The RSA Conference is considered a must-attend event for all chief information security officers (CISOs). It is not only an opportunity to meet and network with other CISOs, but it also lets you engage with a wide range of thought leaders in the security industry. Many of these thought leaders are attending the conference for the sole purpose of sharing knowledge and experiences with their colleagues. While it is impossible to attend all the conference’s great educational sessions given the multiple tracks, the following are six sessions that will help CISOs improve their role and better attend to their responsibilities:
New CISOs at the RSA Conference 2015
CISOs who are new to their role may wish to invest their time and attend “Information Security Leadership Development: Surviving as a Security Leader,” a four-part session that includes a diverse group of CISOs and compliance and privacy executives sharing their experiences. The following are the four parts of the session:
- “As a New CISO: How to Assess Your Security Program for Success” by Gary Hayslip, deputy director and CISO of the city of San Diego.
- “Are You Fighting the Wrong Battles?” by Bill Burns, vice president and CISO of Informatica.
- “Being a CISO: What They Don’t Tell You,” a panel discussion with Jack Jones, president of CXOWARE, Inc.; Evan Wheeler, vice president of operational risk management for Omgeo; Rick Howard, chief security officer of Palo Alto Networks; Julie Fitton, CISO of EMC Cloud Services; and Amy Butler, assistant vice president of information security and compliance for George Washington University.
- “Stepping Inside the Boardroom” by Trey Ford, global security strategist for Rapid7.
All CISOs must surround themselves with the best security talent available and ensure all members of the workforce are involved in addressing cybersecurity threats in order to be successful. According to IBM CISO Joanne Martin, IBM has a multipronged approach to finding talent. The company hires individuals with well-polished technical skills and then trains them in-house in the security disciplines. IBM has also partnered with universities to evolve their curricula with an emphasis on cybersecurity.
The panel session “Cultivating a New Generation of Cyber Workforce Talent” will go a long way toward ensuring a better understanding of the unique challenges and opportunities that come with building the next generation of cybersecurity professionals. The panel, moderated by Michael Kaiser, executive director of the National Cyber Security Alliance, includes the following speakers:
- Andy Ozment, assistant secretary of the Department of Homeland Security’s Office of Cybersecurity and Communications;
- Cecily Joseph, vice president of Corporate Responsibility and chief diversity officer of Symantec;
- Jeffery Jacoby, director of program engineering for cybersecurity and special missions at Raytheon Intelligence, Information and Services.
Data and application security in the cloud — private, public or hybrid — is top of mind for every CISO. The RSA Conference includes the session “Something Awesome on Cloud and Containers,” which is co-presented by Christopher Hoff, vice president and security chief technology officer of Juniper Networks, and Rich Mogull, analyst and chief executive officer for Securosis, LLC. The session will address the technical evolution of cloud computing and emphasize how early cloud security models are being replaced by the drive to containerization.
Secure Your Business
How complex is your supply chain? Is every link in the supply chain afforded the same level of security? Will the Internet of Things affect your data security? “Supply Chain as an Attack Chain: Key Lessons to Secure Your Business” is a panel discussion on why you need a strong supply chain cyber risk management capability. The panel will be moderated by Tony Gaidhane, senior associate of Booz Allen Hamilton, with participation from Benjamin Jun, chief technology officer of Chosen Plaintext, Sam Phillips, vice president and CISO of Samsung, and Scott Stephens, director of EG Global Supply Chain Product Cybersecurity, HP.
If you have an international footprint, you’ll want to attend “Following the Sun: A Worldwide View of Cybersecurity Laws and Regulations,” a panel discussion moderated by Jessica Gulick, chief strategist of CSG Invotas. Participants will include Gene Fredriksen, CISO of PSCU, James Halpert, global co-chairman of DLA Piper’s Data Protection, Privacy and Security and Cybersecurity practices, and Larry Clinton, president and chief executive officer of the Internet Security Alliance. The panel is expected to highlight the growing complexities of cyber regulations around the world and discuss why organizations that have better knowledge on the regulatory penalties and initiatives available in any given environment are best positioned to balance risk.
The CISO and the Board of Directors
Boards of directors are expected to be kept abreast of risks, security concerns and the pathway to remediation and “de-risking.” As discussed in “The CISO and the Need for a Common Business Language,” CISOs must be able to communicate with the board in a language both sides can understand. This includes ensuring technical information is kept to a minimum, having your facts and numbers aligned and thinking and talking business. In the session “The CISO Reporting Project,” co-presenters Trey Ford and Nicholas Percoco, vice president of strategic services for Rapid7, will provide the results of a CISO study focused on reporting behaviors and what the board really wants to hear from the CISO.
Enjoy the RSA Conference, soak up all the information you can and share that acquired knowledge with your staff, peers and industry. Never has the phrase “knowledge is power” been more apropos.