On the heels of Las Vegas’ Black Hat and leading up to San Francisco’s RSA, DC CyberWeek is strategically held at the end of October, providing the perfect opportunity for cyber leaders around the country to come together and discuss the latest threats, new solutions and more. With a variety of events in the DMV area, from networking cocktail hours and women-in-cyber meet-ups to the premier CyberTalks event to wrap up the week, professionals across all cyber-sectors and job levels had the chance to get involved and learn something new.
Our colleague Cara Masessa attended many DC CyberWeek activities over the past few years, and her favorite part of the agenda has always been CyberTalks. Bringing together 1,000 of the most influential cyber leaders from tech and government, this event provides an open forum to discuss critical cybersecurity issues that impact the public and private sectors alike. This year did not disappoint, with insights into the biggest challenges, enablers and best practices for cyber. Here are her top takeaways:
Tech is a force for good
When it comes to the security industry, we must make a conscious effort to stop focusing on the bad that accompanies technology. It amplifies behaviors good and bad, but like looking at the glass half empty, the biggest conversations often center on the associated downsides. The underlying truth is that if we engineer for the good, and develop products with a focus on positive impacts, we can change the narrative around technology and cybersecurity.
Challenges like privacy concerns, ransomware attacks and threats from nation-states will always be there, but in the same breath, emerging tech like smart pace-makers will continue to save lives. We certainly can’t forget about the downsides or existing threats when planning for security, but if we can reshape our perspective when working to combat the challenges, the end result will be more positive and impactful.
Cybersecurity isn’t a “one and done” task
Implementing security measures can’t be a check-the-box-task on our to-do lists. Instead, we need to constantly educate the public on the dangers they face and prioritize cybersecurity efforts within our organizations. For example, the nation’s critical infrastructure is a key pillar for our economy and way of life, making it a prime target for other nation states. We are seeing heightened attention around warding off these types of attacks, but cybersecurity is not a stagnant solution. As attackers work to evolve new tactics, our cyber measures must evolve even faster.
The lesson on the need to continuously evolve cybersecurity tools and strategies was something the City of Atlanta experienced firsthand when they were hit with ransomware attacks last year. At the event, Gary Brantley, CIO of Atlanta, explained how this difficult experience allowed the city to adopt more proactive cyber strategies and efforts and allot more resources accordingly, which previously would have been held up by politics. Because state and local budgets often include cybersecurity as an afterthought, he used this moment as an opportunity to get cybersecurity and proactive technologies on the forefront of the agenda of leaders and decision-makers.
Sharing information between government and industry is critical
While the commitment to share information has increased since September 11, the actual practice of sharing between the public and private sectors has proved challenging, given the differing motivations and hurdles for each group. However, Matt Olsen, the CTO of Uber, believes that “taking a step back” will help both parties experience more benefits when it comes to relevant information-sharing.
For instance, there are efforts to “share workforces” directly, meaning sharing information and skills. According to Olsen, sharing workforces was one of the most important lessons learned from September 11 and that “Cybersecurity isn’t just about protecting data and systems. Fundamentally, it’s about protecting people.” Protecting people and our nation’s interests is a goal for most everyone in the technology community and information-sharing can often be the necessary strategy to get there, faster.
Security should be built in, not bolted on
This tip isn’t new to the cybersecurity industry but it remains an overarching narrative when the major players get in a room together. Too often, we see security thrown into the mix far too late in the product development process, making the entryway for attacks and exploits substantially easier for hackers.
Many CISOs and leaders at the event agreed that organizations should be tasking and rewarding the innovators who are able to uncover ways to start with security measures–and then allow their imaginations to run wild around the latest tech.