RVAsec 2023, the largest cybersecurity conference in Virginia, convened security professionals to discuss key topics around improving our teams, chief information security officer (CISO) concerns, user security and more. The conference, held in Richmond, had 28 speakers addressing various aspects of security.
Andy Ellis delivered a keynote on improving team leadership, emphasizing the six ways poor management destroys productivity: exhaustion, exclusion, unwillingness, inability, ineffectiveness, and misalignment. His leadership improvement strategies fall under three categories: Support, Management, and Authority.
Mark Arnold of Lares Consulting presented his research on the top concerns for CISOs. According to Arnold, the top five issues that keep CISOs awake at night include poor asset management, emerging vulnerabilities, failing security tools, blind spots, and insecure configurations. Arnold suggested adopting a consistent threat modeling framework to address these concerns.
Adrian Amos shared his research on the history of security and the resistance to change passwords. Despite an alarming 30% of internet users experiencing breaches due to weak passwords, 13% still recycle their passwords across all accounts. However, multi-factor authentication (MFA) has proven extremely effective, blocking 99.9% of attacks.
Andrew Hendela suggested that software bills of materials (SBOMs) are not enough to ensure software security. Instead, he proposed the creation of a “Software Bill of Behaviors” to understand what software does versus what it is expected to do.
Overall, the conference was a platform for discussing methods to strengthen team leadership, improve security strategies, and understand user behavior to enhance cybersecurity.