Humans are the weakest link in cybersecurity, so it makes sense that the theme of RSA Conference 2020 was Human Element. A first-time RSA attendee, I immersed myself in everything – thought-provoking sessions, engaging networking opportunities and insightful discussions. As a woman in the field, I found the experience to be nothing short of amazing – meeting new people and discovering new ways to get involved.
This was not an event where you take a seat in the back and take notes while you listen to a speaker. The sessions I attended involved connecting with others at the table and trying different exercises to understand each other's perspectives. Other sessions were hands-on labs, trying out the newest tools and tinkering with how certain functions work.
Each of the sessions brought new discussions with new connections and new insights. Hearing other people's stories and learning how they got into cybersecurity was both interesting and valuable.
Of course, networking is a top priority as well. I walked the RSA vendor expo, comprised of the top vendors in the field. Interacting with the vendors and checking out newly released tools was very exciting. Additionally, I had the opportunity to meet with other cybersecurity professionals who are already using some of these tools and was able to learn how they found value in them.
Beyond the overall event experience, I learned more about why cybersecurity is important. The following themes resonated with me throughout the week, and keeping them top of mind will help me be a better cybersecurity professional.
3 Ways to Convey Why Cybersecurity Is Important
Cybersecurity Requires a Shift in Company Culture
Those of us in the field know how important cybersecurity efforts are, especially as more devices in our lives become smart and more of our data moves to the internet. We know this data is valuable to attackers, and everyone within an organization is responsible for preventing attacks. Everyone needs to be involved and have a proactive approach when it comes to day-to-day activities.
Whether you are in business, accounting or another non-IT related position, it’s important to understand that cybersecurity pays no attention to boundaries and can ultimately affect the global economy and business. This is one of the reasons why cybersecurity is so important for everyone regardless of their IT involvement.
Check out CompTIA’s new video series on security awareness training
Cybersecurity Is a Legal Matter
To be honest, I hadn’t even thought of this approach to cybersecurity until I attended a session focused on the legalities of cybersecurity and what policies need to be in place before performing security activities. I didn’t realize that some of those activities can hold you or your organization liable, which is why legal departments should be involved.
To stay ahead of changes, a great recommendation is to frequently check the Department of Justice guidelines – this could protect your career cybersecurity. It’s worth noting that updating and maintaining your organization's cybersecurity policies will also help avoid legal issues.
Read more about compliance in cybersecurity in our two-part series
Cybersecurity Requires Clear, Responsible, Respectful Communication
There is a deeper physiological element to cybersecurity, and it is often overlooked. It’s clear that cybersecurity can elicit fear and anxiety, but there are ways to communicate your actions responsibly with non-technical users.
Using fear tactics doesn't always get the point across, which is why you have to be strategic about how you communicate the importance of cybersecurity measures. For example, it is important to bring up certain behaviors and engage with everyone in an organization – not just one person who may have made a mistake.
Most of us don’t have malicious intent, but we are human. For instance, developers can be sleep deprived while working long hours and can accidentally cause an increase of vulnerabilities in software. Since most developers are not trained in the fundamentals of cybersecurity, deploying software that may be more susceptible to attacks is a risk we have to consider.
Read more about how technical debt can lead to vulnerabilities
Perhaps the most eye-opening statistic mentioned at RSA is that by 2021 there will be 3.5 million unfilled cybersecurity jobs around the world. This illustrates the fact that the need for qualified IT professionals is there, but people aren’t keeping up.
For me, RSA uncovered new perspectives for me and enabled me to meet amazing people from all over the globe who share the same passion I have. It was a life-changing experience that provides me with the motivation to keep learning in the field.
Continue your cybersecurity learning with CompTIA. Sign up for our IT Careers Newsletter to keep up with industry trends, learning tips and career advice.