The USA 2018 RSA Conference is only a few weeks away and around 45,000 IT security professionals will be arriving in San Francisco to discuss one of the biggest risks and threats to our future, countries, economies and civilization. Yes, cyber security and how to prevent future cyber-wars will be one of the main topics of the conference, among many others.
RSA is a major cyber security event and is a must-attend for cyber security professionals
The RSA date is usually a moving target (switching between Feb and April) which sometimes causes confusion, but this year it will be held at the Moscone Center, San Francisco between April 16-20 2018. It’s one of the major cyber security events of the year and is a must-attend for most cyber security professionals.
One thing that’s clear is that cyber-attacks cross country borders and disrupt our way of life—and nation-states are not taking responsibility. Cyber-crime groups have been behind many cyber incidents in recent years resulting in major data breaches, ransomware attacks, or government agencies’ confidential data being stolen. Several governments and companies have linked these cyber groups to nation-states, though without sharing concrete proof, and with those nation-states refuting any involvement. Without clear collaboration and transparency this problem will continue to grow, with the possibility of a full-on cyber war as retribution. All this will be discussed at RSA 2018 in the hope that a solution will be found to make our online world a safer place.
As many of you are preparing for the journey to San Francisco, planning the sessions and events you want to attend ahead of time is essential. Reviewing the hundreds of sessions that will be available at RSA this year will take some time, so to make it easier for you I have listed my top 5 sessions not to miss at RSA 2018.
1. The Price of Cyber-Warfare KEY
The first session on my list is a keynote by Brad Smith, President of Microsoft. I have listened to Brad many times—his insight and thought leadership is awesome. He will leave you with many thoughts to consider after the session, and given the title of his keynote, this is one session you definitely should not miss.
The Price of Cyber-Warfare KEY-T02
April 17, 2018 | 8:35 AM – 8:55 AM
The battle has moved to cyber space and citizens around the world are finding themselves in the cross-hairs. As the WannaCry and Not Petya attacks showed us, these attacks don’t pit machines against machines, but machines against real people with devastating consequences to economies, businesses, civil society and individual citizens. Join Brad Smith, President of Microsoft as he discusses how this new reality demands new solutions and ever greater responsibility from the tech sector, governments and users.
Speaker: Brad Smith, President, Microsoft
2. Fool Proof: Protecting Digital Identity in the Age of the Data Breach
The traditional security perimeter approach, used for almost 30 years, is no longer effective alone and must be enhanced to be relevant in today’s world.
When we look at why many of the cyber breaches in the past year have occurred it comes down to three major factors which can be categorized into: the human factor, identities and credentials, and vulnerabilities. In our digital social society we are sharing more information, ultimately causing ourselves to be increasingly exposed to social engineering and targeted spear phishing attacks. The ultimate attack goal is to compromise our systems for financial fraud or steal our identities in order to access the company we are entrusted with protecting.
The perimeter has moved and we must move with it.
Identities is one of the most important cyber security roles to manage and secure; identities will play an important role in building trust on the internet. Therefore, this session is my next must-see at RSA.
Fool Proof: Protecting Digital Identity in the Age of the Data Breach IDY-T08
April 17, 2018 | 2:15 PM – 3:00 PM
Identity | Policy & Government | Classroom
In the age of the data breach there are no more secrets. Name, address, date of birth and Social Security number have been the de facto identity attributes for years. But as this information has become more exposed it’s time for organizations to rethink identity proofing and take a more holistic approach to knowing who they are doing business with online.
1: Learn why there are no more secrets.
2: Discover why we must stop relying on traditional attributes for ID proofing.
3: Learn to take a holistic view of identity proofing.
Speaker: Gregory Crabb, Chief Information Security Officer and Vice President, United States Postal Service
Speaker: Paul Grassi, Partner and SVP of Cybersecurity, Easy Dynamics Corp.
3. Life and Death of the DA – Protecting and Securing Admins
Privileged accounts are everywhere in the IT environment. They give IT the building blocks for managing vast networks of hardware and software that power the information-driven world. Yet for most people, they’re invisible. It’s critical you understand privileged accounts, what they do, and why it’s so important to protect access to them as the “keys to the kingdom” of your growing information empire.
Even in the most sophisticated IT environments, privileged accounts are all too often managed by using common passwords across multiple systems, unauthorized sharing of credentials, and default passwords that are never changed. This makes privileged accounts prime targets for attack.
So, my next RSA session recommendation is my own session, which of course is a must-attend session for me as I will be one of the speakers. Come and hear me discuss the life and death of the Domain Admin and learn how to protect and secure admins.
Life and Death of the DA – Protecting and Securing Admins (Thycotic) BC-W1S
April 18, 2018 | 10:40 AM – 11:00 AM
Identity | Briefing Center
You’ve reached an amount of domain administrators that is scary to admit. You’re too busy to invest and implement a Red Forest design. This session will offer a practical approach to reducing the domain administrator footprint in your environment and securing these sensitive accounts. Learn how to determine ownership of Domain Admins, turn Domain Admin credentials into OTPs, and much more.
4. International Cooperation on Cybersecurity: Together We are Stronger
Another cyber security subject I feel very strongly about is cooperation between countries to defend their citizens and fight cyber-crime.
International cooperation is needed
To prevent a major catastrophe from occurring, governments and nation-states need to work together with full cooperation and transparency to ensure that cyber attribution is possible. They must hold one another responsible for the actions of criminal organizations carrying out cyber-attacks from within their borders. It is important that governments do not provide a safe haven for cyber criminals to carry out such attacks, especially when they are doing it for financial and political gains, and with extreme aggression.
It’s time for governments to act and protect democracy and our way of life.
My next session recommendation at RSA is from a digital thought leader all the way from Estonia. Andrus Ansip believes that it is important to work together as we are stronger together, and he’ll explain why.
International Cooperation on Cybersecurity: Together We are Stronger FRM-W10
April 18, 2018 | 12:30 PM – 1:15 PM
Andrus Ansip will share his personal experience of the massive cyberattack against critical national institutions and infrastructure when Prime Minister of Estonia in 2007. Eleven years on, he is putting these firsthand lessons to use as the Vice President of the European Commission responsible for Digital Single Market. He will stress the global need for cooperation on cybersecurity, with particular focus on certification and information sharing to allow international data flows to thrive. In this context he will also address latest developments in data protection and privacy. Andrus Ansip will be interviewed by internationally-renown broadcast journalist Riz Khan.
Speaker: Andrus Ansip, Vice-President for Digital Single Market, European Commission
Speaker: Riz Khan, International Journalist, Author, Public Speaker
5. GDPR & EU Privacy Laws: Raise the Bar for Your Privacy + Security Roadmap
Finally, there is nothing like a late evening workshop, and of course we can’t avoid the EU GDPR as it is fast approaching and it impacts all companies dealing with EU citizens. So my final session recommendation is with the Nighttime Ninja on GDPR.
GDPR & EU Privacy Laws: Raise the Bar for Your Privacy + Security Roadmap NJA-T11
April 17, 2018 | 6:30 PM – 10:30 PM
A new era of data protection regulations will make GDPR a top priority for security professionals. Join OneTrust for a pint, appetizers, and discussion about the key components and importance of the EU’s GDPR, how it directly affects the security professional (from data mapping and classification to strict incident response requirements), and the importance of demonstrating on-going compliance.
I hope this provides a useful, quick summary on the sessions at RSA 2018 that you should not miss, and of course I will be wandering around so catch me for some good conversation and let’s share some cyber stories during RSA.
See you in San Francisco!
This is a Security Bloggers Network syndicated blog post authored by Joseph Carson. Read the original post at: Thycotic