Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Joseph Carson’s Top 5 Sessions to Attend at RSA Conference 2019

Written by Joseph Carson

February 26th, 2019

RSA Conference 2019 will take place March 4th – 8th in San Francisco at the Moscone Center.  The theme this year is ‘Better’. Not exactly a warm, exciting theme for security professionals—it implies that we need to do better and work harder.

My mind always tells me to work smarter and stay focused.  But there’s no question that we do need to do better with cyber security.

Cyber-attacks are increasing in volume and are having a greater impact globally. We need to keep the digital world safe, and the RSA Conference enables cyber security professionals from all over the world to come together and collaborate, share ideas & experiences, and generate creative and innovative ways to make the world a safer place, both physically and digitally.

Never turn up at an RSA Conference without a plan

Over the years I have learned that I must not turn up at an RSA Conference without a plan. RSA is so big that even if you’re a seasoned cyber security professional, it can still be overwhelming.  This will be the 28th year of RSA and it’s going to be bigger than ever before. And with cyber-attacks at the top of everyone’s list of concerns—governments and organizations included—all eyes are focused on which cyber security solutions will be trending at RSA this year.

It is expected that more than 45,000 attendees will be at RSA to experience keynote presentations, peer-to-peer sessions, track sessions, tutorials, expo floors, and seminars. Topics will include artificial intelligence, identity, privileged access, blockchain, data privacy, gamification, the history of technology and innovation, and many others.

Most people usually turn up and wander from session to session picking from what seems interesting at the time.  But for the CISO or experienced cyber security professional it is important to get the most out of the RSA Conference.  That means doing your homework and planning your schedule well in advance.  Review the speakers, agendas, topics and expo hall vendors and determine which align with your cyber security strategy and priorities for the coming year or two.

While at RSA try to attend BSides San Francisco 2019 as well. This way you can really get the most out of your travels. It takes place March 2nd – 4th.

I will be attending RSA 2019, so if you’re interested in meeting up, reach out to me or stop by the Thycotic Booth, North Hall – N6259. 

By the way, you can win big with Thycotic this year. Stop by the Thycotic booth, get a demo, and spin our giant “Price is Right” wheel for your chance to win awesome prizes!

To get you started and save you from going through hundreds of sessions and speakers, I’ve done it for you.

These are my top 5 “not-to-miss” sessions for RSA Conference 2019:

The Trust Landscape


Tuesday, Mar 05 | 08:10 A.M. – 08:35 A.M.

We stand at a remarkable inflection point in our digital evolution, facing an unprecedented assault on trust. In a hyper-connected world, where malicious or manipulative activity can be spread to millions in an instant, information itself is a battlefield with the power to erode trust in society’s most sacred institutions. How can we tackle such a consequential challenge? The notion of risk must be properly defined in this modern digital context. Adopting the right understanding of risk not only restores our faith in what matters most but is ultimately the catalyst for human progress.

Speaker: Rohit Ghai, President, RSA

Speaker: Niloofar Razi Howe, Cybersecurity Strategist, Entrepreneur

Building Identity for an Open Perimeter    


Tuesday, Mar 05 | 11:00 A.M. – 11:50 A.M.

Identity | Security Strategy | Classroom
Netflix is a 100% cloud-first company. The traditional corporate network security perimeter no longer meets the company’s needs. This talk will cover the core building blocks comprising of identity, single sign-on using standards, multifactor authentication, adaptive authentication, device health and authorization Netflix has invested in, to make identity as the new security perimeter.

Learning Objectives:

1: Learn how self-service and simple integration choices can drive SSO enablement.

2: Understand how user-behavior analytics during authentication time drive MFA prompting decisions.

3: Understand how user-focused security achieves the security assurance level without compromising user experience.


SSO, identity, authentication, MFA.

Speaker: Tejas Dharamshi, Senior Security Software Engineer, Netflix, Inc.

Important Things You Need to Know about Storing Your Identity


Wednesday, Mar 06 | 09:20 A.M. – 10:10 A.M.

Hackers & Threats | Identity | Classroom
What about places where credentials are stored? The technology weaknesses in credential security and specific misused actions will be demonstrated within the operating system. You will learn the unexpected places your passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions.

Learning Objectives:

1: Learn the technology weaknesses in credential security.

2: Learn the unexpected places your passwords reside, how the password attacks are performed.

3: Learn typical paths where credentials can be leaked and how to prevent those.


They should have a good hands-on experience in the IT department; at least eight years in the field is recommended.

Speaker: Paula Januszkiewicz, CEO, CQURE

ATT&CK in Practice: A Primer to Improve Your Cyber-Defense 


Tuesday, Mar 05 | 01:00 P.M. – 01:50 P.M.

Analytics, Intelligence & Response | Classroom 

The MITRE ATT&CK framework has gained a lot of traction in the security community as a taxonomy and knowledge base to describe adversary behavior. However, the framework and its related tools have a much broader potential impact and scope. What’s missing is a good understanding of the practical operational use cases and the supporting tools. This session will fill that gap.

Learning Objectives:

1: Understand the essence of the ATT&CK framework and its operational relevance.

2: Identify ATT&CK use cases in prevention, detection/hunting and response.

3: Gain insight into the available tools and systems to convert ATT&CK into practice.

Speaker: Freddy Dezeure, CEO, Freddy Dezeure BVBA

Speaker: Richard Struse, Chief Strategist, Cyber Threat Intelligence, MITRE Corporation

And finally, don’t forget to attend my session about hacking into a Power Station which includes some very interesting and valuable lessons for all.

Don’t let the Lights Go Out: Inside the Mind of a Power Hacker (Thycotic)


Thursday, Mar 07 | 10:30 A.M. – 11:00 A.M.

Technology Infrastructure & Operations | North & South Expo Briefing Centers
A power system hack allowing an attacker to turn off the power or harm systems is a scary thought but became a reality in Ukraine.  This session is a real-world hack into a power station explaining the planning, challenges, perimeter security, engines and SCADA controls.  Find out how attackers can exploit vulnerabilities using compromised passwords escalating into a full-blown network security breach

I hope this gets you started on your plan and schedule for RSA.  Reserve your seats to make sure you can get into your sessions. Safe travels, and look forward to an exciting and awesome RSA 2019.


Like this post?

Get our top blog posts delivered to your inbox once a month.