If last year was any measure, the RSA Conference being held in San Francisco this year will host roughly 40,000 attendees and 700 speakers providing some 500 sessions. Needless to say, it’s a big conference and it can feel overwhelming given there are so many presentations and discussions.
To help you plan, we’ve poured over the entire agenda. We reviewed every single description and picked out 20 or so seminars, sessions, or panels we think are “can’t miss.”
For each entry we’ve selected, we provide a link to the full description on the RSAC site so those interested can view the full descriptions and reserve a seat. We’ve also linked to the social media profiles of the presenters, where available, as background and also offer additional links to related reading.
Finally, we want to present these sessions with three caveats.
First, Sunday and Monday have pre-conference seminars scheduled. Many of these seminars look exceptional – like the crash course on cloud security by (ISC)2 or the threat hunting seminar by SANS – yet we stayed focused on the formal conference agenda.
Second, there are many before- and after-hours events – from morning workouts to evening mixers. We didn’t include any of those, no matter how enticing some of them looked.
Finally, we look at the world through the lenses of network security, and while the selected sessions reflected the broad, if not interconnected, world of cybersecurity, we felt it was fair to make a note of this.
The “can’t miss” events we recommend at RSAC follow.
Events on Monday
If this is your first time attending the conference, the orientation session can help you get the most out of the conference – and perhaps make some friends you’ll see around the show.
- When: Monday, March 4, 2019, from 4:00 P.M. – 5:00 P.M.
The welcome reception is the official event kicking off RSAC for 2019. It will be held in the expo hall floor along with “drinks and hors-d’oeuvres as you preview the leading information security vendors.”
- When: Monday, March 4, 2019, from 5:00 P.M. – 7:00 P.M.
- Be sure to visit Bricata in booth #4139 in the North Expo.
Events on Tuesday
The Trust Landscape (Key Note)
Trust is under assault, according to the description. The connectivity has made “information itself is a battlefield with the power to erode trust in society’s most sacred institutions.” The talk promises to present ideas for better defining and understanding risk in the modern digital age.
- When: Tuesday, March 5, 2019, from 8:10 A.M. – 8:35 A.M.
Information itself is a battlefield with the power to erode trust in society’s most sacred institutions. How can we tackle such a consequential challenge? @Rohit_Ghai and @NiloofarHowe will define the notion of risk in this #RSAC 2019 Keynote https://t.co/KaJiP7Yns5 pic.twitter.com/pBrIGKA7hf
— RSA Conference (@RSAConference) February 8, 2019
Several municipalities fell prey to ransomware attacks in the last few years, so we’re keen to hear from a city official on the concept of future proofing. Technology and threats may change, according to the description, however, “there are some fundamental things about cybersecurity that will never change.” The session promises to detail “the top three cybersecurity must-haves with real-case examples for CISOs to future-proof their cybersecurity strategy.
- Presenter: Timothy Lee, CISO, City of Los Angeles/ITA
- When: Tuesday, March 5, 2019, from 11:00 A.M. – 11:50 A.M.
“Comcast uses a DevSecOps approach which focuses on automation, speed and team ownership of end-to-end product security lifecycle,” according to the description. “It’s agile and developer-focused. It’s about building security in rather than bolting it on.”
- Presenter: Noopur Davis, SVP, Chief Product and Information Security Officer, Comcast
- When: Tuesday, March 5, 2019, from 1:00 P.M. – 1:50 P.M.
Leaders from the great states of Colorado, Indiana and North Carolina will gather for a session that describes, “the innovative policies they are adopting to defend state systems from compromise, partner with private companies, and groom the next generation of cybersecurity leaders.”
- Maggie Brunner, Program Director, Cybersecurity, Emergency Communications & Technology, National Governors Association (Moderator)
- Deborah Blyth, CISO, State of Colorado
- Chetrice Mosley, Cybersecurity Program Director, Indiana Department of Homeland Security Office of Technology
- Maria Thompson, State Chief Information Risk Officer, North Carolina Department of Information Technology
- When: Tuesday, March 5, 2019, from 2:20 P.M. – 3:10 P.M.
The NSA will demonstrate GHIDRA – a “software reverse engineering framework” – for the first time at RSA. The description notes, “the GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.”
- Presenter: Robert Joyce, Senior Advisor, National Security Agency
- When: Tuesday, March 5, 2019, from 3:40 P.M. – 4:30 P.M.
Sessions on Wednesday
Verizon puts out several reports including one that focuses in on data breaches in an effort to determine “data-breach impact.” This session indicates it will share “finding from 4,000+ incidents studied.” The description puts forward the idea of “impact modifiers” which “increase the intensity of the breach, changing a relatively minor breach into a terminal event.”
- Presenter: Suzanne Widup, Senior Analyst, Verizon Enterprise Solutions
- When: Wednesday, March 6, 2019, from 8:00 A.M. – 08:50 A.M.
