Menu Icon
< back to main
 • 7 min read

Snippets from RSA Conference Recap 2018

Last week during RSA Conference, I reached out to a few speakers to learn more about what they are up to and hear about their RSA talks.

Snippets from RSA Conference Recap 2018
Caroline Wong
Caroline Wong

Caroline Wong is the Chief Strategy Officer at Cobalt. As CSO, Caroline leads the Security, Community, and People teams at Cobalt. She brings a proven background in communications, cybersecurity, and experience delivering global programs to the role.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

RSA1

Last week during RSA Conference, I reached out to a few speakers to learn more about what they are up to and hear about their RSA talks.

  1. James Routh, Aetna

Here’s what they had to say about their jobs, their favorite and least favorite things about their work, and their advice for junior engineers.

Current role at Aetna

Jim Routh is the leader of a converged security function (physical and cyber) at Aetna. He is Chairman of the NH-ISAC Board, serves on the Board of the National Cyber Security Alliance and is a member of the Advisory Board of the ClearSky Security Fund. He is also on the Advisory Committee for the UC Berkeley Center for Long-Term Cybersecurity. He previously served as a Board Member of the FS-ISAC. Formerly, he was the Global Head of Application and Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express and has over 30 years of experience in information technology and information security as a practitioner, management consultant and leader of technology, analytic and information security functions for global firms.

What are the key takeaways from your Model-Driven Security talk at RSA this year?

Using AI models to drive front-line security controls is here today and offers CISOs tremendous capabilities to improve security controls moving to more real time protection capabilities.

What would you say are your favorite and least favorite things about being a CISO?

Favorite — Lots of changes and evolution in threat actor tactics drives changes in control design and implementation making it challenging and interesting.

Least Favorite — Having to engage in off-hour incident response is not as much fun.

What advice would you give to junior engineers who are interested in learning more about security?

Be cognizant of the difference between conventional controls (critical path) and enterprise resiliency (essential for job preservation). The gap between the two is growing as risk-driven programs strive for resiliency beyond compliance.


RSA2

Last week during RSA Conference, I reached out to a few speakers to learn more about what they are up to and hear about their RSA talks.

  1. Kolby Allen, Zipwhip

Here’s what they had to say about their jobs, their favorite and least favorite things about their work, and their advice for DevOps engineers.

What is your current role at Zipwhip and what do you like best about it?

I am currently a DevOps engineer with our Operations teams. We are a small team that is responsible for the core infrastructure (servers, clusters, dbs) and also managing our build and deployment tools. The team is great to be on because of the varied amount of work we get to do. Our projects range from building and learning Kubernetes, to simple troubleshooting of Jenkins builds. Every day is something new and different, which keeps things interesting.

What are the key takeaways from your talk at RSA this year?

The talk focused on AWS and some of their native security tools and methodologies. The biggest things I hope people take away from it were the following:

  1. From the attack perspective — read-only accounts can get a lot of information and can be used to do a lot of things within your account.

  2. Minimize access. If you are not able to minimize access, then minimize the access each role has and then leverage multiple roles.

  3. Leverage MFA where you can.

  4. Turn on all AWS logging and monitor it so that you can learn what is really happening in your account.

What would you say are your favorite and least favorite things about integrating Security into DevOps?

Favorite — The ability to provide secure and automated environments. It can prove challenging but is worth it once you figure out how to do it. I love challenging myself to see how I can integrate it more into how I do things. Least Favorite — Sometimes it can be really hard to do from a technical perspective and also getting buy-in from execs and other teams. Sometimes fighting for your security beliefs can prove to be exhausting and at times discouraging.

What advice would you give to DevOps engineers who are interested in learning more about security?

I would tell them to focus on automation. Automation is a key to security in the DevOps methodology. Once you can build & control servers you can then start integrating more tools. Once you have mastered that, I would start reviewing all the tools on the market and see how they can best help you obtain your security requirements.


RSACaroline

Last week during RSA Conference, I reached out to a few speakers to learn more about what they are up to and hear about their RSA talks.

  1. Cory Scott, LinkedIn

Here’s what they had to say about their jobs, their favorite and least favorite things about their work, and their advice for junior engineers.

What is your current role at LinkedIn and what do you like best about it?

Cory Scott is the Chief Information Security Officer at LinkedIn. He is responsible for production and corporate information security, including assessment, monitoring, incident response and assurance activities. Prior to joining LinkedIn, Scott was at Matasano Security, where he led the consulting teams based in Chicago and Mountain View. He has also held technical positions at @stake, Symantec and ABN AMRO/Royal Bank of Scotland. Scott has presented at Black Hat, USENIX, OWASP and SANS.

Explore a day in the life of Cory Scott in his recent blog post: https://www.linkedin.com/pulse/day-life-linkedin-ciso-cory-scott/

What are the key takeaways from your talk at RSA this year?

Cory Scott’s RSA talk dove into the concept of narrative identity, with the main takeaways being:

  • When it comes to building an effective cybersecurity team, it isn’t just about acquiring the right technology and business skills. It’s also about obtaining the right people who have defined their own personal narrative.

  • “One of the things that I see security professionals focus on is they focus on skills, titles, or years of experience at a particular company. And not necessarily on what motivates them, what actually makes them special and what type of unique insight they bring to an organization.”

  • “One of the ways we are going to increase diversity in our field, have the concept of strong narratives that people bring that maybe can be applied to security rather than to just pile security on top.”

  • “We are not going to do the right thing as far as diversity concerned, unless we realized that it is the concept of intersectionality where you a person is more than just one thing.”

  • “It starts from the leadership, the leadership has to be open to this type of approach. Where you are not trying to hire a bunch of people who are cut from the same mold or cut from the same cloth.”

To dive a little deeper into the main concepts of Cory Scott’s talk check out this video interview with Information Security Media Group.

What would you say are your favorite and least favorite things about being a CISO?

Favorite — Seeing the positive impact my team makes on our product.

Least favorite — Administrative tasks

What advice would you give to junior engineers who are interested in learning more about security?

Build something!

Sectalks 2021: faster, smarter, stronger cybersecurity event

Cybersecurity Insights

Related Stories

How We Run Hackathons at Cobalt
How We Run Hackathons at Cobalt
Twice a year, Cobalt arranges a hackathon for all employees.
Read moreArrow Right
Why We Do Hackathons at Cobalt
Why We Do Hackathons at Cobalt
At Cobalt, we want to create a culture of innovation.
Read moreArrow Right
451 Research Takes a Close Look at Cobalt in Latest Report
451 Research Takes a Close Look at Cobalt in Latest Report
Recently, 451 did a deep dive on Cobalt — our business model, differentiators, and value prop — along with a SWOT analysis.
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens