
#RSAC is what you make of it
…
Q: Are you going to RSA?
A: Of course. RSA is mandatory punishment for people like me.
Like I said just before RSA USA 2012, each year at RSA I want to quit security.
At the end of the day, like with most things…
…it is what you make of it. Make it matter this year. Demand better. I will be.
My suggestions on are worth re-reading :
- People Value
- Non-RSA Venue
- The Bizarre Bazaar of the Exhibit Floor
Anticipated Buzz-Words:
Remember: Just because a buzzword is abused and/or nausiating, doesn’t mean all uses or the ideas/facts behind them are nonsense. The trick is to ask people to define their use, defend their use, and provide specifics.
- Big Data: This will be the least clear and most abused. It isn’t just having a hadoop cluster or *B or *flops of useless data.
- Actionable Intelligence: Done right, this is becoming table stakes. Done wrong, this is a marketing retread. Ask for specifics. Most are offering a data feed. Good programs are combining and enriching from OSINT, HUMINT, SIGINT, pay-for feeds of various types, information sharing communities/pilots. This topic is worth sifting out Signal from Noise.
- Offensive Security: For some, the term itself is “offensive”. This often is heard as “Hack Back”. Which is for most, a really, really bad idea. Aside from the legal or attribution debates… if you can’t consistently change default passwds or basic access control, why do you think you’ll win an escalating fisticuffs with your attacker? My Wed 1pm panel (END-W25) will try to clarify this.
- Active Defense: This is a less offensive spin on “Offense”, but definitions vary tremendously. It often means beginning to use deception, deterrence, increased work effort/work factor, increasing the entropy of the attack/er, etc. Again, my Wed 1pm panel (END-W25) will try to clarify this.
- APT or APT1: Yes folks. The Kitten-Killing, Thought-Terminating Cliche’ is back. Given the one two punch of the Executive Order and the hotly debated APT1 materials put out by Mandiant; China, China, China will be discussed. Not all espionage is out of China. Lots is. Get past the groaning and try to get to substance.
- Adversary: This is a good one I am pleased to see entering the lexicon. While many “thought leaders” dogmatically fight the inclusion of adversary analysis, they are wrong
. The programs that are modernizing are trying to weave in the chaining of Adversaries -> Motivation Structures -> Preferred Assets Types -> Their Common/Range of TTPs (Tactics, Techniques & Procedures). Much like this artifact from our Adversary talk from RSA last year (slideshare here).
My Speaking Slots:
Monday, February 25, 3:30 PM – RSA USA – Innovators Sandbox – Room 134 – Facilitator
ISB-001 – Do You Know Your Enemy Enemies?: WHO & WHY do matter…
Much of RSA Conference will focus on WHAT & HOW; at Innovation Sandbox we will focus on WHO & WHY. From script kiddies to nation states (or chaotic actor/hacktivists to citizen soldier militias)… gone are the days where our adversaries are only financially driven. We now face a pantheon of adversaries – each with varying motivational structures, preferred asset type(s), capabilities and levels of skill/determination. This facilitated white boarding session will discuss the characteristics of modern adversaries and hopefully raise questions (and answers) on their implications to our risk management priorities.
This White Boarding session should be both fun and challenging – given the innovative crowd.
Monday, February 25, 4:00 – 5:30 PM — BsidesSF at DNA Lounge
Closing Keynote: Joshua Corman
Tuesday, February 26, 3:50 – 4:50 PM – RSA USA – Room 132 – Panelist
ASEC-T19 – Making Rugged DevOps and Infosec Work
Dwayne Melancon will moderate myself and fellow Rugged DevOps trailblazers: Gene Kim, David Mortman, and Nick Galbreath.
Wednesday, February 27, 1:00 – 2:00 PM – RSA USA – Room 309 – Moderator
END-W25 – Offensive Security: Hope or Hype?
With the threat environment dramatically changing, there is a new consensus that it is almost impossible to keep targeted attackers out of any large-scale network. This panel will discuss new thinking around “Active Defense,” or what some would term “Offensive Activities.” We will explore the pros/cons of enacting an offensive security position in defending a company’s networks.
This one is going to be feisty. Born out of some hot offline debates, this clash of the titans needed to happen. I will have my hands full moderating, but I am up for the challenge – and for challenging them. Come watch George Kurtz (CEO of CrowdStrike), Chris Hoff (Juniper), Adam O’Donnell (Sourcefire) and Andrew Woods (Stanford) duke it out. Got anything you want asked?
Thursday, February 28, 8:00 – 9:00 AM – RSA USA – Room 135 – Panelist
HT-R31 – Mayans, Mayhem and Malware
This panel focuses on the persistent gaps and perennial conditions confronting organizations today, notably in areas of compliance and governance related to threat mitigation, education and awareness. Also, we examine the resurgence of advanced, malicious code & content intelligent enough to obfuscate, assess, re-assess and execute against a programmatic strategy.
Will Gragido, Brian Honan and I tried this at RSA Europe and it was surprisingly good – realistic and griity and honest… This time we’re adding two other dynamic characters.
Friday, March 01, 9:00 – 10:00 AM – RSA USA – Room 133 – Co-Presenter
GRC-F41 – Control Quotient: Adaptive Strategies for Gracefully Losing Control
Cloud, virtualization, mobility and consumerization have greatly changed how IT assets are owned and operated. Rather than focusing on loss of security control, the path forward is cultural change that finds serenity and harnesses the control we’ve kept. The Control Quotient is a model based on control and trust, allowing proper application of security controls, even in challenging environments.
I regret this is so early on the last day but this is not one to miss.
The 6 minute RSA Podcast pre-interview of our talk is posted here.
*** This is a Security Bloggers Network syndicated blog from Cognitive Dissidents authored by joshcorman. Read the original post at: https://blog.cognitivedissidents.com/2013/02/20/rsac-is-what-you-make-of-it/