#HWCyberSquad Takes Black Hat 2019 by Storm

Black Hat 2019

Kicking off the 22nd year of Black Hat were keynote speeches from the conference’s founder, Jeff Moss, followed by Dino Dai Zovi, the mobile security lead at Square. Both talks reinforced one main message that was felt in all sessions, briefs, and side conversations that followed – communication is key. 

The security world finally has its well-deserved spotlight, and cyber teams are now being challenged to seize this opportunity and shift their focus to high engagement with departments across companies through thoughtful and strategic communication. 

In Dai Zovi’s talk, he shared his career path through security, starting with research and hacking contests he did in his free time – since security positions weren’t an option when he joined the workforce – to now, were he holds a lead security position with a seat at the head table. From his personal roadmap, Dai Zovi has been able to pull together four main ways that security teams can shift the way they engage and communicate with across all teams at their organizations, which are: 

  • Start with “yes.” In order to engage the world, you can’t shut them out 
  • Meet with teams dealing directly with customers to get a deeper understanding of who customers are and what they struggle with on a day-to-day
  • Use feedback loops and software automation to meet scalability needs 
  • Create a culture of security across an organization, instead of focusing on strategy and tactics

It became clear that the security community was hungry for more communication like Dia Zovi noted above and ready to shift their focus. While technology demos continued to be a huge part of the conference from a marketing perspective, and technical innovations in automation, machine learning, artificial intelligence, and the new, changing definition of endpoint/perimeter security being the main PR drivers, most technical conversations managed to continually turn toward this more human element of cybersecurity.

As we see security concerns around topics that are increasingly more detrimental to society such as, election security, data abuse, privacy issues, AI being weaponized, and widespread disinformation, Dai Zovi’s message on shifting the focus of cyber teams to communication will become more vital than ever. It will open the opportunity for a culture of security, empowering each individual in every organization to be an extension of their security team and allowing cyber practitioners to think big and work together against future cyber attacks. 

Let us know if you’d like to connect with Highwire PR to talk through how communication will change the game for the security industry! Contact secleads@highwirepr.com for more details.

 

#HWCyberSquad is ready for Black Hat 2019… Are You?

As Black Hat USA 2019 draws ever closer, so does the anticipation and excitement for over 19,000 security professionals who call one of the nation’s largest cybersecurity summits a second home.

Always promising and delivering the latest and greatest on threat research, malware and all things cybersecurity, Black Hat has grown significantly over the years, becoming a venue for some of the greatest minds from the world’s foremost cybersecurity organizations to convene and discuss the state of global security, technology and research. 

What We’re Looking Forward To

Def Con, a hacker conversation, featuring former L0pht members, including Veracode’s CTO Chris Wysopal

This year’s event, focusing on DevSecOps, nation-state attacks, vulnerabilities, open-source and more, promises to be bigger and better than ever. 

“Black Hat received an incredibly large number of submissions for this year’s event,” said Heather Donner, Black Hat PR Manager. “This year we will see themes covering the full security spectrum, spanning voting technology, auto vulnerabilities, research on WhatsApp, and major mobile talks. We’re also expecting to see a focus on privacy and consumer risks emerge as a key trend this year.”

A few of our clients weighed in on what they’re expecting to see more of as well:

“The security industry has seen many significant shifts this year – most notably through accelerating industry consolidation which has come to reshape the SOC as we know it. For us, this started with Splunk’s acquisition of Phantom last year, and has continued with a number of acquisitions affecting the SIEM and SOAR market across the landscape,” said Haiyan Song, SVP and GM of Security Markets at Splunk. “I’m always fascinated to hear more from customers and partners on how recent market acquisitions are affecting the rate of product innovation, how analytics-driven security is enabling a new kind of data management, how automation is making people more effective and productive, and how unknown data – or as we call it at Splunk, ‘dark data’ – is impacting privacy, legislation, and in the end how organizations grapple with security.”

“The professions of software development and information security are overlapping more than they ever have before and the trend is accelerating,” explained Chris Wysopal, Veracode CTO and co-founder. “There have always been software companies that have built security products, but this isn’t about that. This is about software developers performing traditional security practices and security professionals building software to secure their organizations.”

