The first week of May saw security practitioners from all over the globe come to the city by the bay to participate in RSA. In 1991, just a handful of security researchers got together for a single panel discussion about DES versus DSS. From those humble beginnings, the event has grown to over 41,000 participants, more than 500 sessions, panels, and trainings, and over a dozen co-located events, each with their own schedules and sessions.
In the following three sections, I will try to encapsulate a small part of the sessions, the RSA Sandbox experience, and the view from the massive expo floor that makes up the event.
The Sessions at RSAC A focus on AI from a governance and tooling perspective.
Day one of RSA once again brought the co-located event from Techstrong: DevOps Connect.
Starting things out though, was a look at how we can shape the future of AI and LLMs from a futurist and Hugo and Nebula-winning author, David Brin.
We can learn from nature and the evolution of human society to find solutions to keep AI in check, even while AI is very rapidly becoming more sophisticated.
Some more advanced cyber defense use cases included using an LLM to decode Russian cybercrime jargon and analyze complex IaC and IAM configurations.
Given the nature of LLMs, you can not predict the outcome AI produces; it is non-deterministic.
This makes observability and governance all that more important, as we need to ensure we are not causing harm to users.
If there is a silver lining in their research, it is that Security budgets are not being decreased, as in money is being subtracted from their budgets.
The more you invest in your team and make them feel there is a career path available, the more likely they are to stick around, which is good for everyone.
While sessions at RSAC are a great way to learn, many attendees want a more hands-on experience.
Based on our research 27% of IT decision-makers say they rely on exactly this approach, and many of the security practitioners who sat down with us at RSA admitted they had never tried it themselves.
Every player had at least one false positive or negative, often more.
With the generous feedback we received, stay tuned for more news about this exercise at future AppSec Villages.
Others are much more humble and provide just enough space for a few representatives to give quick demos of their tech.
We met hundreds of folks over the course of the conference and got to catch up with so many familiar faces, sometimes for the first time in person.
We are very proud to have had the chance to show it off along with our other advancements since the last RSA Conference.
Beyond all of those parts, RSA Conference 2024 was about coming together as humans to try to get a handle on security.
This is a Security Bloggers Network syndicated blog from GitGuardian Blog - Code Security for the DevOps generation authored by Dwayne McDaniel.
This Cyber News was published on securityboulevard.com. Publication date: Sat, 18 May 2024 08:43:05 +0000