AVAR spreads its wings this year, and focuses on something us researchers have known for years: until we interact with CISOs on the defensive front line, we can’t as impactfully defend against cyber attacks, and the resulting damage.
Researchers dig into cleverly obfuscated malicious binary payloads daily (and will highlight them at AVAR), but this raw intelligence often fails to be operationalized. The translation gap between a researcher's technical findings and a CISO's need for prioritized, risk-based context is too wide. Lacking this shared context, we’re left with tiny single tool defense silos where the collective odds of failure are high.
AVAR realized this a few years back, and aims to accelerate it by fully integrating CISO input in the form of CISO Connect, a specific track focused on closing the translation gap. It's designed to move beyond 'creepy malware' and focus on the most critical aspect: practical defensive implementation and risk prioritization.
Some larger venues address this in a more broad sense, but here at AVAR in Kuala Lumpur, Malaysia, there is a rare opportunity for CISOs to get direct, technical nuance from researchers, and, just as importantly, for researchers to gain crucial battlefield context from CISOs. These are the conversations that close the loop—CISOs learn what to defend against, and researchers learn what to hunt for next. This helps both understand the nuance, in a way that’s both rare and precious in the industry. One-on-one deep dives typically last far into the evening in corner booths and cafes over drinks. You won’t get that in the confines of your office.
Add to this the brainshare around attacks specifically highlighting APAC-centered attacks and tactics, and the air becomes all-the-more rarified.
The end goal is information sharing, and this is a good place for it. It’s a good start at least.
While there is increased attention on geopolitical underpinnings behind attacks, our defensive tactics should be about understanding and stopping threats overall, regardless of subtle headwinds from certain nation state actors or groups - we should just be about creating safer locks, and fixing what we can on broken ones.
But since the goal is to make the whole community - and all of our data - safer, the pairing of deep-dive tech and practical implementation is one that should be cherished, nurtured, and expanded into the future.
The best way to do that is loop more security folks into the conversation, and the best way to do that is join us and see for yourselves in Kuala Lumpur.
- Cameron Camp, Senior Security Researcher, SecureIQLab
