Departing Personnel: Discussion Framework

Presented at RSA Conference USA 2016

The RSA USA Conference for 2016, set in San Francisco, is only a week away. At the conference I will be facilitating a Peer-to-Peer session, scheduled for Thursday, March 3, 2016, starting at 2:10 pm, in Moscone West Room 2021, and titled:

Saying Goodbye: Managing Security for Departing Personnel  (Session ID P2P3-R08)

This blog post, and others this week, will address this topic in more detail, to provide a preview of some of those issues I hope the group will consider and discuss.

Personnel departures are a daily occurrence for large organizations, and are also not uncommon on a regular basis for small and medium-sized organizations. I use the term “organization” to mean both companies and other types of organizations, such as government and NGO’s, Non-Governmental Organizations. These NGO’s can be both for-profit and non-profit. In short, all organizations face personnel departures.

Most often we think of those leaving as former employees, but departures of other categories of people can be even more common: contractors hired by the business; interns gaining experience; guest workers who arrived from another company or division; and even visitors who come for a day or a week or longer, who are meeting, inspecting or just visiting.

There are two distinct types of departures: individuals who leave and groups who leave.

Individuals can depart under various circumstances, voluntary resignations; terminations (often involuntary); contractors leaving at the end of their contract; interns leaving at the end of their internships; visitors leaving at the end of their visits.

Group departures include organizational re-organizations; spin-offs of portions of the organization to other organizations; outsourcing of organizational functions; group contractors; and outright sales of the organization or portions of it. Group departures often involve many of the types of individual departures.

Constructing a framework for understanding, planning and management for these various types of personnel departures requires first the gathering of a team of stakeholders all consistently involved with departures. Typical members on this team include representatives from Human Resources, Legal, IT (and IT Security), Payroll, Facilities, and Physical Security.

Next, representatives of this group complete a detailed review of existing policies and processes, sometimes called “off-boarding”, used to conduct these departures. The framework must accommodate differences for the different types of individual and group departures. Policy and process re-design or re-engineering follows. Most organizations use some existing policy and process design methodologies. Supported by policy, a good set of processes links HR, IT and the other stakeholders to ensure personnel access ton information system, networks, application and physical locations is disabled.

Like other organizational processes, departure processes, anchored by policies, require orientation, training, exercise, controls, controls monitoring, good communications, and incident response. They also require regular, scheduled review and update.

In my next blog post I will discuss specific issues to consider for personnel departures.

RSAC USA 2016: My Agenda Day 4 Thursday

The RSA Conference USA for 2016 starts a week from today. This blog post will share with you my schedule for Thursday, my fourth day of the conference. As I did in my last posting, Wednesday’s schedule, my schedule for Thursday is followed by some alternate sessions that are my fall-back choices, all very interesting.

Thursday, March 3, 2016

08:00 a – 08:50 a – Thursday Track Session 1 | West 3008 | HUM-R02
Preventing Cyber-Exposure: You Say Criminal, I Say Intractable
David Porter, Special Advisor, Digital Shadows

Try preventing cyber-exposure and you risk focusing on the wrong areas. Most incidents arise by accident rather than criminality. We must unpick intractable socio-technical systems where incidents spring from nowhere. Understand why things normally succeed, not why they sometimes go wrong. That way we can contain cyber-exposure, identify critical functions and understand what risk really means.

09:10 a – 10:00 a – Thursday Track Session 2 | West 2007 | IDY-R03
Deconstructing Identity in Security [Panel]

Identity experts from Google, Microsoft and Ping Identity will tackle tough questions and offer unique points of view on the role identity plays in security. They will deconstruct what identity means to security by sharing how they are building identity into the most popular cloud services in the world and by showing what can be done to strengthen identity in a borderless world.
Moderator: Ariel Tseitlin, Partner, Scale Venture Partners
Panelists: Andre Durand, CEO, Ping Identity; Eric Sachs, Product Management Director, Identity, Google; Kim Cameron, Chief Identity Architect, Distinguished Engineer, Microsoft

10:20 a – 11:10 a – Thursday Track Session 3 | West 3003 | EXP-R04
Hacking Exposed: The Mac Attack
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrike; George Kurtz, CEO, CrowdStrike

Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.

