RSAC 2024: Infosec pros battle to stay ahead of the bad guys

The importance of cybersecurity

The conference featured keynotes by leading U.S. officials: Secretary of State Antony J. Blinken, as well as U.S. Homeland Security Secretary Alejandro Mayorkas.

"Today's revolutions in technology are at the heart of our competition with geopolitical rivals. They pose a real test to our security," said Blinken, who announced the release of the United States International Cyberspace and Digital Policy Strategy, describing the role of the U.S. government in "shaping the rules of the road to ensure that foundational technologies sustain our democratic values and guard against harms."

Mayorkas addressed the coming wave of AI, discussing how government agencies will apply AI to help staff work more efficiently, such as for processing applications for citizenship. He also talked about protecting against threats to civil liberties.

RSAC keynotes also brought celebrities. Matthew Broderick gave us a glimpse behind the scenes of the 1983 sci-fi movie War Games and the excitement that might have driven many of us into the field: a teenage hacker who can gain access to his school's computer to change his grades, which later triggers a global nuclear conflict. Broderick described how it garnered attention from then-President Ronald Reagan to set up information security policies and protocols.

Another keynote featured Jason Sudeikis, who addressed the power of community, teamwork and collaboration, as well as the importance of mental health, positivity and kindness. This was important because cybersecurity professionals are burned out.

The stress and burnout are real

The conference highlighted the crucial role of cybersecurity for business success and for safeguarding our personal lives, but how are cybersecurity professionals doing? My colleague Jon Oltsik, analyst emeritus for Tech Target's Enterprise Strategy Group, along with Curtis Campbell, Information Systems Security Association (ISSA) director, and Shawn Murray, ISSA president, held a session revealing the findings from our sixth annual information security professional study.

In the survey, 65% of respondents said they believe it is now more difficult to work as a cybersecurity professional than it was two years ago, and 55% believe their job is stressful at least half the time. When asked about the stressful aspects, respondents cited overwhelming workloads (31%), working with disinterested business managers (29%), finding out about IT initiatives that were started by other teams without security oversight (29%), constant emergencies and disruptions taking them away from primary tasks (25%) and keeping up with the security needs of new IT initiatives (24%).

Some other worrisome stats include the following:

• 65% of organizations have been affected by the security skills shortage. The impacts include increased staff workloads, inability to optimize security tech and staff burnout.
• 37% of respondents said the skills shortage has gotten worse over the past two years.
• 84% of respondents said it is extremely difficult, difficult or somewhat difficult to recruit and hire cybersecurity professionals at their organizations.

The most acute skills shortage areas include emerging technologies (such as AI), cloud security, application security and security analysis/investigations.

As one of the world's top cybersecurity conferences, RSAC needed to address this, focusing on the value of our industry and cybersecurity professionals, collaborating with security vendors to provide effective solutions.

GenAI in security

It is very exciting to think of a world where if you have an idea for a product or service or a difficult task to complete, AI holds the promise of removing the toil, complexity and time it would take you to build it or do it.

However, you never want to get too excited about technology, adopt it without thinking about security and then face the terrible consequences of an attack or breach. While organizations are excited to utilize GenAI for its benefits, they already struggle with issues such as data security -- including understanding and protecting sensitive data -- API security, and permissions and access, which are scaling rapidly and are difficult to secure. GenAI will only compound these challenges.

My colleague Dave Gruber, principal analyst for Enterprise Strategy Group, presented in an RSAC session on the challenges and opportunities for GenAI in cybersecurity, sharing results from new research. We can expect attackers to utilize GenAI to help them more easily launch attacks at a wider scale. He provided insight on how to keep the advantage on the defenders' side. Organizations should look for ways to help them apply GenAI to improve security team productivity, accelerate threat detection, automate remediation actions and guide incident response.

However, it is important to be realistic about what GenAI can and can't do. There is a lot of hype around applications for GenAI, as well as concern that it could replace human jobs. The word "pragmatic" came up quite a bit during the conference. We should use GenAI for assistance to automate manual, tedious tasks. This has long been the goal for security vendor products, so this is where vendors can help the industry with the right product capabilities to support them in their jobs.

Product evolutions must drive efficiency

As mentioned earlier, security teams are stressed, facing increased pressure and skills shortages in areas mentioned earlier. While companies undergo digital transformations to increase productivity, security teams need the right tools and processes in place that can help them scale to support growth.

This is challenging, as we see increasing attack surfaces across so many rapidly scaling elements, including the number of applications, workloads, assets, code components, data transfer, access points and related permissions, and APIs.

I've blogged before about the challenges of acronym and category sprawl, and at RSAC, conversations with vendors and attendees reinforced the need to focus on solving problems. Our research showed the conflict with organizations seeking consolidation and integrations, as well as tools to address these different, rapidly scaling elements.

This is challenging for vendors and customers. Customers have set budgets but need to apply their investments in ways that have the highest impact in mitigating risk and being able to quickly respond to threats and attacks. Organizations simply can't afford to buy products across every category; they need to think about what drives the most efficiency for their teams to effectively do their jobs.

We also see consolidation with larger security vendors buying startups to fill out their portfolios for what they can offer to their customers. However, this complicates things for customers using acquired point products, as they might also be using products from the larger vendors' competitors.

While vendors strive to be the best, they need to focus on serving customers and meeting their needs for efficiency and ROI. Unfortunately for cybersecurity professionals, it also means not always being able to use the best tools. It takes us back to that word "pragmatic" and ties us to the conference theme of what is actually possible.

So, while RSAC was a big show for security products and there was a lot of excitement about AI, let's keep our eye on results for our people and setting teams up for success.

Melinda Marks is a senior analyst at TechTarget's Enterprise Strategy Group, where she covers cloud and application security.

Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.