RSAC 2023: Impressions of Dr. Hugh Thompson’s keynote

The opening keynote at RSA Conference 2023 lived up to its place on our list of top five must-see keynotes this year. The theme was the double-edged nature of technology, emerging advancements, and where cybersecurity fits into the puzzle. 

Taking the stage was Dr. Hugh Thompson, the Program Committee Chair at RSA Conference and former CTO of Symantec. Dr. Thompson is also a prolific cybersecurity author, having co-written four books and over 100 publications on security. 

AI abuse is on the forefront of everyone’s minds

Dr. Thompson spoke about the most disruptive, dual-use advancements in science and technology. The first — and perhaps most obvious — example in the last 50 years was the internet, but the second-runner was AI, he said.

“The proliferation of AI (is a hot topic),” Dr. Thompson said. “You’re going to see it in so many sessions over this week: AI availability, Generative AI availability, quantum computing advancements. What does it do? How can we prepare for it?”

We have to agree, given the security risks that unethically-used AI poses, both intentionally and unintentionally. For example, a generative AI model trained on a large dataset of phishing emails could be used to create new highly convincing phishing emails that are more difficult to detect, to fake voice for phone call spear phishing attacks, or simply be trained on known vulnerabilities to auto-generate code that can exploit them. 

And yet, this is only the tip of the iceberg. We’re only seeing the very fringe of the issues that this new technology might cause. More than ever, cybersec professionals will need to keep their fingers on the pulse and eyes on the news feeds.

On an interesting note, Dr. Thompson shared that he had used ChatGPT to back up his research into the matter. He’d first asked several professionals, including scientists and technologists, for their opinion, but concluded he needed a list based on a larger sample size — and so he asked ChatGPT for a list of “top technology threats”. He highlighted the irony that ChatGPT had listed itself as the second-biggest disruptor. 

This sort of casual use of generative AI for writing a keynote for a major cybersec conference speaks volumes, especially about its quick adoption. 

Every light comes with a shadow, and cyber has to deal with it

“We are in a special time in history where science and technology are advancing very, very quickly,” Dr. Thompson said. “Whenever that happens, you get the light of the advancement, and all the good from it, but it also casts a very deep shadow.”

“We (in cybersecurity) are the shadow experts. We study the shadow, we understand the shadow, and try to get rid of the shadow. We put other lights in the shadow to get rid of it. There has never been a more important time than this.”

It was an interesting and vivid metaphor, especially since you can never really get rid of the shadow (much like all the security threats in the world).

Continuous learning is crucial

“This is a career where by definition, you are a lifelong learner,” he said. “You try to defend, but there are people on the other side, (bad actors) who are just as creative, just as smart, and just as well resourced as we are.”

“So we (as cybersec experts) are constantly having to reinvent what we do, constantly having to add to what we do.”

Learning has always been critical to cybersec — out of every profession in the tech industry, it’s the most like drinking from the firehose. But it’s interesting that Dr. Thompson underscored the increased importance of learning in the light of rapid advancements in science and technology, and especially AI. 

It’s also not surprising given that global organizations ranked AI development and training as their third-most “critical technology and human skill to hire for or develop in the next 18 months”. If you also factor in that over 1,750 leaders and technologists ranked cybersecurity as their largest skills gap, according to Pluralsight’s State of Upskilling 2022, there’s a lot of learning and development to be done this year.

Learn from your peers

Dr. Thompson spoke about how events like the RSA Conference were special, because it’s a time to get together with other professionals who get the struggle of cybersecurity, and share valuable learning experiences.

“We’ve got a fellowship here of others who have to deal with the same challenges you deal with everyday. Being able to talk to those people, and build connections (is vital).”’