11:30 a – 12:20 p – Thursday Track Session 4 | West 3008 | HUM-R05
Securing the “Weakest Link”
Adam Shostack, CEO and Founder, Stealth Startup

Security professionals often call people “the weakest link.” We claim that they’ll always make mistakes, however hard we try, and throw up our hands. But the simple truth is that we can help people do well at a wide variety of security tasks, and it’s easy to get started. Building on work in usable security and threat modeling, this session will give you actionable, proven ways to secure people.

01:00 p – 01:50 p | South The Viewing Point at Gateway | FRM-R07
Safeguarding the Digital Frontier: Balancing “Security” and “Security”
Michael McCaul, Member of Congress, Chairman, House Committee on Homeland Security, US House of Representatives

Every day, our enemies are trying to wage war against the U.S., but those attacks are no longer confined to the physical battlefield in faraway lands and terrorists are no longer plotting using caves and couriers. How can we promote effective information sharing and ensure that the digital technologies that protect our nation and civil liberties are not exploited by those who seek to do us harm?

02:10 p – 03:00 p | West 2021 | P2P3-R08
P2P: Saying Goodbye: Managing Security for Departing Personnel
Kenneth Morrison, Principal, Morrison Consulting

Personnel departures are a daily occurrence, with resignations, layoffs, terminations, outsourcing, reorganizations and spin-offs. How do you plan for these? Have you removed all access? Who should manage the data left behind? What are the risks and the best frameworks for addressing this risk? In this session participants will discuss best practices for managing the off-boarding process effectively.

03:40 p – 04:00 p | South Live at Esplanade Ballroom | KEY-R13
Keynote: Not Lost in Translation: Building an Architecture to Reshape
Pat Gelsinger – CEO, VMware

Across the industry, there is pent-up demand for an architecture that can serve as a “Rosetta Stone” or translation layer between apps and data above and the IT infrastructure below. VMware CEO Pat Gelsinger will share a perspective on the opportunity to fundamentally rethink and reshape cybersecurity as we know it—at a time when enterprises and governments alike are aggressively seeking a new approach and a more effective path forward.

04:00 p – 04:40 p | South Live at Esplanade Ballroom | KEY-R14
Keynote: CSI: Cyber Panel: Security Dramas Arrive on the Small Screen [Panel]

The remarkable success of television’s CSI franchise continues with “CSI Cyber”, in which an elite team of FBI Special Agents is tasked with tackling cybercrime across North America. RSAC Curator Sandra Toms will interview “CSI: Cyber” show creator Anthony E. Zuiker, plus two cast members Charley Koontz (Daniel Krumitz) and Shad Moss (Brody Nelson). The panel will discuss how they develop the show’s plot, how they respond to any industry criticism and what they hope to convey to the average viewer who may not be familiar with the nuts and bolts of infosecurity. Don’t miss what will be a fun intersection of security and show business.
Moderator: Sandra Toms, Vice President and Curator, RSA Conference
Panelists: Anthony E. Zuiker, Creator/Executive Producer of the CSI Franchise, Technology Visionary; Charley Koontz, Actor, CSI: Cyber; Shad Moss, Actor, CSI: Cyber


08:00 a – 08:50 a – Thursday Track Session 1 | West 2007 | IDY-R02
Do Something Smart with All the Smart Things
Andrés Molina-Markham, Dartmouth College; Kevin Bowers, Manager, RSA Labs

Devices are increasingly becoming “smart”—connected and interconnected—but the extent of that intelligence is limited. Using a reinforcement learning approach, this presentation will show how the available information and computation in such devices can be coopted to provide both an increase in security and in usability, adjusting over time to find the optimal balance for each and every user.

08:00 a – 08:50 a – Thursday Track Session 1 | West 3006 | ASD-R02
Understanding HTTP/2
Nathan LaFollette, Trustwave SpiderLabs

A new HTTP protocol standard is here. This session will review the HTTP/2 protocol in depth—the good, the bad and the ugly. HTTP/2 will affect how we test for vulnerabilities and scale our applications.

09:10 a – 10:00 a – Thursday Track Session 2 | West 2004 | CXO-R03F
Managing Complex M&A Security Risks — A Detailed Case Study
Ahmad Mahdi, Director of Information Security & Risk Management, Microsoft

The focus of this talk will be walking through the step-by-step approach one information security organization took to secure a massive acquisition with a global footprint. This acquisition included thousands of new employees and a myriad of technical, geopolitical and financial considerations.