“The way businesses use technology has changed dramatically in the last 15 years,” Wysopal continued. “Enterprises are not simply deploying, configuring, and securing vendor produced software. Enterprises are building their own solutions using software assembled from open source, code from their own massive development teams, and run on the APIs and services of cloud providers. Security has to be integrated into every step of the building process and not just assessed at the end. After all, development is continuous now so there is no end!”

What’s New This Year

Always new and always evolving, we asked our Black Hat expert, Heather Donner, what new offerings and programs this year’s Black Hat has in store.

“We’ve added exciting new features and programs to this year’s event to give attendees the opportunity to gain hands-on experience working with new tools and practicing new techniques,” Donner noted. “Attendees can check out the all-new Arsenal Lab, which provides a unique opportunity to play with hardware, ICS gear, and IoT devices in a controlled environment, as well as the first-ever Micro Summits, which are designed to foster education and collaboration on focused topics in the information security industry.”

With the added emphasis on interaction and education at this year’s event, we’re more excited than ever to see what talks from Akamai (here and here), BitSight, Endgame, Forcepoint, Intel, Qualys, Splunk (here and here), and more will bring, and what thought-provoking insights we take away. 

We’re ready for Black Hat 2019… are you?

Let us know if you’d like to connect with Highwire PR at the show! Contact secleads@highwirepr.com for more details.

How to Beat the Trade Show Noise with Digital

When it comes to trade shows, social media presents one of the biggest opportunities but also one of the greatest challenges for businesses. Sending out a few tweets the month before an event like CES, RSAC, or even Black Hat USA is not enough — businesses need a digital strategy that encompasses all parts of an integrated PR program if they want to cut through the trade show noise.

It’s no surprise that we are seeing more companies take advantage of modern marketing tactics at events. Social media is no exception; statistics show that 96 percent of marketers use social media to increase awareness around events. More than half find the biggest challenge is how to use social media effectively.

Social media is not a new phenomenon. The questions we as marketers, social media managers, and PR professionals need to ask ourselves is, how can we cut through the clutter and elevate our clients’ messages? How can we make the most of an integrated PR program, while tracking towards target KPIs?

I wish I could say it is as easy as sending out a tweet, but thankfully there are a few tricks to the trade if you are just getting started implementing a trade show social media strategy:

Goals, Goals, Goals

Just like any other marketing or PR initiative, the key to success is setting goals. Do you want to increase brand awareness? Do you want to drive revenue? Define your goals early on and determine how social media tactics can help you get there.

Highwire recently worked with a security company during Black Hat USA 2018 and RSAC 2019. While our focus during BHUSA was to spark conversation among practitioners and increase engagement around the many talks and presentations of the company’s thought leaders, our goals for RSAC were centered around brand awareness and increasing foot traffic during the many partner and company demos in-booth. No matter the trade show, get aligned on business goals and don’t treat this part of your strategy as an afterthought.

Get Creative

When I was at RSAC 2019, I stopped at a booth where a man had his arms strapped to his chest while riding a unicycle. I’ll give them major bonus points for creativity and drawing in a huge crowd, but it seemed a little out of place and I wondered how many bystanders stuck around to learn more about their products or services.

It’s easy for your message to get lost. Dance mobs and men on unicycles can certainly draw attendees, but how does this help you meet your goals? Is your creative activation all flash and no substance? What do you want attendees to walk away with when they leave your booth?

When we work with our clients during ideation, we always shoot for the moon, but we spend time narrowing down ideas to those that we can execute and those that land results.

We love big ideas, but we’re also keen on simple tactics that drive engagement and brand awareness: live streaming demos, Twitter giveaways, authentic on-the-ground videos, and capturing content that we can leverage during and post-trade show. Recently, we did this at RSAC with one of our technology clients. A quick and simple in-the-moment video of the company’s CEO landed more than double the engagements compared to other organic posts, generating plenty of positive sentiment on Twitter. Plus, we shared it again post-RSAC as an #ICYMI post to garner additional engagements (bonus: we didn’t even need to ride a unicycle).

Rinse and Recap

Besides a little R&R, the debrief with your team and client is arguably the most important part of the post-trade show work. Get together with your digital and PR team and talk at a high-level of what worked and what didn’t. If you ran a contest, how did participants respond? How did your content perform? Did you hit target KPIs? What could you do next year that you couldn’t do this year? What did your competitors do and did they nail it?

