Coalfire at RSAC 2024 – The Art of Possible

RSA Conference 2024 highlighted “the art of possible” – a call-out to the ingenuity of malicious actors and security defenders alike. In his keynote speech, Dr. Hugh Thompson, Executive Chairman of RSAC and Program Committee Chair noted, “It’s a phrase that, on the one hand, is meant to inspire hope, but it also serves as a warning. We should never underestimate what is possible by our adversaries.”

Certainly, this past year has showed us fresh possibilities for the damages that skilled adversaries can inflict. MGM Resorts lost a $100 million from what started as a successful phish. The MOVEit breach affected 2,500 organizations across government, financial services, and airlines. The daring persistence of these cyberattacks make gathering at key industry events like RSAC relevant. There, the security community shares lessons from the cyber trenches and solutions that can help. 

Security Meets Compliance Booth-side: A Holistic View of Coalfire’s Services

For Coalfire, RSAC 2024 was a moment to educate attendees on our professional and managed services offerings for building effective security and compliance programs. At the booth, attendees learned our people + tech approach to cyber advisory, assessment, and security services. “I didn’t know you did all these things” was a frequent refrain as they walked away with a complete picture of where we could help their businesses. 

Tom McAndrew’s Interviews Highlight Security Governance, Tech-enabled Services, and Ecosystem Partnerships 

While the team held down the booth, Tom McAndrew spoke with at-show media on Coalfire’s work preparing customers for the latest security and compliance challenges. As he noted in his interview with theCUBE, while the attack surface grew more than 30% last year, budgets and security talent did not. Tech-enabled services like Coalfire’s combine the best-in-class expertise of our auditors, advisors, and red teamers with the scale of our tech platforms to help customers better defend their infrastructure. 

At the corporate governance level, boards of directors face emerging risks from Gen AI and updated incident disclosure rules from the SEC and DHS. They don’t need to become cybersecurity experts but must ensure compliance with these rules, which requires a “Goldilocks” balance in not over or under stating their cybersecurity readiness. These risks are areas where Coalfire’s Advisory experts are already guiding customers, as in the case of our work partnering with Google to assess its Vertex AI platform against the NIST AI Risk Management Framework and ISO 42001. 

Finally, the security industry has built out many public private collaborations over the years, and Tom noted that cybersecurity responsibility remains a team sport. Big tech providers have proactively shored up their systems since they are the biggest and most frequent targets. But more discussion is needed on specific assistance government can provide to breached organizations, particularly for small and resource constrained entities. The general guidance of “don’t pay the ransom” is a start but they need help with recovery.     

Four Awards Recognized Coalfire’s Service Lines

While our SMEs and sales educated the show floor on the scope of our projects and our technologies – Compliance Essentials, Hexeon, and ThreadFix – Adam Shnider, Charles Henderson, Jim Masella, Joe Marta, and Vineet Seth posed for photos and received Global InfoSec Awards trophies for all three service lines, recognized for Best GRC, DevSecOps, Offensive Security, and MSSP of the Year.

Happy Hour Wrap-up

We wrapped up RSAC with a happy hour at Sens Restaurant to thank the customers, prospects, and partners who chose to spend their evening with us over the scores of other events competing for their time. The venue also provided a forum for employees to share a moment of camaraderie and toast the innovative possibilities ahead for security and compliance professionals.