09:10 a – 10:00 a – Thursday Track Session 2 | West 2018 | LAW-R03
Not So Fast… Myths and Misunderstanding Surrounding Reactive Strikes
Gerry Stegmaier, Partner, Goodwin Procter; Shawn Henry, President, CrowdStrike

Is the best defense a good offense in cybersecurity, or is it a digital slippery slope? There are a lot of misconceptions circulating about “hacking back” to gather information about your attackers. Before you venture down that path, hear this presentation as the speakers unravel the truth from the hype and highlight the real implications of active defense.

10:20 a – 11:10 a – Thursday Track Session 3 | West 2009 | MASH-R04
Dissecting Bitcoin Security
Cassio Goldschmidt, Principal Information Security Leader, Cassio Goldschmidt

Bitcoin introduced a new form of organization and consensus. Activities that previously required central authorities can now be decentralized. This has profound implications for security. This presentation will review and dissect some of Bitcoin’s core components and their security controls. The speaker will analyze each control and how they could be used in other domains.

10:20 a – 11:10 a – Thursday Track Session 3 | South The Sandbox-ICS Stage | SBX1-R04
Sandbox: ICS Sec for n00bz: an Intro to ICS Defense by Defending the Death Star
Kara Turner, Critical Infrastructure Cybersecurity Threat Analyst, ISIGHT Partners

In a humorous and nerdy take on ICS security, Kara Turner will share basic ways to defend the Galactic Empire from Rebel attacks on the Death Star. Learn best practices and policies to address these issues and more in a memorable way that easily translates to your own ICS environment. Rebel scum are attacking the Death Star through the ICS networks—the Empire needs you!

10:20 a – 11:10 a – Thursday Track Session 3 | West 3014 | TV-R04
RSAC Studio: Privacy Perspectives: How It’s Lost and the Implications
Florindo Gallicchio, Director, Information Security, Office of the CISO, Optiv; Kelley Misata, Ph.D. Candidate, Purdue University

Privacy and security are not fixed points, but rather moving points we must continually assess and reframe.
10:20 AM: Gone in 15 Minutes: Losing Your Privacy While Standing in a Crowd; Florindo Gallicchio;
10:50 AM: Get Out of Your Comfort Zone: Redefining Privacy and Security; Kelley Misata

11:30 a – 12:20 p – Thursday Track Session 4 | West 2004 | CXO-R05
Data Breach Litigation: How to Avoid It and Be Better Prepared for Defense
Andrea Hoy, Virtual CISO, A. Hoy & Associates; Rondal Raether, Partner, Troutman Sanders LLC

With the law evolving, it is important for companies to understand what circumstances give rise to and sustain a lawsuit. Learn why some of these lawsuits die on the vine and others settle with very few making it to witness testimony or e-document production and what can be done before and after the event to shrink the target on your company and improve your chances of success in any lawsuit.

11:30 a – 12:20 p – Thursday Track Session 4 | South The Sandbox-IoT Stage | SBX1-R05
Sandbox: Tactical Survival Tips Building and Leveraging IoT Technologies
Brian Witten, Senior Director, Internet of Things, Symantec

In 16 months, cars were “hacked, tracked and stolen,” MRI and X-Ray machines infected, power grids crashed, and a steel mill blast furnace damaged, all via security mistakes building and leveraging IoT gear. This session offers advice on using IoT gear as safely as possible in these “buyer beware” years, and a framework to build security into IoT products that should be secure “by design.”

01:00 p – 01:50 p | West 3014 | TV-R07
RSAC Studio: Guiding Principles to Defending Organizations
Dawn Cappelli, Vice President, Information Risk Management, Rockwell Automation; Rick Howard, Chief Security Officer, Palo Alto Networks

Effective security principles come from an inside out understanding of the basic building blocks necessary for success.
1:00 PM: The Power of a Network Defender’s First Principles, Rick Howard
1:30 PM: Predictive Techniques to Catch Insider Threats Before they Become Criminals, Dawn Cappelli


RSAC USA 2016: My Agenda Day 3 Wednesday

The RSA Conference USA for 2016 starts a week from tomorrow. Today’s blog post will share with you my schedule for Wednesday, my third day of the conference. As I did in my last posting, Tuesday’s schedule, my schedule for Wednesday is followed by some alternate sessions that are my fall-back choices, all very interesting.