Collecting this data is incredibly valuable, and this knowledge might be useful for your current social media strategy. Did you learn something new about your core audience? Did you attract any new audiences to your booth? Did attendees respond well to live video or images? Turn those insights into action.

If you’re looking for a partner to bring your messaging front and center to the next trade show, contact Highwire’s Digital Studio at digital@highwirepr.com to learn more about our services.

Highwire Boston Takes Home Two Gold Honors at the Bell Ringer Awards

Last week the Highwire Boston team attended the 51st Annual PR Club of New England Bell Ringer Awards, a program that recognizes outstanding achievement in New England public relations and marketing. The awards are broken into single item (i.e., single placement) and campaign categories with more than 30 awards granted in total. Heading into the event, the Highwire team were named finalists for two awards for its work with Akamai, a Boston-based company that secures and delivers digital experiences for some of the world’s largest companies.

 

The first nomination was for “Best High Tech Campaign,” which highlighted how the Highwire team worked closely alongside Akamai to develop recommendations and strategies around critical news, events and thought leadership over the last year to position the company as a cybersecurity innovator and leader.  The collective program over the last 12 months has enabled Akamai to increase the overall share of voice among key competitors by 36 percent and total press coverage by 67 percent, among other notable results.

 

The second nomination was for “Best Regional Print/Commentary” category. The Highwire team secured a Boston Globe feature spotlighting Akamai’s innovation on the front page of the business section on June 29, 2018. The feature explores how Akamai was crucial to streaming 2018 World Cup matches online.

The nominations resulted in not one, but two gold honors in both categories. We’re proud of not only the accomplishments of our team but also those of our peers. It was an incredible night, and we’re thrilled to extend our congratulations to both the Akamai team and all Bell Ringer award recipients. See you next year!

Analyst Trade Shows Standout in an Increasingly Digital World

For all the talk about marketing’s digital transformation, a heck of a lot of people are still attending physical trade shows. More than 42K attended the largest B2B security show, RSA Conference, in March 2019. More than 180K were in Las Vegas in January 2018 for CES, the massive consumer electronics show.

Many years ago, I believed that trade show popularity followed an inverted arc curve. At the apex of the curve– when a given show reached the peak of its popularity– is marketing saturation. Attendees would realize that a given show’s vendors all said the same thing, or, even worse, that the only people attending were non-practitioners. The show’s popularity would then see a precipitous decline.

My theory is easily disproved, given the longevity of certain shows I have attended for the majority of my career. But also disproven is a belief conditioned deep in my mind that the importance of physical trade shows will ultimately wane, given 1:1 marketing and the internet.

In truth, the concept of the trade show is amorphous and resilient. Alongside horizontal trade shows, such as CES, are a variety of other types of shows, such as user conferences. They commence as gatherings of peers to learn best practices for a specific solution but morph into living, breathing communities of their own.

A similar morphing might be underway among events run by industry analyst firms, which often prove to be wise investments by my clients. Incorporating industry analyst trade shows into a marketing mix is important for any B2B technology company, as long as those companies ponder a few key questions:

What’s the objective of your attendance? For companies interested in branding, a larger horizontal show avails you to a wide audience. Sponsoring trade show happenings, such as receptions or parties, creates buzz. Vertical and industry-analyst-driven events are more precise in their audience, and they should be considered if the objective is equally more narrow, such as driving customer acquisition.

One reason for attending an industry analyst event is to earn an audience with the analysts themselves. Regular communication with them is key to understanding the conditioning of the market and to teach the analyst as to why a given solution is ideal for where an industry is headed.

What is the target audience for the organization running the event? Certainly it’s important to know who is attending a given show, but a better way to look at this is to evaluate the audience that the show’s organizers care about. The more zeroed-in an organizer is on a target audience, the more zeroed-in that organization’s event is on that audience.

Evaluating the audiences an analyst firm cares about is not hard—simply review published research. However, organizations sometimes are misled by the credibility of a given firm and blindly sign up for that firm’s events, even if the firm doesn’t write for the correct end-user audience and has not defined a research area for those users. Most analyst firms place tech vendors in categories; if a given firm doesn’t have a category for you, it’s probably a wasted investment to attend that firm’s events.

