SAN FRANCISCO — Any doubts whether former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs maintains substantial support within the information-security community were put to rest Thursday (May 1) as he walked onstage to loud applause at the RSAC conference here.Krebs is currently being investigated, and has had his security clearance revoked, by the second Trump Administration, apparently as punishment for declaring that the 2020 general election was free and fair.(For Complete Live RSAC 2025 Coverage by SC Media Visit SCWorld.com/RSAC)That statement cost Krebs his CISA job in 2020 and his latest job at SentinelOne just last month after the Justice Department probe was announced.
All-star panel
The legal and professional troubles didn't seem to faze Krebs, who cheerily introduced fellow panelists Jen Easterly, who succeeded Krebs as CISA director and now works at Evenstar Cyber; Rob Joyce, former director of cybersecurity at the National Security Agency and current venture partner at DataTribe; and Michael Schmidt, New York Times reporter and co-producer of the Netflix miniseries "Zero Day."
Chris Krebs & Michael Schmidt, reporter, Co-Creator & Exec Prod Zero Day
Credit/RSAC
Krebs was in his trademark High Prep attire, wearing a blue-striped Oxford shirt, Nantucket Reds and loafers with loud socks. Easterly was on-brand too, in embroidered blue jeans and wedge slip-ons. Schmidt and Joyce wore blazers without ties.The ostensible purpose of the session was to discuss the "Zero Day" miniseries, which debuted in February, and how accurately it portrayed a fictional cyberattack that paralyzes American critical infrastructure and results in thousands of deaths. But much of the crowd was there to see Krebs."The project was an opportunity to tell the public about cybersecurity," said Schmidt, who came up with the miniseries' narrative and strove to make sure the impacts of cyberattacks on critical infrastructure were as accurate as possible.Easterly and Joyce liked the depiction of how the initial attack shut down the nation's transport, telecommunications and energy networks, causing civil unrest."People expect critical infrastructure to be there," he said. "What if it's not?""There were elements that just nailed it," Krebs said to Schmidt. "How'd you guys do that?""We were looking for the sweet spot of believable but dramatic," Schmidt responded, adding that the production had cybersecurity consultants on hand."So there were experts that you paid?" joked Krebs. "Asking for a friend — me — who's currently unemployed."
Grim observations
There were other jokes, including how Easterly and Krebs planned to start a band called Unpatched Firewall and title its first album Neuromancer, yet most of the panel conversation was serious.Joyce congratulated the RSAC audience on making cybersecurity much stronger over the past two decades, but stressed the threat from Chinese nation-state hackers, who he said have pre-positioned malware throughout American critical infrastructure to be used as the first strike in a hot war.
Jen Easterly with Evenstar Cyber & Rob Joyce
Venture Partner, DataTribe
Credit/RSAC
Schmidt recalled the sense of national unity in the days after 9/11, and wondered whether that would be possible today given the massive political divisions in the U.S."I came in right after the Colonial Pipeline attack," said Easterly. "Remember the panic that caused? Our adversaries watched that very closely."But, she warned, being more aggressive with China and possibly using offensive cyberweapons against it might backfire."We also need to keep in mind that Xi and the Chinese people can withstand a lot more pain than we can," she said, mentioning the ongoing Chinese real-estate crisis and the tens of millions of deaths from famine during the Great Leap Forward around 1960.Schmidt told a rather gloomy tale of art imitating life: In a clip from "Zero Day" shown during the discussion, Robert De Niro, playing a former president, gives an impassioned speech outside the New York Stock Exchange to two opposing crowds, appealing to their better natures and rousing them to unity.But Schmidt said that a passerby shot video of De Niro's speech and repurposed it to make it seem like De Niro himself had been egging on a crowd of real-life pro-Palestinian protestors. The video was then distributed on social media by pro-Israeli accounts."We were forced to put out a statement that this was for a TV show," Schmidt said. "When you're part of the story and you know the real story and you see how the public twists it, that's very jarring."
AI, of course
And then there was AI, the dominant theme at this year's RSAC conference, which Easterly brought up halfway into the conversation."Oh, you did it, 23 minutes in," joked Krebs. He then asked Joyce, a former AI skeptic, why he'd had a change of heart about using AI in cybersecurity defenses."It's gotten better at debugging code," Joyce said. "If you look at source-code repositories, you're going to find latent defects that have been there for years and years."Easterly, a self-described optimist, called AI "the most powerful technology of our lifetime," and said it could create systems that could stop cyberattacks almost before they start. She admitted that AI could be used for nefarious purposes, however."I'll be the Debbie Downer," said Joyce. "We can't even patch the crap we have today."
A call for cyber resilience
After some talk about who would play each one of them in a movie — Joyce picked Magic Johnson, whom he had met the previous day before Johnson's RSAC keynote address, and Easterly picked either Jennifer Lawrence or Zoe Kravitz — Krebs finally addressed the elephant in the room, and got the most applause of the session."I almost didn't come out here this week," Krebs said. "I made a promise, though ... that I'd come out and I'd do this panel, so I did it. I'd like to think that I'm a man of my word."
Chris Krebs
Former Director, CISA
Credit/RSAC
"So I showed up," he added. "And I want to say I'm completely and utterly thankful that I did, because of you. All of you have been hugely supportive. And not just of me, but the community. It's the community that right now is in distress, that's under attack, that's being picked at from all sides.""Cybersecurity is national security," Krebs declared. "Every one of you — I don't care if you are a sales rep, an engineer, whatever — you are on the front lines of modern warfare. You are the ones that will see the first Chinese attack. You're the ones that are dealing with cybercriminals and child sexual predators on a daily basis. You are the front lines right now. There is no such thing as geographic distance for defense any more.""So thank you for what you do on a daily basis," he concluded. "Please stay in the fight. Do not lose the faith. Don't let 'em grind you down. We have to win this. We will win this. Thank you."(For Complete Live RSAC 2025 Coverage by SC Media Visit SCWorld.com/RSAC)
Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.