Wednesday, March 2, 2016

08:00 a – 08:50 a | Wednesday Track Session 1 | West 3002 | TECH-W02
Giving the Bubble Boy an Immune System so He Can Play OUtside
Kevin Mahaffey, Co-Founder, CTO, Lokout

Why are Google, Facebook and others removing “standard” elements, such as VPNs, Firewalls, and rigid ACLs from their IT architecture? This presentation will share lessons learned and pitfalls in moving to data-driven security from experience securing a fast-moving organization, building security products and investing in a number of security startups.

09:10 a – 10:00 a | Wednesday Track Session 2 | West 2007 | PRV-W03
Can Government Encryption Backdoors and Privacy Co-exist? Is It an Oxymoron? [Panel]

Three distinguished panelists, a privacy expert, a crypto expert and a former cybersecurity policy maker for the Office of the President, will engage in a lively debate on whether government encryption backdoors and privacy can co-exist or are they in such a fundamental conflict that one necessarily obliterates the other.
Moderator: Chenxi Wang, Chief Strategy Officer, Twistlock, Inc.
Panelists: Matthew Green, Assistant Professor, Johns Hopkins University, Michelle Dennedy, Chief Privacy Officer, Ciso

10:20 a – 11:10 a | Wednesday Track Session 3 | North 133 | SPO3-W04
More Books You Should Have Read By Now: The Cybersecurity Canon Project
Rick Howard, Chief Security Officer, Palo Alto Networks

Last year, the Palo Alto Networks CSO presented 20 books that we all should have read by now. Since then, he has formed the Cybersecurity Canon Committee to add more books to the list and to select candidate books to officially induct into the Canon. He will discuss how the community can help with the project and will present five new books that are on the candidate list.

11:30 a – 12:20 p | Wednesday Track Session 4 | West 3003 | EXP-W05
A Conversation on Silicon Valley/DC Security Collaboration [Panel]
Ashton B. Carter, Secretary of Defense, Department of Defense, USA; Ted Schlein, General Partner, Kleiner Perkins, Caufield & Byers

U.S. Secretary of Defense Ashton Carter will speak with Ted Schlein, regarding the importance of technology, innovation and cybersecurity, and the opportunities for the Department of Defense and Silicon Valley to join forces.

01:00 p – 01:50 p | West 2015 | P2P1-W07
P2P: Security of Public Cloud Services: It Takes a Village
Ben Rothke, Senior eRC Consultant, The Nettitude Group

Your cloud provider may have every attestation from PCI to SSAE-16, but that means nothing if your team doesn’t know cloud security and what they have to do. Cloud security is inherently a shared responsibility model. If you are not doing your part, you won’t have security. Even with the move to the cloud, there’s a huge of amount of security that still needs to be done.

02:00 p – 02:40 | South Live at Esplanade Ballroom | Key-W08
Keynote: Dave Isay on the History of StoryCorps and the Power of Storytelling
Dave Isay, Founder, StoryCorps

Dave Isay is one of the most trusted and respected broadcasters working today. The recipient of four Peabody Awards, a MacArthur Fellowship and the 2015 TED Prize, his lectures tap into the heart and soul of human experience by interweaving stories told by the people that lived them. He is an author, documentarian and founder of StoryCorps.

02:40 p – 03:10 p | South Live at Esplanade Ballroom | Key-W10
Keynote: Turning the Tables: Radical New Approaches to Security Analytics
Martin Fink – Executive Vice President, Chief Technology Officer, Hewlett Packard Enterprise

The battle between attackers and attacked has long been asymmetric. The answer lies in Big Data analytics. But as security operations mature, current analytics approaches will struggle to handle the exponentially growing volume of data with richer context, new machine sources and at machine speed. Martin Fink will talk about a radically new system and data protection architectures that could turn this asymmetry on its head.

03:10 p – 03:30 p | South Live at Esplanade Ballroom | KEY-W11
Keynote: Ascending the Path to Better Security
Martin Roesch – Vice President and Chief Architect, Cisco Security Business Group

Security professionals are grappling with how to protect their organization from a multitude of new and unforeseen threats. Gaining an advantage against attackers and improving security outcomes requires having a true sense of the value of the protection capabilities in place. Martin Roesch will discuss methods to measure the value of existing security approaches to ascend the pyramid of pain, enable business growth and deliver better security.

