October 4, 2017

Woz, Ransomware, and Cybersecurity…Oh, My! – Five Takeaways from Cybereason’s DEEP 2017

Located in the main ballroom of the Liberty Hotel, Cybereason’s DEEP conference is a collection of discussions and panels relating to all facets of cybersecurity.

Looking over the balcony on the fourth floor of the hotel, the logo for DEEP was lighting up the walls.

Instead of focusing on their products, Cybereason Co-Founder and CEO, Lior Div wanted guests to experience a different side of this tech sector.

“We didn’t want to be another cybersecurity conference,” Div said. “'The world is operating differently,' I thought. 'Let’s not talk about us [Cybereason] and take a non-linear approach to the event.'”

“Most importantly, I want people to leave the conference saying, ‘Now I’m thinking differently about it the cybersecurity industry,'” he added.

Lior Div giving the opening speech to the early-morning crowd.
Lior Div giving an opening speech to the early-morning crowd.

The event featured speakers from the Boston tech scene, news outlets, and the United States government. The most prominent guest at the event was none other than Apple Co-Founder and Silicon Valley icon, Steve Wozniak.

“We are walking a fine line between product and depth,” said Cybereason Chief Security Officer, Sam Curry. “The number of guests we have lined up is remarkable.”

Every topic was not only relevant but actually dove, well, deep into the world of cybersecurity. Here are five takeaways we found to be the most prevalent and interesting.

The Five Takeaways from DEEP

1. Creativity is Key in Cybersecurity

One aspect of the conference the company wanted to promote was the idea of having creative solutions to cyber attacks. This was featured prominently in the first panel of the day.

Assaf Dahan, Cybereason Japan’s Director of Advanced Security Services, told a story about an infamous security breach. Dahan told the crowd the hackers keep coming up with different solutions, and his team had to think quickly and improvise a counter attack.

Assaf Dahan
Assaf Dahan listing and describing the necessary steps to take with a recurring cyber attack.

“At the end of the day,” Dahan addressed the crowd at the end of his presentation. “It’s people, not the product, that will save your company.”

2. IT vs InfoSec

Lauren Louthan, who works as a cybersecurity consultant, spoke about the importance of teamwork. A typical discussion for a conference, but Louthan spent time discussing how IT teams can sometimes come in conflict with one another.

“To IT teams, the InfoSec team can seem like low-rent mall cops,” Louthan joked to the crowd. For many attendees who aren’t familiar with cybersecurity, this sounds like news. She gave her own perspective on the situation detailing her time spent on both an IT team and an InfoSec team.

As someone who has seen the issues on both sides, Laura Louthan offered some sound advice for the crowd.

She proceeded to ask who in the crowd works in IT and InfoSec and discussed how to work better as a team.

3. “Patching is Important!”

Cybereason’s Principal Security Researcher Amit Serper told the story behind the WannaCry and NotPetya ransomware outbreaks. Serper came to the conclusion that, sometimes, it can be just one factor that leads to a problem like this one.

“If your database is running on legacy software, that can be your downfall,” Serper said. “All it takes is one leg to be running on that particular software for there to be an issue.”

Amit Serper
Amit Serper also talked about how he was a brief media magnet due to his knowledge of both the WannaCry and NotPetya scams.

Throughout his time on stage, Serper urged any current cybersecurity employees, as well as any computer user, to continuously patch their OS. He also mentioned how patching an enterprise software platform could do wonders for a business.

4. Lessons Learned from Government Officials

As mentioned above, several guests on stage have worked in government. Robert Bigman, who previously worked as the CISO for the CIA, spoke about how identifying types of data is more important than most companies realize.

“Out of the forty companies I have worked for, only a handful could identify their data,” Bigman said.

Robert Bigman
One of Robert Bigman's lessons was the sarcastically titled, "It's about the data, stupid!"

Assistant Undersecretary for Homeland Security Hans Olson discussed the importance of strengthening infrastructure with author Kim Zetter. Zetter asked questions involving Stuxnet-related attacks and how hardware can create physical attacks in the real world.

Hans Olsen and Kim Zetter
Kim Zetter and Hans Olson's conversation covered a wide variety of topics, with Olson giving his point of view based on his experience in government.

Eric Rosenbach, the former Chief of Staff to the Secretary of Defense, made an effort to get the crowd involved. Rosenbach detailed the infamous Sony Pictures hack during the winter of 2014 and asked members of the crowd to see what they would do in response to a cyber attack of this magnitude.

“I chose this case because it shows how a hack can escalate into something that becomes a national threat,” Rosenbach said. “These kinds of attacks will only continue to become more pronounced.”

Eric Rosenbach
Eric Rosenbach, a college professor, treated this part of the conference as a lesson seen in one of his classes.

5. Steve Wozniak and His Personal History with Technology

Steve Wozniak is a tech figure who needs no introduction, and the folks attending DEEP welcomed him to the stage. Ran Levi led the discussion that ranged from Woz’s in-depth interest of mathematics to the first time he learned about internal issues with computers.

Woz and Ran
Ran Levi had an old magazine with some of Apple's earliest ads and Woz reminisces on Steve Jobs' contributions to Apple's early marketing efforts.

“Back in the 70s, no one had even heard of computer viruses,” Apple’s Co-Founder said. “In the beginning, it was a non-issue and was difficult to understand.”

One topic of interest was Woz’s opinion on AI and robotics. “In theory, a computer can learn how to make a cup of coffee for someone. It’ll happen if someone makes it their goal in life. [Isaac] Asimov had his law of robotics where ‘No robot shall harm a human being,’” he said. “Woz’s Law of Robotics is ‘No human shall harm a thinking robot.’"

Throughout the discussion, Woz told a few anecdotes, including how he fooled the Secret Service with a fake ID and how he used to program in his spare time; which in turn, resulted in his extensive knowledge of computers and technology. He finished the panel with some inspiring words.

“If you’ve noticed, I like to have fun,” Woz said. “Happiness is how I’m going to judge my life, not by accomplishments.”

Woz and Ran Levi
Steve Wozniak also took questions from the crowd in a humorous Q&A session.

Colin Barry is a contributor to VentureFizz. Follow him on Twitter @ColinKrash.