Skip to main content

Main takeaways from Cyberconference 2022

Recurrent themes and key lessons from the CyberEco event in Montreal

published at: 2022-05-10

On May 4th and 5th 2022, I attended the Cyberconference, an exciting cybersecurity event in Montreal that lasted for two full days and counted with more than 40 talks by people from several companies and the public sector.

While the talks covered a wide variety of topics, I noticed some recurring themes that were mentioned in many of the presentations. They were my main takeaways from the event as whole:

Teamwork and knowledge sharing

Private companies from a given sector (or a given geographical location) are better off sharing cyber incident insights among them, as the advantages outweigh the potential drawbacks. Ultimately, it leads to better collective security posture and better threat intelligence. The same principle applies to ministries of a government and nation states of an alliance.

Security by design > security as an afterthought

It is way easier to maintain a product that is designed to be secure from day 1, than to add a layer of security veneer to a product that was not constructed with safety principles in mind.

Keywords: secure coding, shift left.

Proactive defense and prevention rather than simply reacting to incidents

The infosec teams of many companies out there spend much of their time responding to incidents after they happened. Time and effort spent “running after” or “putting out fires” is not wasted, of course, but would be much more efficient if allocated to proper prevention.

It is common sense that preventing is better than remediating, in all spheres of life. In the specific case of cybersecurity, these are a few steps that lead to a better posture:

  • keep an up-to-date inventory of your assets
  • know your potential adversaries: who are they? What techniques have they employed in the past?
  • execute threat simulation exercises periodically

Automate, automate, automate!

The more a SIEM can programmatically do its job, the more time it frees up for the defensive team to do other important tasks (ideally, ones that cannot be done by a computer). This is especially important during staff shortages.

One of the main ideas here is to aggregate data from various sources and analyze it in the context where it happened. Another idea that could take your defensive security game to to the next level is to automate not only detection, but incident response as well.