03:30 p – 04:00 p | South Live at Esplanade Ballroom | KEY-W14
Keynote: The (Inevitable?) Decline of the Digital Age…
Mark McLaughlin – Chairman, President and CEO, Palo Alto Networks

We live in the digital age, an age of immense productivity but at serious risk due to the increasing lack of trust driven by security concerns. This must and will be corrected. The future will show the decline of legacy, point-product security based on technologies that primarily focus on detection. Instead, we’ll see the rise of next-generation prevention-oriented security platforms. Old-line thinking that hurts trust will fall to the wayside.

04:00 p – 04:50 p | South Live at Esplanade Ballroom | KEY-W15
Keynote: The Great Questions of Tomorrow
David Rothkopf – Chief Executive Officer and Editor, FP Group

There is a universal view that the changes associated with the technological revolution have been profound and will accelerate. Rothkopf will argue that those changes have been underestimated. He will assert that the very fabric of civilization is being rewoven and that the result will force us to rethink basic concepts about who we are, how we govern ourselves, our fundamental rights and the nature of war, peace and money.


01:00 p – 01:50 p | South The Viewing Point at Gateway | FRM-W07
A Roundtable with Three Cyber-Wisemen [Panel]

Six years ago no country had a cyber-coordinator or even a cybersecurity strategy. That’s changed, and it may need to change again. All the old topics are still in play, but new problems are reshaping policy agendas. The job of cyber-coordinator is evolving in ways we can’t yet predict. Three cyber-coordinators will have a frank discussion about agendas and top priorities for the coming year.
Moderator: James Lewis, Director and Senior Fellow, Strategic Technologies Program, CSIS
Panelists: Alex Dewdney, Director, Cyber Security, CESG; Eviatar Matania, Head of the Israeli National Cyber Bureau, Israel National Cyber Bureau, Prime Minister’s Office; Michael Daniel, Special Assistant the to President and Cybersecurity Coordinator, The White House

08:00 a – 08:50 a | Wednesday Track Session 1 | West 2004 | CXO-W02
Real-World Examples of Positive Security ROI
John Pescatore, Director, SANS Institute

In every industry and across government agencies, there are those who suffered a major breach and those who avoided the same attacks or greatly minimized the damage. This session will detail six real-world examples of security organizations that avoided breaches by delivering and quantifying positive business return on investments in improving security. Real numbers will be used in all examples.

08:00 a – 08:50 a | Wednesday Track Session 1 | West 3008 | HUM-W02
Trends in Social Engineering: How to Detect and Quantify Persuasion
Markus Jakobsson, CTO, ZapFraud

Email scams are still very effective as they have evolved to avoid current security countermeasures by making its contents more individualized and credible to the recipient. We describe persuasion in 419 scams and Business Email Compromise (BEC) scams, and discuss how an improved understanding of persuasion can help lay the foundation for more effective anti-scam tools.

09:10 a – 10:00 a | Wednesday Track Session 2 | West 3006 | ASD-W03
Transforming Security: Containers, Virtualization and Softwarization
Dennis Moreau, Senior Engineering Architect, VMware

This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally improve security visibility, security analytics, system resilience and actionable context, greatly increasing our ability to attest that systems will be secure and compliant in any state into which they may be driven.

09:10 a – 10:00 a | Wednesday Track Session 2 | West 3008 | HUM-W03
Proactive Measures to Mitigate Insider Threat
Andrew Case, Director of Research, Volexity

The threat posed by rogue insiders affects every organization worldwide. The difficulties in balancing employees’ legitimate need to access corporate data along with the need to compartmentalize access are often in conflict. This presentation will walk through several real-world insider threat cases and discuss proactive measures that could have greatly mitigated the damage and losses.

09:10 a – 10:00 a | Wednesday Track Session 2 | West 3014 | TV-W03
RSAC Studio: The Dark Web and Cyberespionage: Fact, Fiction and Future
Vicente Diaz, Principal Security Researcher, Kaspersky Lab Global Research & Analysis Team, Kaspersky Lab; William Gragido, Head of Threat Intelligence Research, DS Labs, Digital Shadows

Attackers are lurking. What is the current and future state. and how can we prepare?
9:10 AM: In the Dark: An Introduction to the Hidden World of the Dark Web,  William Gragido
9:40 AM: A Futurist’s Look at Nation-State Cyberespionage, Vicente Diaz

