2017 RSA Conference Highlights

Holly Doucette, Events & Communications Manager, Coalfire

Over five days, 45,000 consumers and thought leaders convened at the 2017 RSA Conference, sharing insights on how to stay ahead of today’s – and tomorrow’s – cyber threats. Coalfire was in the thick of it, and here we’ve compiled some of the most important takeaways.

Cyber insurance and the difficulty of addressing risk

In a provocative talk, John Loveland, global head of cyber security strategy and marketing at Verizon Enterprise Solutions, addressed the need for cybersecurity professionals and insurance companies to communicate the full nature of cyber risks – and why this communication often goes wrong.

“The market size for cyber insurance by 2020 is estimated to be at $5-10 billion. This makes the importance of understanding where risk transference fits into an overall risk management profile more relevant than ever.”

Cat fishing – and what young people really do online

RSA's youngest speakers, Ayla and Jace Herzog of ISECOM/hacker high school, talked about what many kids really do online – and it’s not what you might think.

As expected, younger users rely on mobile and smartphones for surfing the web, but their motivations may be a surprise. In addition to keeping up with friends, playing games, and basically filling time, nearly all of them have anonymous accounts. They often use these for "Cat fishing" – tricking people into believing they are someone else to get them to reveal information.

This can be extremely dangerous from a security standpoint and can effect more than just the youth involved. Top 5 apps: Facebook, Instagram, WhatsApp YouTube, Snapchat.

Electoral dysfunction – lessons and warnings

Mike Weber, vice president, Labs for Coalfire, gave his thoughts on the hot topic of cyber attacks on the US electoral system and what could happen in the future. Mike was referenced earlier in the DarkReading.com article ‘After Election Interference, RSA Conference Speakers Ask What Comes Next’, saying:

“There are other, practical reasons attackers wouldn't go after voting machines. Although vulnerabilities have been found in machines before, many of them require physical access, or near access to the hardware. Therefore, it's simpler ‘not to attack the infrastructure, but the things that access the infrastructure’ – like voter databases, for example.

Other members of this discussion panel affirmed that the U.S. electoral system brings complexities that will require proactive interventions to ensure that votes are tallied with integrity.

The future – revealed?

The conference’s keynote took a wide view of cyber security and where we might be headed. The speakers discussed how security analytics can get us to a better future, for example, and how collaboration and incident response will anchor future security approaches.

On incident response: “What if it didn't look back, but instead forward? For example, a vulnerability like a shared username or password that could be exploited.”

On collaboration: “Could security be like a neighborhood watch program, where we got more secure when additional people moved in?”

A week of inspiration

Now that the dust has settled, we look forward to reconnecting with those we met at the show this year and sharing learnings with those of you that might not have been in attendance. We are ready to start planning for the 2018 RSA Conference, and the many security challenges that lie ahead.

Holly Doucette


Holly Doucette — Events & Communications Manager, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS