Top 5 RSA Conference Resources of the Week

Threats change and evolve, but one thing that remains consistent for the RSA Conference community is access to the education you need in order to navigate the security challenges your organization is facing. This week, we’d like to highlight five more sessions that will likely be helpful to review given the current landscape. We asked the speakers, “If you delivered your presentation today, what would you do differently?” Here’s what they had to say:

1. 10 Things I Wish Every Developer Knew about Security

Chris Romeo, CEO of Security Journey, said, “We are seeing many people use this stay at home time to focus on enriching their knowledge of many topics, so my recommendation is for organizations to use a percentage of this enrichment time to concentrate on security culture change and security education. The “ten things” are foundational items that every developer needs to know in our modern age. Organizations need to engage with cloud-based learning experiences where everyone can access learning environments and use some of this time to make the applications and products they build more secure.”

2. Incident Response Analysis vs. Automation

Kristy Westphal, VP and CSIRT at Union Bank, said, “The only thing that has truly changed with my Incident Response team is our location and some of the types of events that we are seeing, but our level of response has stayed the same. We’ve been extraordinarily lucky in that we took the stay at home measures early enough to be able to keep a healthy team, so our staffing has stayed level throughout the current crisis. Many of our challenges are yet to come, so we really need to be thinking, ‘How do we maintain current levels of response should staff availability decrease quickly?’ ” Westphal facilitated this Birds of a Feather session at Conference. Though this wasn’t recorded, we’ve followed up on this talk with an RSA Conference podcast.

Sponsorships Available

Sponsorships Available

Sponsorships Available

3. It’s All about the States: Navigating the Privacy Thicket

“The crisis will delay enactment of new state and federal laws, as legislatures face constraints both in terms of competing and more pressing priorities and simple physical inability to meet,” said Behnam Dayanim, Partner and Global Chair of Privacy & Cybersecurity Practice at Paul Hastings LLP. “Nonetheless, laws on the books remain in effect and require ongoing efforts to comply. Indeed, the California Attorney General has specifically rejected requests that he delay the commencement of enforcement of the CCPA, scheduled for July. While I do expect some consideration from regulators to understandable difficulties caused by the crisis, the pandemic is definitively not a signal to set aside compliance efforts.”

4. Supply Chain Security in the Software Era

“Increases in supply chain efficiency often come at the cost of supply chain resilience,” said Beau Woods, Cyber Safety Advocate at I Am The Cavalry. “If I could give my RSAC talk again, I would frame this as the central problem, outline some ways to align efficiency and resilience within existing workflows and call on them to explore and publish others.”

5. When Cybercriminals with Good OpSec Attack

“This cybercrime ring often used the latest news as lures in their spam campaigns, just as we are seeing now with the malicious COVID-19 campaigns. This group was the largest spammer in the world for many countries before they were arrested. For example, within 24 hours of Fast and Furious star Paul Walker’s fatal car crash in Los Angeles, the group were sending spam with pictures of the crash as a lure, showing how quickly cybercriminals can incorporate recent news into their campaigns. Unfortunately, we will continue to see malicious COVID-themed campaigns in various forms continue,” said Liam O’Murchu, Director at Symantec.