The opening day of RSA offered up copious nods to the need for security to be an integral, integrated part of innovation. RSA President Rohit Ghai talked about moving security upstream in the SDLC, Microsoft’s Brad Smith called for new ways to innovate that “put security first,” and talk tracks put CamelCase to good use with multiple headlines on SecDevOps and DevSecOps. The Rapid7 team is intimately familiar with the principles behind the SecOps movement: our epic two-story booth in the South expo hall has a wealth of demos, featured sessions, and roundups (not to mention swag!) on how we’re powering the practice of SecOps. Haven’t been by to see us yet? Fix that!

In lieu of a convoluted summary, here are five quotes cherry-picked from the opening keynote that set the tone for an inaugural day of talks and demos geared toward solving big problems and putting security front and center.

“We need collaboration—between internal teams, but also with people outside [our own organizations].” RSA President Rohit Ghai set the stage well for a conference full of conversation about SecOps, cross-disciplinary collaboration, and how we can look outside our own silos to discover where security’s headed in the future.

“We need to innovate in new ways to put security first.” Microsoft’s Brad Smith highlighted the human impact of the past year’s security incidents—from 19,000+ NHS appointments cancelled because of WannaCry to $850 million in damage caused by NotPetya, 2017 was a reminder that attacks on machines affect flesh-and-blood people.

“We have to help translate awareness into action.” McAfee’s Christopher D. Young drew from the expertise and evolution of the airline industry (“They are obsessive about safety”) to note the need to make security part of everything we do in corporate America and beyond.

“We’re at one of these horizon moments…where digital security is converging with physical security. Cybersecurity is now everyone’s problem.” DHS Secretary Kirstjen Nielsen issued a call to action and used some classic threat intelligence principles (including the need to know your adversary) in the process.

“Our collective risk is that we fail to avoid a breach of trust in technology itself.” Rohit Ghai’s closing quote evoked what would be a repeating theme: The trust we cannot undermine doesn’t rest on tools, on vectors, or even on people. It rests on the core belief in technology as a practice. Even if we lose faith in electoral campaigns, in voting machines, or in voters themselves, in other words, what we can’t lose is trust in the fundamental power of voting.

Where to find us today

  • Deral Heiland and Nate Sevier are giving hands-on hardware hacking tips in the RSA IoT Sandbox all day today. At 1:50 they’ll demo firmware extraction and protection methods in Yerba Buena 8. Come early, stay late.
  • At 3:20 in the North Expo briefing center, Eric Sun will talk about transforming threat intel and incident investigations into proactive detections for unknown attacks with InsightIDR. (If you missed this announcement yesterday, you might want to take a look!)
  • The rest of our staff will be at the Rapid7 booth in the South Expo hall all day. Come by and ask us how we’re powering the practice of SecOps!