Are there desirable outcomes beyond visibility and high-level lead generation? The right analyst trade shows gather a targeted list of influencers that matter to marketing efforts. Today’s digital world presents wide-ranging opportunities to leverage them.

Influencer dinners during the events are an informal setting to discuss trends. If they are positioned as such they have long-tail benefits. Dinner guests are more likely in the future to engage with the host’s content, act as a reference for marketing campaigns, or, obviously, mention the company in online comments or stories.

On-site social efforts by an exhibitor demonstrate that company’s commitment to the target audience. Visuals and short YouTube-quality videos from the events drive better engagement numbers than general thought leadership content.

Physical trade shows remain an important part of an organization’s marketing mix. And increasing the investment in shows run by analysts can deliver a nice return, as long as the audience and potential impact of such an investment are carefully weighed.

RSA Day 3: The security industry’s dark secret takes center stage

Thursday’s opening keynote addressed an issue that has become front and center for the security industry over the last year—mental health.

Last August at Black Hat was the first time a specific conference track had been dedicated to the infosec community to present on stress, burnout and mental health. Fortunately, that has carried over to RSA which featured a stimulating conversation between Josh Corman of I am the Cavalry and Christina Maslach, a Professor of Psychology (Emerita) and a Researcher at the Healthy Workplaces Center at the University of California, Berkeley.

As Maslach stated, Silicon Valley has always encouraged and rewarded burnout. In the ’90s during the dot-com boom, it was seen as a badge of honor to work for days on end and sleeping (when you could) underneath your desk. You would do this for a couple of years with the reward being some sick stock options.

Workforce shortage exacerbates burnout

The skills shortage in the cyber industry has been a common topic for years now and most vendors use it as a talking point by claiming their AI/ML infused products will augment this issue. This skills shortage has another effect though—increasing the chance of burnout.

As Maslach mentioned to Corman on-stage it’s hard not to react to every single little sound or vibration whether it comes from our phone or computer. However, that is just an everyday human problem, now think about this in the context of a security operations engineer.

Organizations typically use dozens of different tools on a daily basis—CSO reported in 2016 that the average company uses 75. I installed a Google Calendar extension into Slack this week and am overwhelmed just from those notifications, it’s hard to picture that x75.

Culture and managerial structure can be a differentiator

I particularly enjoyed Corman’s personal anecdotes from his infosec career and how different managerial structures and company culture can either help combat or unintentionally encourage burnout.

Companies should be mindful that certain managerial decisions or even reward systems can directly contribute to burnout. Organizations that ask all members for feedback on ways to treat each other better can help be proactive given our resources are people and as stated previously those are already in short supply.

Incident responders are the digital equivalent of first responders in the medical field. At times we have to hold secrets about our work which can add additional stress. Unfortunately, there are times when coworkers are showing signs of burnout and instead of empathy and compassion they are called weak and told they aren’t cut out for the industry.

Stay in your lane

It was refreshing to listen to Corman and Maslach given earlier drama this week as SOAR upstart, Swimlane, attempted a tone-deaf stunt that backfired as RSA banned the vendor from the conference at Moscone.

Swimlane staged a fake protest to promote its product which relies heavily on automation and positioned itself as helping combat analyst burnout and stress. (See a picture of the protest from Tom’s Guide security editor, Paul Wagenseil.)

To make matters worse, Swimlane issued a press release claiming it was wronged by RSA. Whatever buzz they hoped to generate at the show ended up rubbing many the wrong way.

I for one enjoyed my time with the adoptable puppies at the ThreatQuotient booth. This was a cuddlier and friendlier way to generate attention at a packed Moscone Center rather than playing the victim after poking light at mental health to promote a product.

Building a safe and inclusive infosec community

At the end of the day we’re going to get the culture we invest in and it’s important to work for an organization that encourages feedback and ideas from every member.

During a conversation with a data scientist colleague this week he remarked, “the greatest minds of our generation are trying to get people to click on ads.” This was top of mind as I took in Thursday’s keynote.

While it won’t happen overnight, hopefully raising the issue of mental health in our industry and fostering an inclusive and safe environment can counteract the very people who are trying to make us more glued to our screens.

