+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

Joseph Carson’s Top 5 Sessions to Attend at RSA Conference 2019

February 26th, 2019


RSA Conference

RSA Conference 2019 will take place March 4th – 8th in San Francisco at the Moscone Center.  The theme this year is ‘Better’. Not exactly a warm, exciting theme for security professionals—it implies that we need to do better and work harder.

My mind always tells me to work smarter and stay focused.  But there’s no question that we do need to do better with cyber security.

Cyber-attacks are increasing in volume and are having a greater impact globally. We need to keep the digital world safe, and the RSA Conference enables cyber security professionals from all over the world to come together and collaborate, share ideas & experiences, and generate creative and innovative ways to make the world a safer place, both physically and digitally.

Never turn up at an RSA Conference without a plan

Over the years I have learned that I must not turn up at an RSA Conference without a plan. RSA is so big that even if you’re a seasoned cyber security professional, it can still be overwhelming.  This will be the 28th year of RSA and it’s going to be bigger than ever before. And with cyber-attacks at the top of everyone’s list of concerns—governments and organizations included—all eyes are focused on which cyber security solutions will be trending at RSA this year.

It is expected that more than 45,000 attendees will be at RSA to experience keynote presentations, peer-to-peer sessions, track sessions, tutorials, expo floors, and seminars. Topics will include artificial intelligence, identity, privileged access, blockchain, data privacy, gamification, the history of technology and innovation, and many others.

Most people usually turn up and wander from session to session picking from what seems interesting at the time.  But for the CISO or experienced cyber security professional it is important to get the most out of the RSA Conference.  That means doing your homework and planning your schedule well in advance.  Review the speakers, agendas, topics and expo hall vendors and determine which align with your cyber security strategy and priorities for the coming year or two.

While at RSA try to attend BSides San Francisco 2019 as well. This way you can really get the most out of your travels. It takes place March 2nd – 4th.

I will be attending RSA 2019, so if you’re interested in meeting up, reach out to me or stop by the Thycotic Booth, North Hall – N6259. 

By the way, you can win big with Thycotic this year. Stop by the Thycotic booth, get a demo, and spin our giant “Price is Right” wheel for your chance to win awesome prizes!

To get you started and save you from going through hundreds of sessions and speakers, I’ve done it for you.

These are my top 5 “not-to-miss” sessions for RSA Conference 2019:

The Trust Landscape

KEY-T01W

Tuesday, Mar 05 | 08:10 A.M. – 08:35 A.M.

Keynote
We stand at a remarkable inflection point in our digital evolution, facing an unprecedented assault on trust. In a hyper-connected world, where malicious or manipulative activity can be spread to millions in an instant, information itself is a battlefield with the power to erode trust in society’s most sacred institutions. How can we tackle such a consequential challenge? The notion of risk must be properly defined in this modern digital context. Adopting the right understanding of risk not only restores our faith in what matters most but is ultimately the catalyst for human progress.

Speaker: Rohit Ghai, President, RSA

Speaker: Niloofar Razi Howe, Cybersecurity Strategist, Entrepreneur


Building Identity for an Open Perimeter    

IDY-T06

Tuesday, Mar 05 | 11:00 A.M. – 11:50 A.M.

Identity | Security Strategy | Classroom
Netflix is a 100% cloud-first company. The traditional corporate network security perimeter no longer meets the company’s needs. This talk will cover the core building blocks comprising of identity, single sign-on using standards, multifactor authentication, adaptive authentication, device health and authorization Netflix has invested in, to make identity as the new security perimeter.

Learning Objectives:

1: Learn how self-service and simple integration choices can drive SSO enablement.

2: Understand how user-behavior analytics during authentication time drive MFA prompting decisions.

3: Understand how user-focused security achieves the security assurance level without compromising user experience.

Pre-Requisites:

SSO, identity, authentication, MFA.

Speaker: Tejas Dharamshi, Senior Security Software Engineer, Netflix, Inc.


Important Things You Need to Know about Storing Your Identity

IDY-W03

Wednesday, Mar 06 | 09:20 A.M. – 10:10 A.M.

Hackers & Threats | Identity | Classroom
What about places where credentials are stored? The technology weaknesses in credential security and specific misused actions will be demonstrated within the operating system. You will learn the unexpected places your passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions.

Learning Objectives:

1: Learn the technology weaknesses in credential security.

2: Learn the unexpected places your passwords reside, how the password attacks are performed.

3: Learn typical paths where credentials can be leaked and how to prevent those.

Pre-Requisites:

They should have a good hands-on experience in the IT department; at least eight years in the field is recommended.

Speaker: Paula Januszkiewicz, CEO, CQURE


ATT&CK in Practice: A Primer to Improve Your Cyber-Defense 

AIR-T07

Tuesday, Mar 05 | 01:00 P.M. – 01:50 P.M.

Analytics, Intelligence & Response | Classroom 

The MITRE ATT&CK framework has gained a lot of traction in the security community as a taxonomy and knowledge base to describe adversary behavior. However, the framework and its related tools have a much broader potential impact and scope. What’s missing is a good understanding of the practical operational use cases and the supporting tools. This session will fill that gap.

Learning Objectives:

1: Understand the essence of the ATT&CK framework and its operational relevance.

2: Identify ATT&CK use cases in prevention, detection/hunting and response.

3: Gain insight into the available tools and systems to convert ATT&CK into practice.

Speaker: Freddy Dezeure, CEO, Freddy Dezeure BVBA

Speaker: Richard Struse, Chief Strategist, Cyber Threat Intelligence, MITRE Corporation

And finally, don’t forget to attend my session about hacking into a Power Station which includes some very interesting and valuable lessons for all.


Don’t let the Lights Go Out: Inside the Mind of a Power Hacker (Thycotic)

BC-R1N

Thursday, Mar 07 | 10:30 A.M. – 11:00 A.M.

Technology Infrastructure & Operations | North & South Expo Briefing Centers
A power system hack allowing an attacker to turn off the power or harm systems is a scary thought but became a reality in Ukraine.  This session is a real-world hack into a power station explaining the planning, challenges, perimeter security, engines and SCADA controls.  Find out how attackers can exploit vulnerabilities using compromised passwords escalating into a full-blown network security breach


I hope this gets you started on your plan and schedule for RSA.  Reserve your seats to make sure you can get into your sessions. Safe travels, and look forward to an exciting and awesome RSA 2019.

JOIN OUR MAILING LIST

Get updates, free resources and in-depth how-to's

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.

Latest posts by Joseph Carson (see all)


Leave a Reply

*