“Enterprises need a way of deriving meaningful threat intelligence from malicious software they discover during incident response.” This session seems to get after an important question: “What tools and techniques are most useful for examining malware in a modern enterprise?”
- Presenter: Lenny Zeltserm, Instructor, VP of Products, SANS Institute
- When: Wednesday, March 6, 2019, from 9:20 A.M. – 10:10 A.M.
This session will cover down on the value threat hunting “brings to security operations, followed by best practices, and finalizing with lessons learned and challenges experienced.”
- Presenter: Roger O’Farril, Information Security Manager, Federal Reserve Bank
- When: Wednesday, March 6, 2019, from 10:40 A.M. – 11:30 A.M.
“Network firewalls are becoming irrelevant, and we can no longer assume that perimeter networks can be trusted,” reads the description. “With the adoption of bring your own device and bring your own cloud, we must evolve our defenses to devices and identities.”
- Presenter: Matt Soseman, Security Architect, Microsoft
- When: Wednesday, March 6, 2019, from 1:30 P.M. – 2:20 P.M.
This session aims to help security pros better understand newer protocols. “Internet of Things devices, along with BYOD, industrial IoT, control systems and embedded systems, are prevalent in the enterprise today,” the description reads. “The protocols they use are poorly understood by IT security and support teams.” The session promises show how some organizations are securing these newer devices that are connecting to enterprise networks.
- Presenter: John Johnson CTO & Professor, RIG & Excelsior College
- When: Wednesday, March 6, 2019, from 04:10 P.M. – 05:00 P.M.
Sessions on Thursday
Large and complex IT infrastructure makes threat hunting seem daunting. “This session will show how to hunt for threats in a way that transcends attack specifics, using the numbers to your advantage to uncover unique and unusual machine behaviors. This practical method that can be leveraged in almost any environment and can be applied to network and endpoint data.”
- Presenter: Vernon Habersetzer, Sr. Enterprise Technical Expert, Walmart Speaker
- When: Thursday, March 7, 2019, from 8:00 A.M. – 8:50 A.M.
According to the session description: “Diversity and inclusion initiatives are positively impacting security organizations, in terms of better security postures, productivity, retention, growth and sustainability, but there’s still a lot of work to do. Learn through the experience of these CISOs who will provide practical advice and tangible guidance around their drive to change cultures within as well as outside of their organizations.”
- When: Thursday, March 7, 2019, from 9:20 A.M. – 10:10 A.M.
This session promises to show you how to prioritize security fixes. The description notes, “Software companies can have hundreds of software products in-market at any one time, all requiring support and security fixes with tight release timelines or no releases planned at all.”
- Presenter: Christine Gadsby, Head of Product Security Operations, BlackBerry
- When: Thursday, March 7, 2019, from 09:20 A.M. – 10:10 A.M.
Who said it can’t be all fun and games? The SANS NetWars is a “hands-on information security challenge.” It is “designed for novices to advanced professionals, compete with your peers and enhance your skills as an infosec professional in this multilevel game play.”
- Presenter: Chris Elgee, Builder & Breaker, Counter Hack Challenges
When: Thursday, March 7, 2019, from 11:40 A.M. – 01:40 P.M.
This session is pitched as a “fireside chat.” It will show attendees “how to establish strong two-way communication between the CISO and the board, how to build trust and why this conversation should not be one-way.”
- When: Thursday, March 7, 2019, from 1:30 P.M. – 2:20 P.M.
This panel promises to “help increase understanding of how DHS, NSA and NIST are using threat data to help agencies protect information and detect and respond quickly to adversarial actions.” Specifically, the session will cover “how DHS CISA fuses threat intelligence with agency vulnerability data to improve” information sharing.
- Jeanette Manfra, Assistant Secretary, Office of Cybersecurity and Communications (CS&C), Department of Homeland Security (moderator)
- Marianne Bailey, Deputy National Manager (DNM) for National Security Systems (NSS) and Senior Cybersecurity Executive, National Security Agency
- Kevin Cox, Program Manager, Cybersecurity and Infrastructure Security Agency
- Matthew Scholl, Chief, Computer Security Division, NIST
- When: Thursday, March 7, 2019, 2:50 P.M. – 3:40 P.M.
Sessions on Friday
Senior business leaders including executives and board members are all looking for ways to understand organizational security risk. This session says it will show you “steps to creating meaningful key performance indicators that can be communicated to leadership to facilitate helping the organization to meet their goals.”
- Presenter: James Tarala, Principal Consultant, Enclave Security, LLC
- When: Friday, March 8, 2019, from 9:50 A.M. – 10:40 A.M.
* * *
If you make it out there, please do be sure to stop by booth #4139 in the North Expo to see us – and safe travels!
If you enjoyed this post, you might also like:
96+ Articles, Blogs and Links that Summarize the Black Hat Conference 2018