It’s almost that time again — RSA USA. Which means that, for a lot of us, it’s also time to begin the delicate balancing act of scheduling important business meetings, partner jams and hospitality parties around conference attendance at the talks we just can’t miss. Some sessions, such as the Innovation Sandbox and the keynotes, are on everyone’s essential list. But what about the session-track talks? Which ones really stand out?
The RSA Top 10
To try to help with your planning, I’ve collected a few of the sessions that have me most excited. This is a very short list. What constitutes must-see varies based on expertise and interest, but these are certainly on my radar as I prep for RSA 2016.
1. ‘From Cave Man to Business Man, the Evolution of the CISO to CIRO’ (PROF-M07)
Years ago, I complained to Andy Briney, then-editor in chief of Information Security Magazine, that the magazine was named improperly. I told him it should be “Information Risk,” not “Security,” because security is a bit of a misnomer.
What are we really doing? Making security process and control decisions through a risk lens. Think CISOs will become CIROs by 2020? I’m interested to hear what this speaker has to say in this session.
2. ‘Product Security at Internet Scale’ (ASD-T09R)
The abstract to “Product Security at Internet Scale” says it all: “Building secure products is hard. Building secure products to protect massive amounts of data and value is beyond hard.” Application vulnerabilities are still a reality, and now they’re in our cars and houses. If this talk can provide at least one or two big “aha” moments on how to improve the state of appsec in our organizations, it’ll be time very well spent.
3. ‘Bro, Do You Even Cybercrime? Key 2016 Trends’ (HT-T09R)
James Lyne is one of the best and smartest speakers on InfoSec and cybercrime. He always brings new and interesting research to his presentations. There are a few trends talks at RSAC16 — but because of Lyne, “Bro, Do You Even Cybercrime? Key 2016 Trends” is my top pick.
4. ‘The Newest Element of Risk Metrics: Social Media’ (GRC-T10R)
Social media can impact a company in a number of ways, from a rogue employee posting something negative to an exec who posts a seemingly innocuous photo that contains telling geographic metadata. Facebook statuses may indicate state of mind, and Twitter follows can highlight personality changes. Tracking and monitoring social activity could become a big part of the risk picture — making this talk timely.
Also of note in the same vein is “Where You Are Is Who You Are: Legal Trends in Geolocation Privacy & Security.”
5. ‘300+ Cities, Millennials and a Mobile Workforce: A Security Gauntlet’ (HUM-T10R)
Samantha Davison, security program manager at Uber, will be talking about how the company trained their massive contractor workforce on security practices using gamification and out-of-the-box approaches. Institutionalizing security awareness isn’t easy with employees. If Uber’s got great tips for engaging all workers, even contractors, I’m all ears.
6. ‘Transforming Security: Containers, Virtualization and Softwarization’ (ASD-W03)
If you’re not involved in application development and deployment, containers may be new to you, but they are transforming how enterprises deploy and manage applications. As with a lot of big IT shifts, security hasn’t been top of mind during this revolution. This talk looks like a solid intro into what containers are, with practical advice for building security in without slowing things down.
7. ‘Integrating Cybersecurity Into Supply Chain Risk Management’ (GRC-W03)
Oh, supply chain — what’s new about that? As it turns out, quite a lot when it comes to a cyber supply chain in a connected Internet of Things (IoT) ecosystem. I think supply chain will emerge as one of the most important areas of focus for risk management because it increases the attack surface exponentially.
8. ‘How to Prepare for Cybersecurity in 2020: A Panel Discussion’ (CXO-W05F)
The abstract specifically calls out an issue with the way we focus on the most recent hack. This is spot-on — it’s easy to get hung up on the last pivot from a criminal gang or the next iteration of a piece of tried-and-true malware like Dyre.
These matter, but when looking ahead, planners must also take a strategic, big-picture view or risk missing the forest for the cyber trees. That’s why I’m going to attend this panel.
9. ‘A New, Radically Innovative US-CCU Cybersecurity Checklist’ (TECH-R02F)
Part of risk assessment work is being able to take multiple views — that of the builder, protector, user and attacker. This new US-CCU checklist is supposed to provide you with the attacker and defender viewpoint, depending on how it’s read. It sounds like a great tool, and I’m planning to check it out at the talk.
10. ‘Teaching Our Kids the Real Hacking Sklllz’ (MASH-F02)
What’s more forward-looking than what we’re teaching our children? This panel is going to discuss programs that help teach kids about hacking and cybersecurity.
Other Sessions of Note
Those sessions may be the top 10 I want to see, but they certainly aren’t the only ones. Also on my list are:
- “Combating Spoofed GPS in Forensics” (HTA-R05);
- “Privacy, Selfie Sticks and Umpires: Things That Shouldn’t Exist, but Do” (IDY-R04F);
- “Preserving the Privilege During Breach Response” (LAW-R05);
- “The DDoS Consideration for SDN Deployments” (HTA-F01); and
- “Quantum Technologies and Real-World Information Security Challenges” (PDAC-F02).
Please take a look and let me know (@dianakelley14) if this list helped you spot some gems. You’re also more than welcome to attend my own RSA session, “Board Room Rodeo: How to Align the C-Suite and Make Better Security Decisions” (SPO1-R04).
See you next week in San Francisco!