RSA Day 2: Getting More Involved in the Cyber Issues that Matter

While yesterday’s RSA keynotes highlighted the need for increased trust and transparency in cybersecurity, today’s discussions were all centered around how to make those changes a reality – starting with getting individuals more involved in the issues that matter.

Calls for Comprehensive Legislation

Harvard Kennedy School’s Bruce Schneier kicked off the conversation by discussing how technologists can get more involved in impacting cybersecurity legislation. While the internet has developed exponentially since its creation, legislation surrounding it has not. Schneier stressed that this needs to be changed and it needs to start with people who understand the technologies dominating the security landscape on both sides of the battlefield.

He touched on current cybersecurity regulations like the EU’s implementation of GDPR, Australia’s implementation of legislation that enables law enforcement to access encrypted data upon request, and how the U.S. can start getting more involved in the conversation. The takeaway? If we want technology to continue to grow and expand in a way that is going to be beneficial, we have to get it under control. And the best way to ensure its longevity is by getting the people who know it best more involved.

Power to the People

Microsoft’s Corporate VP of the Cybersecurity Solutions Group, Ann Johnson, also used her time to discuss the more human aspects of the industry – namely noting how expanding the cyber workforce and increasing its diversity will be the best way to propel the technology behind it. She emphasized that work in cybersecurity can be the most rewarding, yet the most taxing. This could explain both the exceptionally high stress rate among industry professionals and the three million job openings still vacant within cybersecurity organizations.

Johnson encouraged organizations to prioritize a diverse workforce and to foster more positive atmospheres. She discussed how these steps can boost employee retention and provide variety in organizational approaches to issues. She also noted that more diverse teams make better decisions 87% of the time. Johnson highlighted how work in technology and cybersecurity, in particular, is beginning to change. As today’s tools become more capable of alleviating some of the responsibility formerly held by human counterparts, professionals are starting to explore new avenues in the field. “Tech is amplifying our human capacity to separate the humans from the noise,” Johnson said.

Combining Tech and Human Intelligence

Facebook’s Head of Cyber Security, Nathaniel Gleicher, and Twitter’s VP of Trust and Safety, Del Harvey, also discussed the necessary partnership between tech and human responsibility, which together allows platforms to better differentiate between human and non-human interference and determine next steps accordingly. They each discussed some of the sensitivities that both platforms face when regulating user content, most notably how to differentiate technical interference with legitimate content so as not to violate users’ first amendment rights. But both individuals noted that as technology continues to advance, the lines between technology and legislation continue to blur.

Overall, day two of RSA highlighted the incredible contrast between just how far technology and cybersecurity have come, and how much farther the industry and legislation behind it must advance in order to keep it as reliable and benevolent as possible. But if today’s speakers emphasized anything, it was that change is never quite as far away as it seems –  in fact, it is already taking place and it is starting with security technologists like you and me.

RSA Day 1: Takeaways from the #HWCyberSquad

Last year we saw major data breaches monopolize the headlines, while privacy issues became top policy discussion items. 2018 was the year that trust was lost.

The 2019 RSA Conference theme “better” was broken down in this morning’s opening keynotes with the idea of trust in mind as the security community comes together to grapple with these major issues. The keynotes outlined three steps in order to achieve better trust in the future.  

Risk and Trust can Coexist

The first step in building trust within security is recognizing that risk and trust can coexist. Software has increasingly integrated into all aspects of our lives, and with that, data consumption has also increased, creating a high cyber risk environment.

By focusing on risk management and recognizing its prevalence, security teams will begin to gain that trust back. We are seeing this addressed by technologies being created with risk management integrations. New technologies are now ensuring some form of risk management or mitigation options. Along with these integrations, policies are also starting to emerge to support risk management and ultimately ensure trust in a high-risk landscape.

Man and Machine Need to Work Together

The second step is recognizing that if people work closely with machines we will produce the most trusted security. When AI was first introduced to the security world, many people worried that machines would take over jobs, because they could quickly and efficiently resolve issues or questions. However, we found that although machines could get to an answer quicker than any human, they could not explain how they got there. This broke down the trust in the machine’s ability to verify the security it was providing.

We now know that the best way to build trust in security is for human and machine to work closely together. The technology can then accurately and quickly resolve the issues that the security teams identify and ask it to address.

