Phone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

RSA Conference 2018: A secure internet starts with YOU, and it’s everyone’s responsibility

Written by Joseph Carson

April 24th, 2018

It was another quiet morning, though this might have been because it was around 5am in the morning and I was still struggling to adjust to the time zone change from Tallinn, Estonia to San Francisco—a measly 10 hours.  I knew the days that lay ahead would be interesting but fun.  Yes, it is that time of the year again: RSA Conference 2018 was just about to begin and it was going to be a very busy week!

San Francisco Early Morning RSA Conference 2018

San Francisco early morning – captured by Joseph Carson

Getting the MOST VALUE OUT OF RSA Conference 2018

One valuable lesson I have learned from attending the RSA Conference over the years is that I must not turn up to RSA without a plan.  RSA is so big that even if you’re an experienced and seasoned cyber security professional it can still be very overwhelming.  This was the 27th year of RSA so it was going to be bigger than ever before, and with cyber-attacks at the top of everyone’s list of concerns—governments and organizations included—all eyes were focused on what cyber security solutions would be trending at RSA this year.

The RSA Conference Press Release quoted:

“More than 42,000 attendees experienced keynote presentations, peer-to-peer sessions, track sessions, tutorials, expo floors and seminars during the course of the week focused on topics such as artificial intelligence, data privacy, gamification, the history of technology and innovation, among others. Records were set with the number of exhibitors in attendance along with overall number of sessions.”

This included 17 keynote presentations, more than 700 speakers across 550+ sessions and over 600 companies on the expo floors.

RSA 2018 reserving seats at sessions and events

Always take advantage of the opportunity to reserve your seat for sessions

Most people will turn up to RSA and wander from session to session picking from what seems interesting at the moment.  But for the CISO or experienced cyber security professional it is important to get the most out of RSA Conference.  That means doing your homework and planning your schedule well in advance.  It means going through the speakers, agendas, topics and expo hall vendors and determining which of those are aligned to your cyber security strategy and priorities in the coming year or two.

Once you’ve identified speakers of interest and sessions that fit your cyber strategy, and determined if any vendors you are currently evaluating are exhibiting in the expo hall, then it’s time to make your plan.  Take time to meet the speakers and try get 1-on-1 meetings with them so they can answer specific questions for you.  During the sessions meet with peers who have similar challenges, and network with them.  I honestly find this to be one of the most valuable experiences I take away from RSA—even if it is just sharing my own experience and knowledge with others.  Finally, meet with your existing vendors or future vendors in the exhibitor hall to determine what is new and learn about new and upcoming technologies.

RSA Conference is not for every CISO, and you MUST do your homework so you arrive at RSA with a concrete plan.

Thycotic helps keep you focused

Thycotic's alcoholic lollipops

Thycotic helped keep everyone focused in the Expo Hall FOG!

Of course, Thycotic was there to help you make it through those tough, long days, keeping you energized and focused with generous helpings of our Alcoholic Lollipops, with great flavors available for most attendees.  The ones that kept me going were surely the Bourbon and the Irish Coffee.  Yes, it was empty when it was time to pack up at the end of the week, though I’m not sure if everyone took just one or a bag full of them. But these were certainly an ice breaker for attendees.


When attending RSAC you will be bombarded with much marketing and big hype words like AI, MACHINE LEARNING AND BLOCKCHAIN.  Avoid getting sucked into it. Sure it’s important to clearly understand the technologies and what value they provide, but the hype is just a way to get your attention, as of course, all these technologies are going to save the world, right? AI will stop all cyber-attacks, and MACHINE LEARNING will allow you to take vacation and automatically learn about your organization, and BLOCKCHAIN…well that it just icing on the cake that solves everything!

Sometimes you really have to see through the message, and I usually play an Expo Hall Bingo game to determine if what I’m seeing is a technology looking for a problem or a real solution that solves an existing problem.  It is important to not get stuck in the FOG and to know exactly which problems you are looking to solve.  I find stopping by the Thycotic booth and picking up one of those alcoholic lollipops helps you see through the Expo Hall FOG.


Yes, this was kind of expected given that EU GDPR is now only a few weeks away from coming into enforcement on May 25th. A full-day topic was set aside to discuss EU GDPR and included many very interesting discussions throughout the day.  It is always good to catch up with Ilias Chantzos, Senior Director EMEA & APJ Global CIP and Privacy Advisor Government Affairs, Symantec who has been involved in EU GDPR for many years, as well as learn about the impact of EU GDPR from Juhan Lepassaar, Head of VP Ansip Cabinet, European Commission.

Juhan Lepassaar at RSA 2018

Juhan Lepassaar, Head of VP Ansip Cabinet, European Commission

The one session that was probably the most interesting was the panel discussion that attempted to get to the core of what EU GDPR was about, though for me it kind of missed the value but it did lead to a very passionate and interesting discussion.  It got me gritting my teeth at times because you need to realize we live in a world where data flows beyond country borders, and we have to ensure that we protect the vital data that is the DNA of our countries and laws.

Here is a simple metaphor I have used for this: it is as if the EU has used the same definition as International Maritime Law and placed a flag on EU Citizens personal data so that no matter where it flows in cyberspace the flag of the vessel is where the law is bound to.  Unfortunately, many companies will always look for ways around regulations. We have seen this for many years whether it is to avoid taxes, reduce benefits or rights for employees and costs of operations, or to avoid accountability.  Regulations are typically needed to bring balance between profit and doing what is right.  So it is always about finding the balance.

The following session surely was a talking point during lunch, and probably the entire day:

10:15 AM – 11:05 AM: Will the GDPR and related rules prove a competitive differentiator for Europe? | Udo Helmbrecht, Executive Director, European Union Agency for Network and Information Security (ENISA); Jane Winn, Professor, University of Washington; Laura Koetzle, VP, Group Director, Forrester.

One thing that was brought up quite a few times during the sessions was Facebook CEO Mark Zuckerberg’s private notes from the grilling by Congress in Washington, DC which had been shared—ironically on social media—and the clear instruction he was given on EU GDPR which was “Don’t say we already do what GDPR requires.”  With only a few weeks away probably not the message they want to be sending to the European Commission.


Above: My interview with Bradley Barth, Senior Reporter SCMagazine

I have been to many conferences over the years and with so many interviews under my belt it’s always good to enjoy one and have some fun.  This time around I got to enjoy an interview with Bradley Barth, Senior Reporter on a San Francisco famous cable car.  I discussed my latest book Cybersecurity for Dummies which helps employees be better prepared against cyber-attacks, and also our latest research on the Global State of PAM Risk and Compliance.


The Life and Death of the DA - Protecting and Securing Admins

While attending a conference one thing I surely enjoy doing is sharing my knowledge and experience to help make the world a secure and safer place—kind of like a Cyber Super Hero—and my power is hacking, though not as a cyber-criminal because I use my powers for good.  This time I teamed up with Tyler Croak from FireEye and we took the stage in the South Expo hall where we shared our knowledge on protecting and securing privileged accounts and domain administrators.  We had great attendance and very positive feedback.  This was one of my recommended sessions for RSAC 2018 and if you attended I hope that you got value.


Above: The Price of Cyber Warfare – Brad Smith, President, Microsoft

As I had recommended prior to RSAC 2018, the session Brad Smith, President, Microsoft called “The Price of Cyber-Warfare” was one keynote not to miss, and as expected it was one of my favorites during RSA.  Brad is an awesome thought leader and he absolutely nailed this one.  The session highlighted and brought to reality that cyber-attacks do impact humans and not just machines.

The cyber industry has failed to show the real human impact when cyber-attacks happen, and this keynote definitely raised this to forefront.  It also showed that we need to come together and work together in collaboration with transparency so that cyber-criminals have no safe haven, and governments cannot turn a blind eye when cyber-criminals attack technology, as ultimately humans pay the price. And that, to me, is the definition of cyber war: when cyber-attacks have real impact on human society, going beyond just a computer and stopping a person from getting lifesaving surgery, for example.  Brad had also discussed the Tech Sector Accord which is about taking responsibility and sharing—this is a digital version of the Geneva convention and is set on four principles:

  1. Protect all of our users and customers everywhere
  2. We will oppose cyber-attacks on innocent citizens and enterprises from anywhere
  3. Empower users, customers and developers to strengthen cyber security protection
  4. We will partner with each other and with like-minded groups to enhance cyber security

MUST-WATCH PANEL – Emerging Threats & Cyber Defense

Emerging threats and cyber defense BrightTALK

Click the image to watch the discussion.

