This week, the Anaheim Convention Center in California played host to the AWS re:Inforce 2023 conference, AWS’s flagship event focused on cloud security, identity, and compliance. AWS announced an array of new services and capabilities—as they typically do at events like this—and there were many informative keynotes and breakout sessions.
I spoke with Jenny Brinkley, Director of Security for Amazon, and asked for her thoughts on the event and her key takeaways. “We are still seeing big trends around, ‘I need to hire. Where do I find people?’ How do I retain them once I have them is another big theme, along with diversity, equity, and inclusion continues to be a challenge in the security space. How do you really think through representation and finding diverse talent to build out teams and then again, once you have them, how do you retain them and prevent burnout?”
Throughout the event, though, the pivotal role of security awareness training, the value of diversity, equity, and inclusion (DEI) in security strategies, and the impact of generative AI on the security landscape were prevailing themes.
Security Awareness Training
One central theme that emerged was the importance of security awareness training. As the backbone of any robust cybersecurity strategy, it has been traditionally under-emphasized, often relegated to annual compliance exercises. However, with threats increasing in sophistication and scale, this is changing dramatically. Cybersecurity is no longer the sole responsibility of IT departments, but the collective responsibility of all employees.
AWS re:Inforce 2023 emphasized the concept of ‘Security Culture’ where every team member, irrespective of their role, is a crucial part of the organization’s defense mechanism. Engaging and effective security awareness programs, designed to make every employee a security advocate, represent a crucial line of defense against increasingly sophisticated cyber threats. Better security awareness is a significant shift towards proactive defense, underscoring the necessity to embed security in the fabric of an organization’s culture.
Diversity, Equity, and Inclusion (DEI)
DEI was another key discussion point at the conference. Traditionally, the cybersecurity field has been dominated by a specific demographic group, resulting in a limited perspective on threat analysis and mitigation. Increasing diversity within security teams can lead to more effective, creative, and comprehensive approaches to safeguarding digital assets. Greater representation, extending across gender, race, ethnicity, and neurodiversity, brings a variety of experiences and perspectives to the table, thereby enhancing problem-solving capabilities and fostering innovation.
Re:Inforce demonstrated a concerted effort to incorporate DEI into security strategies. This included roundtable discussions, networking events, and presentations dedicated to empowering underrepresented groups in the cybersecurity field. The consensus was clear: leveraging diversity and fostering inclusivity equates to stronger, more effective security.
Brinkley shared that Amazon recently started a new initiative in partnership with the National Cybersecurity Alliance to work with historically black colleges and universities (HBCUs) to invest in cybersecurity programs and promote careers in cybersecurity. They visit the campuses and work with students to help them understand the opportunities and how to navigate the cybersecurity field.
We also talked about the fact that there are hundreds of very different roles within the spectrum of cybersecurity, and varied and disparate ways to get into the cybersecurity field. There is no “right path” to cybersecurity. Brinkley noted, “Everybody comes from a different perspective. Yes, you have people that have joined from three-letter agencies, but you also have people that have come with music degrees.”
Generative AI has dominated headlines all year, so it should be no surprise that it also took center stage at re:Inforce 2023. As a disruptive technology, generative AI has the potential to revolutionize industries, accelerating productivity, and pushing the boundaries of human capability. However, it also introduces new security challenges. AI systems can generate realistic phishing emails or synthetic identities, making cyber threats more sophisticated and harder to detect.
Nevertheless, the sense from the event was unequivocal: the rewards outweigh the risks. Generative AI can be harnessed for proactive threat detection and response, automating repetitive tasks, and facilitating decision-making. When properly managed, generative AI has the potential to streamline cybersecurity operations and raise the bar on what people can accomplish. The focus should not be on stifling innovation due to fear of potential misuse but on creating resilient systems to manage and mitigate those risks.
One of the reasons that AWS is such a powerful force is the scope and depth of the partner ecosystem. Amazon offers hundreds of services itself, but partner vendors integrate, augment, and support those services in ways that help ensure customers get the outcomes they need.
I had a chat with Manoj Nair, Chief Product Officer at Snyk, and Carey Stanton, SVP of Global Business and Corporate Development at Snyk, about the event and their partnership with AWS. We talked about how they work closely with AWS, and discusses the concept of the shared responsibility model. Nair explained, “I think one of the areas that we are educating customers jointly with AWS in our space is now—with the advent of generative AI, and the fact that AWS with some of their recent capabilities and other things they have announced—that’s an opportunity there.”
We talked about the requirement for a software bill of materials (SBOM) and the rising trend of software supply chain attacks, and how Snyk is helping customers address those concerns. Nair said, “If you’re an Appsec professional, you need a workbench to just understand, ‘What apps do I have? Where are pipelines that are getting spun up? Does my code, and all the things that I’m producing actually have coverage?’ and those kinds of questions and the ability to automate that is a big part of what we’re focused on.”
AWS re:Inforce 2023 underscored the need to navigate the intersections between security, diversity, and AI innovation strategically. Security awareness training and DEI are not merely valuable; they are indispensable for a stronger, more effective cybersecurity strategy. Generative AI, though posing certain security challenges, presents an opportunity to accelerate productivity and raise the bar on human achievement. As we move forward, it is evident that embracing this trio – security awareness, DEI, and AI innovation – will be central to driving meaningful progress in the cybersecurity landscape.
Read the full article here