RSA Conference starts in earnest tomorrow. As anyone’s who’s ever attended the security mega-conference knows, it can be daunting just to navigate the conference agenda, let-alone the conference itself.
The Lay of the Land
There are hundreds of talks spread across four days and basically as many venues (Moscone North, Moscone South, Moscone West, and, if I recall correctly, the basement of the San Francisco Marriott Marquis). At any given time between 8AM and 4:30PM (PT) on Tuesday or Wednesday, there could be thirty talks going on concurrently. In the mornings, there are keynotes, but, as nearly as I can tell, (pro-tip incoming) “keynote” is a completely arbitrary designation at the RSA Conference.
Even more chaotic than the talking tracks are the exposition floors of Moscone North and South, where thousands of often indistinguishable security companies are vying for your attention like hyenas fighting over a gazelle carcass. Just kidding… it’s not that bad, but there are a literal ton of companies on the expo floors exercising various degrees of aggressive product pitching.
The general consensus around the industry is that RSA Conference is a corporate networking and business development event masquerading as a security conference. And to be honest, there is some truth to that. It certainly lacks the technical prowess of Black Hat or DEFCON and the tactical chops of countless smaller conferences. However, it would be shortsighted to write off the RSA Conference talks entirely as fluff. There are plenty of smart speakers giving worthwhile talks. You just have to know how to find them. And since the conference agenda is about as straightforward as the Cretan Labyrinth, we’ve compiled a list of talks (in order of appearance) that might be of interest to our readers.
Editorial note: we preemptively disqualified any talks that mentioned blockchain, APT, machine learning, or artificial intelligence.
1. The Cryptographers’ Panel
When and Where? Tuesday, 9:20AM-10:05AM, Moscone West Street Level
It doesn’t really count as attending RSA Conference if you don’t attend the Cryptographer’s Panel. Join the guy who is the “R” in RSA—Ron Rivest, co-inventor of the RSA encryption algorithm—and a panel of cryptography experts as they talk about the future of encryption systems.
2. The FBI: At the Heart of Combating Cyberthreats
When and Where? Tuesday, 10:05AM-10:30AM, Moscone Street Level
Susan Hennessey is a senior Brookings Institute fellow and former NSA legal counsel. If you haven’t been reading her regular Lawfare column, then you’re probably going to want to remedy that oversight. She’s as knowledgeable about the intersection of cybersecurity and national security as basically anyone in the world, and she’s going to be examining how the FBI combats criminal and nation-state cyberthreats with FBI director Christopher Wray.
3. Lessons from Applying MITRE ATT&CK™ in the Wild
When and Where? Tuesday, 2:50PM-3:40PM, Moscone West 3005
MITRE Corp’s chief cyber threat intelligence strategist, Richard Struse, will lead a panel discussion on operationalizing ATT&CK. The panel is loaded with smart people, including Jessica Payne from Microsoft, Pfizer’s Rachel Schweizer, and David Westgard of Target. They will explain how organizations can use MITRE ATT&CK in internal security operations and in products and external offerings as well.
4. You Can’t Manage What You Can’t Measure: Are We Measuring the Right Stuff?
When and Where? Tuesday, 3:40PM-4:30PM, Moscone South Esplanade 154
Measuring proficiency and improvement is notoriously difficult in information security. This panel discussion strives to describe how security teams can move away from arbitrary measures of success, avoid dumping money into the wrong tools, navigate the maze of different frameworks, and accurately evaluate their security posture.
5. The Role of Security Technologists in Public Policy
When and Where? Wednesday, 09:20AM-10:10AM, Moscone South Esplanade
Bruce Schneier has been an information security industry spokesperson for as long as there’s been an information security industry. He’s also one of the industry’s most engaging speakers, and he quite literally wrote the book on cryptography. In this talk, he’ll advocate for the importance of public interest technologists in government policy making.
6. Debunking the Hacker Hype: The Reality of Widespread Blackouts
When and Where? Wednesday, 11:20AM-11:50PM, Marriott The Sandbox Stage
This talk admittedly makes this list for entirely selfish reasons. Selena Larson is a journalist-turned-threat intelligence analyst (like me!). She’s going to be discussing how we are not on the precipice of some hacker-driven, blackout apocalypse—despite sensational, gloom-and-doom headlines promising you exactly the opposite.
7. Threat Hunting at Scale
When and Where? Wednesday, 12:40PM-1:30PM, Moscone West 3022 Table Q
Friend of Red Canary and regular webinar contributor, Rick McElroy (head security strategist at Carbon Black) will discuss threat hunting faster, better, and at-scale. He plans to address common barriers to threat hunting, how teams can mature their threat hunting program, and more.
8. Effectiveness vs. Efficiency: 10 Capabilities of the Modern SOC
When and Where? Thursday, 9:20AM-10:10AM, Moscone South Esplanade 154
Oliver Friedrichs, the VP of security automation and orchestration at Splunk (formerly the CEO of SOAR vendor Phantom), will be the presenter. He’ll be discussing 10 security capabilities that all security operations centers (SOCs) must have if they want to optimize the efficiency and effectiveness of their internal workflows.
9. Operationalizing Threat Intelligence in Network Defense
When and Where? Thursday, 12:40PM-1:30PM, Moscone West 3018 Table T
I’m pretty sure I saw Joe Slowik, Dragos adversary hunter, give this exact talk (or at least something very similar to it) at the SANS CTI summit in January, and it was great. In that talk (synopsized here), Slowik talked about indicators and warning in principle and practice and how threat intel teams can better provide timely value. At RSA, he plans to discuss how SOCs can get value out of threat intelligence, and it should be a worthwhile 50-minutes for anyone that uses or produces threat intel.
10. In the Wake of an Attack: Thoughts from a Seasoned CISO
When and Where? Friday, 8:30AM-9:20AM, Moscone South Esplanade
Bob Lord was the director of information security at Twitter, the CISO at Yahoo, and is now the CSO of the Democratic National Committee. It doesn’t take a lot of reading-between-the-lines to see that he’s been on the forefront of some of the most prominent organizations and infamous security incidents over the last decade. If anyone understands what dealing with a cyberattack is like from the CISO’s perspective, it’s Bob Lord.
If You’re on the Expo Floor…
Of course, you’ll almost certainly meander down to the show floor at some point during your time at RSA. If you do, then definitely come say hello to the Red Canary Team at booth 2151 (or even schedule a meeting with us). We’ll be giving away t-shirts, running live demos, and, most importantly, talking security.