of people around the world.

I was able to exploit hardware devices (D-Link router and Wemo Smart Light) at the IoT Hacking 101 village station in The Sandbox

I really enjoyed the labs and learning sessions in the Sandbox, especially exploiting IoT devices such as a D-Link router and a Wemo Smart Light.

The Sandbox is a MUST visit for anyone who enjoys hands-on activities at the RSA® Conference.

Main Takeaways from the Conference

  • Everything comes down to Humans
  • Embrace your uniqueness
  • Let’s stop being STEM snobs; talent is everywhere
  • Collaboration
  • Educating the users
  • Making it easier for others to practice Cybersecurity
  • Vulnerabilities are tied to risk
    (Risk = ease of exploitation + impact to system)
  • Most attacks are financially motivated

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store