Author: John, ISSM at AIS
I recently attended the 2023 ISC2 Security Congress in Nashville, Tennessee, and was surrounded by 4,000+ professionals in the cybersecurity industry. This four-day conference focused on the latest trends, threats and emerging technologies in the field. I learned of this conference back in the spring after having passed my CISSP (Certified Information Systems Security Professional) exam in December 2022 and becoming an endorsed member of ISC2 in January this year.
The Conference Experience
The conference featured nearly 150 speakers across 135 different sessions with representation from 75 countries. Each day, members were allowed to pick and choose which presentations they would attend. During breakout sessions, we would visit the Exposition Hall to network with peers and talk with industry vendors. The conference took place at the absolutely stunning Gaylord Opryland Resort & Convention Center which ranks as the largest non-gaming, in-hotel exhibition space in the world and has over 3.3 million square feet of space.
The In-Depth Presentations
I attended more than 15 presentations and keynotes over the course of the conference. Some of my favorite discussions were included in the following:
- Legal Perspectives on the NIST AI Risk Management Framework
- Generative AI: Your New Secret Weapon or Insider Threat?
- Learning from History: What Past Cyber Attacks Taught Us
- ISC2 on Point with Careers: How to Lead High-Performance Security Teams
We had five distinguished keynote speakers that included Andy Greenburg, senior writer for WIRED and author of Tracers in the Dark Web; Dr. Nita Farahany, distinguished professor, scholar and author of The Battle for Your Brain: Defending the Right to Think Freely in the Age of Neurotechnology; Dr. Rumman Chowdhury, former Director of AI Ethics; Jenny Radcliffe, ‘The People Hacker’ and Dr. Richard Harris, Australian anesthesiologist and cave diver who played a crucial role in the 2018 Thailand cave rescue of the boy’s soccer team.
We learned about a hacker group called “Scattered Spiders” that is on the forefront of the social engineering of helpdesks. Their most recent attack took down MGM Resorts and did $100 million in damages last month. The attacker will make a phone call and give the name of an employee that is linked to the organization and request a change in Okta (or similar SSO solution) and/or a change within Active Directory.
I became familiar with a new role that exists in the industry; A Customer Security Evangelist. There were many people I talked to at the conference that either held this position or knew about it. It is an external-facing point-of-contact that is well-versed in the inner-workings of the cybersecurity behind each product that their company sells and can field customer concerns and questions. This ensures all customers know who to ask to get the most accurate details regarding the cybersecurity of a product rather than be told different things by whomever is available at the moment to give their best guess.
My first ISC2 Security Congress shattered expectations. The people and presentations were full of knowledge and opened my eyes to ideas and concepts. It was very intriguing to talk with others in the industry who deal with cybersecurity day in and day out, and to see that we all face very similar challenges in the field. This conference was a great way to be brought back up to speed with the current state of affairs in the cybersecurity realm and hear the latest from the experts. I am obligated to get CPE (Continuing Professional Education) credits to maintain my membership with ISC2 and these presentations were a great way to earn some of that credit. I am extremely grateful to AIS for the opportunity to attend this and I look forward to helping drive our mission forward in a safe and secure cyber world.