Thoughts from the 2022 Texas Cyber Summit

This week was the Texas Cyber Summit, held in Austin for the first time.?Living in Austin for over a decade may make me a little biased but I?believe?this was the best year yet!?Now, is that correlation or causation? You choose.

We had a great lineup of speakers from industry, defense, and intelligence.?All spoke about the challenges they face, how they are reinventing their organizations to address these threats and the lengths they are going to find, hire, train and retain the best.?Many of the speakers leveraged football quotes & analogies - So I guess I will keep with the trend - “Offense sells tickets. Defense wins championships” was said by?Paul “Bear” Bryant but applies to our cyber landscape today and into the future. It only takes one person to follow a?compromised?link, one person to download an infected file or one person to connect their laptop to an insecure network to breakdown all the good work done by cyber teams and shift the organization from defense into incident response. The most mature organizations have invested in both and accepted that incidents will happen and we need to be prepared so we can minimize harm and decrease recovery time.

While I only made it to a small percentage of the nearly 150 sessions, I saw several themes across the speakers and industries.

  • High Complexity & Rate of Change - Todays technology landscape is changing faster than ever. We have highly mature application teams doing multiple deployments a day. The underlying?infrastructure?can easily change 100 times a day. This level of change demands high levels of automation, high levels of testing maturity and processes that rely on technical controls, not manual human review. Cyber teams must develop new tools and techniques to understand this change, measure the risk and intervene where their effort is most impactful.
  • Changes in Logging Behavior - 10+ years ago the focus was on identifying what logs we needed to capture and discarding the rest. Storage was expensive and compute costs even higher. But the calculus has changed and storage and compute is significantly more affordable at scale to even modestly sized organizations. Now organizations capture and log anything they can instrument across their technology stacks. This has moved the dynamic to more effective mining of this data in real-time to support threat hunting teams, incident response teams & operations teams.
  • Hiring is Hard - Finding & retaining the best talent has only gotten harder. While universities are doing better at producing highly capable graduates with cyber exposure, the market is still short on the right folks in the right places. The Army has gone as far as extending Direct Commissioning?to?cyber roles, where it was previously only focused on Chaplains, Law and Medical professions. Cyber teams must create environments people want to work, create learning opportunities, and build organizational structures that provide growth opportunities.?We must continue to launch innovative education offerings that enable growth in the workforce, UTSA has led for multiple years in the cyber domain and continues with their Bachelors of Applied Cyber Analytics.
  • Fusion of Industry & Intelligence - Multiple federal agencies mentioned their efforts to streamline & accelerate the processes used to release information about new and emerging threats, enabling vendors to build protections into?projects?and industry to be aware and on the lookout for new threats. They understand that the ability to share information about threats, without disclosing how the intel was obtained, is key to enabling industry to protect themselves proactively.
  • The Basics Still Matter - Patching laptops, updating applications, managing mobile devices, firewall rules and wifi?configuration?still matter. They still matter a lot. As we have seen with so many recent events, the origin of incidents is often something basic around password management, open ports or configuration errors. We must continue to focus on our defensive postures, focus on good cyber hygiene and accept the work is never done.
  • Bots are a?Massive?Threat - The sophistication of bots and their ability to emulate human interaction, emotion and responsive behaviors has never been higher and shows no sights of slowing down in advancing capabilities. If defensive capabilities against bots and organizational investment in added layers of trust in human interactions do not mature, we risk a crisis in the coming years.
  • CISOs & Executive Support - Some organizations have built structures where the CISO is seen as a strategic role with a voice about how the company executes and places bets. Other organizations still see security as something that?“needs to be done” not something that can provide a positive impact on the company. This is a continued place for improvement; CISOs must work to build trust and awareness across executive teams to the investments being made, the impact being realized, and the threats mitigated. The most impactful CISOs see their role as enabling through education/enablement, mentoring, and partnering on product delivery; being part of the process and not a check on the process.
  • Zero Trust - Zero trust continues to be a key discussion topic with a realization that it is a heavy lift for most organizations to practically design & implement. Organizations are?beginning?to think about how zero trust becomes part of their design patterns and training standards.?NIST has published standards around secure software development that are?becoming?a framework to use for the software components of our zero trust architectures. The White House has made this an imperative for government agencies through a 2022 memorandum. But this journey will be incremental as we modernize our enterprises.
  • Red & Blue Teams - Multiple talks discussed the various facets of standing up effective Red & Blue teams. A primary take away is that these structures must be aligned with all the teams they support including application development, operations, incident response and architecture to ensure that learnings are captured and acted upon. Ineffective teams risk further eroding trust between cyber organizations and wider technology teams.
  • MFA is Still Important!?- There was a lot of discussion of MFA and its effectiveness, for obvious reasons. The consensus seems to be that MFA still has immense value but has to be thought of in the larger context of how humans work & react. Push methods are inherently more susceptible too exploitation due to their ability to overwhelm a user with requests until they accept one to end the barrage. Local pin generation apps have an added layer of value because of the localized operation model, but make sure that OTP validation is always occurring on the server side. When thinking about password reset processes, it is often valuable to add additional layers of checks - These could include previous device validation, location validation or human engagement with a manager or help-desk. Be cautious with how MFA enrollment & re-enrollment occurs, these steps can lead to MFA getting disabled if not configured properly.