Emerging Threats & Cyber Defense was a CPE credit session in partnership with ITSPmagazine and (ISC)²—an in-depth look into the evolving cyber threat landscape with CISOs and top security experts. The panel examined the latest cyber-attack trends and provided recommendations for defending enterprises and SMBs.

Top cyber security experts took part in an interactive Q&A round-table discussion on the biggest threats targeting organizations in 2018:

– Lessons from recent cyber-attacks and breaches

– What keeps CISOs up at night

– Biggest cyber security challenges and how to overcome them

During RSAC and my busy schedule running from session to session, meeting to meeting, briefing analysts as well as many interviews, I got an opportunity to do a live stream with BrightTALK and ITSP with some awesome peers in the industry.  We have worked together on many panels in the past though it is very rare to get all of us in a room at the same time, but it did lead to a very interesting discussion on emerging threats and cyber defense best practices.  We actually got deep into conversation way before the clock started and it was a fun time.  This is sometimes what RSAC is all about: getting some really passionate experts in a room, giving them a few questions and letting them rant.  The panel discussion went on for around 1 hour and if you did not get to watch it you should.

“Sometimes the best value of RSAC is meeting like-minded people and the valuable connections made for future knowledge sharing.”

Emerging Threats & Cyber Defense Panel Discussion

The Awesome Panel from left to right: Courtesy of BrightTALK


Joseph Carson's Interview with Selena Templeton

Interview with Selena Templeton, Partner & Executive Editor @ITSPmagazine

Another exciting and fun interview was with Selena Templeton, Partner & Executive Editor @ITSPmagazine in which I again got to discuss Thycotic’s latest digital book called “Cybersecurity for Dummies” which is an important read if you want to empower your employees to help secure your company on the front line.

We also covered my 10 Ways to Protect Yourself from Cyber Security Threats.

International Cooperation on Cyber Security: Together We are Stronger

Above:  Andrus Ansip,Vice-President for Digital Single Market, European Commission

This is another session which I had recommended as a must-attend prior to RSAC 2018.  I did get to bump into Mr. Andrus Ansip early in the morning before his talk, and being from Estonia it was a honor to meet him again. I have seen him talk many times before but this one was surely an important topic.  International Cooperation on cyber security is so vital to the future of our civilization.  His session highlighted the orchestrated cyber-attack against Estonia in 2007 and some lessons learned; how cyber-attacks in the past have been used to achieve political goals; and how misinformation and deception are currently weapons used as a tool for political influence.  If you repeat false information frequently enough people will eventually start to believe it.

Mr. Andrus Ansip went on to talk about how cooperation is needed, a collective attribution is stronger together.  The EU and US Partnership needs to remain strong and a secure transatlantic cyber security strategy must be adhered to.

Trust is becoming the most important foundation on the internet today. Trust is easy to break and very difficult to rebuild.  The recent trust violated by Facebook and Cambridge Analytica is an example on when violating trust can be damaging for everyone and impact a company’s brand.

Investing in data privacy is investing in cyber security.  Today cybercrime goes beyond country borders and we have to defend and fight it together.  Constant vigilance and cooperation is vital, it is all about building a bright global digital future for everyone.


The Thycotic Team at RSA 2018

Team Thycotic thanks you for an awesome RSAC 2018

So as RSAC 2018 has ended and it is time to go back to saving the world and keeping you secure.  A big thank you from the Thycotic Team.  As you can see Thycotic is here to help you protect your privileged accounts and keep you out of the FOG.

FREE Cybersecurity for Dummies ebook

FREE Cybersecurity for Dummies ebook

Show your employees how to protect themselves and your organization


Like this post?

Get our top blog posts delivered to your inbox once a month.