Creating a Chain of Trust

The final step is to build a chain of trust. Having security teams work and communicate together will be the best way to achieve the most trusted results. In the past, security teams worked in the background and only shared insight and data with a closed group of peers. However, this culture has already seen a major shift. There have even been infosec sharing companies created with the sole purpose of sharing insight and data to help others better protect and secure data.

Businesses are learning from this and evolving the chain of trust to also reach consumers by keeping them informed of what data they have collected on each person and what it is being used for.

Moving into 2019, the security industry is already taking major steps forward in regaining trust in what they’re capable of to achieve a better future.

Check back tomorrow for the next blog in this series live from RSA.

The #HWCyberSquad Recommends These Five Security Events in 2019

As one of the biggest security conferences of the year draws closer, the #HWCyberSquad decided to examine other key cybersecurity events that are of value from both a networking and PR perspective. With so much noise around RSA and Black Hat, smaller events are becoming increasingly valuable in publicizing research and for networking with influential contacts in both media and security.

Highwire’s own Ben Wolfson chatted with several notable security influencers from Ars Technica, VICE, Motherboard, WIRED and VirusBulletin on their experiences at some of the lesser-known, but rising-in-influence conferences.

CyberWarCon [inaugural conference was held on Nov. 28, 2018, TBD on 2019 edition]

CyberWarCon kicked off it’s inaugural conference as a one-day, single track event in DC in November of last year. Organized by FireEye’s John Hultquist the content was geared around nation-state topics, ICS cybersecurity and cyber policy debates.

It featured a keynote from Thomas Rid and a compelling debate on U.S. cyber deterrence operations featuring Jason Healey and Neil Jenkins. Both Wired’s Lily Newman and Wall Street Journal’s Dustin Volz voiced their enjoyment of the event. The show generated a lot of engagement on infosec Twitter accounts with other DC-area security reporters in attendance along with many practitioners and incident responders.

Derbycon [Sept. 20 – 22, 2019]

DerbyCon celebrated its eighth iteration this October. The Louisville-based conference has an elite attendee profile comprised of recognized practitioners and more technical security media. According to national security editor at Ars Technica, Sean Gallagher, “media that attend DerbyCon are hardcore security people – [there are a] small number of reporters there [that are] deep in the industry. Outside of DEFCON, [it’s] probably one of the more well-known hacker conferences with high-quality content.”

The content is extremely technical and now gets over 1,000 attendees. From a PR standpoint, many speakers attend to workshop and present material they hope to submit to DEF CON later in the year. Key takeaway: This conference is of high value to network and learn. Note:  Founder Dave Kennedy recently announced the September 2019 show will mark the last edition of DerbyCon.

HOPE — Hackers on Planet Earth [July 20-23, 2018; TBD for next edition]

Typically a bi-annual event held in Manhattan, the content and attendees are very much in-line with the cyberpunk movement. Topics that are popular include internet free speech/regulation, encryption, privacy and more. While this might not be an event to recommend your client participate in, it is a great one to meet reporters on-site and attend as a PR practitioner.

According to VICE Motherboard’s cybersecurity reporter, Lorenzo Francheschi-Biccherai,the audience is more activists and political than other conferences. Talks are less research driven and are more political. There are some interesting talks but totally different style than Black Hat and DEFCON.”  

VirusBulletin [Oct. 2-4, 2019]

VirusBulletin is a magazine solely dedicated to the prevention, detection and removal of malware which has an annual conference in late-September or early-October for cybersecurity pros. The location changes each year (2018 edition was in Montreal) making it a global conference, albeit more expensive to travel to. The speakers and attendees are often the who’s who of security researchers with the majority of influential security companies represented.

Lily Newman, cybersecurity reporter at WIRED, attended this year’s event and confirmed the crowd is largely researcher focused, but not academic like USENIX. It’s one she felt was very valuable and hopes to attend again. According to VirusBulletin editor, Martijn Grooten, “Virus Bulletin is the main event where researchers and others working in threat intelligence get together to discuss the latest threats and the tools to detect and analyze them.”