Thank you to Joseph Mlodzianowski and the whole team at Texas Cyber Summit for a great event.?

Robert M. Dayton

MBA, Engineer | Enterprise AI | Advanced Analytics | GTM Strategy | World's First Arbor Essbase Post-Sales Consultant

1 年

Thank you for sharing Joey!

回复

Great notes from the Texas Cyber Summit 22. I had a great time talking cyber (and football, and recruiting 5 star talent :)

要查看或添加评论,请登录

Joey Jablonski的更多文章

  • Gartner Data & Analytics Summit 2025 Recap

    Gartner Data & Analytics Summit 2025 Recap

    This week, the annual Gartner Data & Analytics Summit in Orlando brought together data professionals from across…

    3 条评论
  • Finding your uniqueness as a product leader

    Finding your uniqueness as a product leader

    The role of a product manager is incredibly rewarding. When you're out with friends and family, you can point to…

    1 条评论
  • What's in your walking deck?

    What's in your walking deck?

    "Show me your roadmap" - By far the most common ask I and other Product Managers (PM) receive, especially when meeting…

    4 条评论
  • What's going on? (some best practices for leading distributed teams)

    What's going on? (some best practices for leading distributed teams)

    As we begin the new year, we see another round of RTO mandates from a variety of companies including Amazon, AT&T and…

    4 条评论
  • Career growth can be vertical or lateral

    Career growth can be vertical or lateral

    We are in the middle of our quarterly check-in process, a time that we are reminded to spend some time talking about…

    3 条评论
  • Avoiding Burnout in High Velocity Companies

    Avoiding Burnout in High Velocity Companies

    As many-a-person has observed, I have made a sizable number of job changes over my 25-year career. Many of these were…

    4 条评论
  • You don't need an AI strategy

    You don't need an AI strategy

    I know, it goes against everything we read from consultants, executives, advisors and product companies. But they miss…

    12 条评论
  • You Really Need to Start Doing Retrospectives

    You Really Need to Start Doing Retrospectives

    I come across a shocking number of organizations that execute massive projects, drive immense revenue and make bets on…

    3 条评论
  • The Three Types of Technology Departments

    The Three Types of Technology Departments

    I have worked with many information technology (IT) departments over the years and the common thread is their breadth…

    1 条评论
  • Thinking like a Chief Transformation Officer

    Thinking like a Chief Transformation Officer

    As organizations continue to empower senior executives to take gambles, invest in technology and go after new markets…

社区洞察

其他会员也浏览了