CornCon X: Powering Cybersecurity Innovation Through Human Connection
The Mississippi River, often referred to as the "Big Muddy," is a vital artery of American culture and commerce. Interestingly, only one section of this iconic river runs from east to west, and it flows through Davenport, Iowa. While Davenport may not be the largest city in the Hawkeye State, it plays a crucial role in the Quad Cities metropolitan area, which thrives on collaboration and community spirit. This ethos of unity was palpable at the recent CornCon X, a cybersecurity conference celebrating its 10th anniversary, held in Davenport.
A Gathering of Minds
CornCon X brought together around 400 practitioners, thought leaders, and students at The RiverCenter for an action-packed three-day agenda. The first day featured the CISO Summit, an exclusive event for Chief Information Security Officers and executives to discuss current market trends in a candid environment. The subsequent days were filled with 47 sessions, multiple workshops, and engaging activities, including a K-12 Kids’ Hacker Camp and a day-long High School Cybersecurity Event. The conference was not just about formal presentations; it fostered a vibrant atmosphere for hallway conversations, allowing attendees from diverse backgrounds to share insights and experiences.
Debunking Cybersecurity Myths
One of the standout sessions featured Dr. Gene Spafford, a renowned author and professor at Purdue University, who presented "Myths and Misconceptions in Cybersecurity." Drawing from his book of the same name, Dr. Spafford challenged the audience to rethink common beliefs that hinder progress in the cybersecurity field. He pointed out that the language used in cybersecurity is often exclusive, creating barriers to understanding for those outside the industry. For instance, the term "virus" can mean vastly different things to a cybersecurity professional compared to a public health expert.
Dr. Spafford emphasized the lack of a clear definition of cybersecurity, noting that while we agree it involves protecting assets from threats, this definition is inadequate. He urged attendees to focus on measurable outcomes in security, questioning why it is so challenging to quantify security efforts. He also debunked the myth that "more technology is better," advocating for simplicity in systems, which can lead to easier defense mechanisms. His call to action was clear: rethink conventional methods, seek simplicity, and promote good values in cybersecurity practices.
The SaaS Challenge
In another insightful session titled "The SaaS and the Furious – A Deep Dive in SaaS Compromises," Ryan Wisniewski, Incident Response Lead at Obsidian Security, explored the vulnerabilities associated with Software as a Service (SaaS) applications. He highlighted that attackers are increasingly targeting SaaS platforms because that’s where valuable data resides. Wisniewski’s research revealed that identity compromises are the primary entry point for attackers, often facilitated by shared service accounts with weak credentials.
He outlined the typical steps in a SaaS attack: Initial Access, Persistence, Defense Evasion, Discovery, and Impact. By understanding these stages, organizations can better prepare for potential breaches. Wisniewski’s insights serve as a crucial reminder of the importance of securing identity management within SaaS environments.
The Human Element in Access Management
Sean Juroviesky, Senior Security Engineer at SoundCloud, presented a session titled "Hacking Other Teams Using Social Skills to Strengthen Your IAM Program." He shared valuable lessons on the importance of communication and understanding among teams when managing access controls. Juroviesky emphasized that there is no one-size-fits-all solution for Identity and Access Management (IAM); instead, success lies in engaging with team members to understand their unique needs and challenges.
By fostering open dialogue, security teams can better align their strategies with the realities of how access is managed within organizations. This human-centric approach not only enhances security but also builds trust and collaboration among teams.
Contextualizing Threat Intelligence
In her session, "What the Heck is Hermeneutics, and How Can It Be Used to Level Up Your Threat Intel Game?" Cherie Burgett, Director of Cyber Intelligence Operations at the Mining and Metals Information Sharing and Analysis Center, introduced the concept of hermeneutics—the study of interpretation. Burgett explained how this philosophical approach can enhance threat intelligence by encouraging analysts to consider the context surrounding threats.
By examining the broader context of threats, cybersecurity professionals can develop more effective strategies for response and mitigation. Burgett’s insights remind us that understanding the "why" behind threats is just as important as identifying the threats themselves.
A Collective Journey Through Security Threats
Throughout CornCon X, a recurring theme emerged: the necessity of empathy and human connection in cybersecurity. As professionals in this field, we must recognize that our work ultimately revolves around protecting people. The conversations and collaborations fostered at CornCon exemplified this principle, demonstrating that when we come together as a community, we can navigate the complexities of cybersecurity more effectively.
As the conference concluded, attendees were encouraged to continue building connections within the cybersecurity community. While CornCon XI is set for 2025, there are numerous opportunities to engage with fellow professionals through local meetups and events. The spirit of collaboration and shared learning that defined CornCon X is a powerful reminder that together, we can face the challenges of cybersecurity head-on.
In conclusion, CornCon X was not just a conference; it was a celebration of human connection, collaboration, and the shared mission of securing our digital world. As we move forward, let us carry the lessons learned and the relationships forged into our ongoing efforts to enhance cybersecurity for all.