ShmooCon [Jan. 18-20, 2019]

ShmooCon has rocketed in popularity over the last few years and with 2,200 attendees at January’s event, it’s difficult to get in. From a PR standpoint, you’re unlikely to get a ticket unless you work with a sponsor company. Shmoo, along with DerbyCon, functions as a workshop for practitioners to present material they hope will be accepted at DEFCON. This is an intimate venue and conference and that works to your advantage by providing direct access to practitioners and media. Given its location in DC there is usually a strong mix of media that attend — if your client is presenting it’s an opportunity to set up 1:1 reporter meetings.

Sean Gallagher is a huge fan and frequent attendee of Shmoo. He enjoys it as its a lower paying threshold for people to attend and the audience is all security practitioners meaning a lot of sources to network with. Given the location in DC, ShmooCon still has a good audience mix of students, government agency and vendor practitioners.

For 2019, look at these shows if you want to learn something new or take advantage of the locale to set up media briefings. And if you’re headed to RSA 2019, Highwire’s security practice will be there so reach us at secleads@highwirepr.com if you want to catch up!

What the RSA 2019 Speaker Submissions Tell us About Security Trendlines

The RSA Conference in the U.S. has maintained its stance as one of the most popular events in security since its founding in 1991. In 2018, RSA welcomed approximately 50,000 attendees.

While many attendees have griped about how corporate the show floor has become, the keynotes and speaker presentations continue to draw some of the industry’s most forward-thinking leaders on a broad range of topics.

This year, representatives from the committee that selects RSA sessions hosted a podcast where they identified the most popular topics submitted for each track and what they predict to be the 2019 industry trends as a result. Highwire’s #CyberSquad listened in and summed up the key points, which we expect to closely mirror 2019 media trends. Read on for the skinny:

Hackers and Threats Track: DevSecOps to Become Mainstream

This year RSA added a new speaking track called Hackers and Threats to meet a more technical audience that’s focused on live demos and/or code dissection. There are two popular session topics for this track, the Internet of Things (IoT), as well as AI and ML. For IoT the focus is on how security teams can maintain security with the increasing amount of data coming in from multiple devices. For AI and ML, these sessions tie to tactical ways that businesses can leverage these capabilities while also breaking down how adversaries are working just as quickly to create techniques to subvert them. The main message throughout all the speaking sessions in this track is DevSecOps. This is a term the industry will see taking over headlines in the years to come as security teams prove how successful this approach is in ensuring agility, automation, and scalability.  

Emerging Threats Track: Ransomware Maintains Popularity Over Cryptojacking

Cryptojacking took over headlines throughout 2018 as a newly publicized form of attack whereby a bad actor gains unauthorized access to someone’s computer to mine for cryptocurrency like bitcoin. However, recent research revealed that despite the attention, cryptojacking does not have a very high return on investment, with popular websites only making $119-340 per day. So, while cryptojacking will continue to be a focus in the media, due mainly to its newness and ties to organized crime, ransomware will maintain its popularity with cybercriminals and media focus on successful attacks because of its increasingly high earnings – a $2B industry in 2018.

Blockchain and Applied Crypto Track: Blockchain for Good

Blockchain has continuously been a buzzword in the security industry, although the conversations around it have started to shift from a magical unicorn to a tool that organizations are working to understand so they can leverage it for their own security practices. In the Blockchain and Applied Crypto track, leveraging blockchain for good prevailed as the most popular track topic. Moving into 2019, as more companies across industries learn how to create a blockchain system applicable to their security ecosystem, we’ll begin to see a rebranding of this technology toward protection for all.

Security Strategy and Architecture Track: Zero Trust in Third Parties

Organizations face one of their biggest challenges when securing their trust with third-party partners – the grey area between a trusted company employee and an obvious outsider threat. In this year’s Security Strategy and Architecture track, the majority of speaking sessions focus on dealing with this challenge and defining Zero Trust. In order to have a functioning and successful partnership, trust in the access granted to third parties needs to be authorized and access needs to be monitored. This will continue to be a topic of discussion throughout 2019 as companies look inward at their own third-party trust processes and ensure the proper access for all sensitive data they are storing.

Highwire’s cybersecurity practice will be at the RSA 2019 conference to catch up with our clients, speak with industry influencers on the showroom floor, and learn as much as possible about the latest trends to inform new ideas and storylines in 2019 and beyond.

Want to catch up at the show? Email secleads@highwirepr.com.