10:20 a – 11:10 a | Wednesday Track Session 3 | West 2016 | PNG-W04
Government in the Crossfire: Data Privacy in an Era of Growing Cyberthreats [Panel]

Join ex-Microsoft CISO and former U.S. Cybersecurity Coordinator Howard Schmidt, EFF attorney Lee Tien and State of Wyoming CIO, Flint Waters, for a discussion about safeguarding citizen data in the cloud. They will tackle responsibilities of cloud providers and government, the latest threats and challenges, and how they are dealing with them.
Moderator: Paul Roberts, Editor in Chief, The Security Ledger
Panelists: Flint Waters, State Chief Information Officer, Director, State of Wyoming; Lee Tien, Senior Staff Attorney, Electronic Frontier Foundation

10:20 a – 11:10 a | Wednesday Track Session 3 | West 3002 | TECH-W04
Applying Top Secret and Military Network Grade Security in the Real World
Dan Amiga, Founder and CTO, Fireglass; Dor Knafo, Security Research Team Leader, FireGlass

The technologies around protecting top classified military grade networks goes far beyond traditional security practices like firewalls, proxies, IPS and advanced endpoint protection. This session will share and demo experiences building military grade solutions like real air-gapped and transparent networks, one-way communication, shadow services, visual only modes and how one can use them today.

10:20 a – 11:10 a | Wednesday Track Session 3 | West 3014 | TV-W04
RSAC Studio: Embracing and Extending Kids’ Curiosity to Inspire Future Professionals
Michael Kaiser, Executive Director, National Cyber Security Alliance; Pete Herzog, Managing Director, ISECOM

We expect kids today to use technology yet not know how it works. We need to teach them how to enjoy taking control of their gadgets and inspire future cybersecurity rock stars. 10:20: The Awesome Truth about Hackers; Pete Herzog; 10:50: Attracting a New Generation of Cybersecurity Professionals; Michael Kaiser

11:30 a – 12:20 p | Wednesday Track Session 4 | West 2016 | PNG-W05
How the USG’s Rule for Intrusion Software Will Kill Global Cybersecurity [Panel]

In seeking to prevent the sale of surveillance tools to oppressive regimes that use technology to commit human rights abuses, the Commerce Department announced a new proposal for implementing of the Wassenaar Arrangement export controls. Panelists discuss the proposed rule, the potential costs to U.S. industry and global cybersecurity if the rule is implemented, offering more sound alternatives.
Moderator: Catherine Lotrionte, Professor, Georgetown University
Panelists: Cheri McGuire, Vice President, Global Government Affairs & Cybersecurity Policy, Symantec Corporation; Chris Boyer, Assistant Vice President, Global Public Policy, AT&T Services, Inc.; Eric Wenger, Director for Cybersecurity & Privacy, Cisco Systems; Ian Schneller, Executive Director, Global Cyber Partnerships and Government Strategy, JPMorgan Chase

11:30 a – 12:20 p | Wednesday Track Session 4 | South The Viewing Point at Gateway | SBX3-W05
Sandbox: Cryptoparty: tuTORial — Learn How to Use TOR to Be Anonymous Online
Runa Sandvik, Privacy and Security Researcher

The avalanche of disclosures in recent years has made it clear that encryption is the way forward for those who wish to protect their data and their communications. This presentation will take a look at Tor and how the tool allows users to be anonymous online. This presentation will also discuss how you can build an enterprise onion site (like Facebook) and better support users of the Tor network.

11:30 a – 12:20 p | Wednesday Track Session 4 | West 2001 | HUM-T10R
300+ Cities, Millennials and a Mobile Workforce: A Security Gauntlet
Samantha Davison, Security Program Manager, Uber

The words that strike fear in most security practitioners: internationalization, millennial, mobile, fierce “at all costs” culture. This is what we were faced with at Uber. Using a combination of a gamified learning program, outside-the-box ideas, and department and culturally focused training, we were able to build a secure workforce. Learn how to take on these challenges and lessons learned.

02:10 p – 03:00 p | West 2004 | CXO-W05F
Focus-on: How to Prepare for Cybersecurity in 2020: A Panel Discussion (Focus-On) [Panel]

Continue the How to Prepare for Cybersecurity in 2020: A Panel Discussion in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented. This session is limited to 50 attendees. Adding a session to your Schedule does not guarantee you a seat. Admission to this session is on a first come, first served basis.
Moderators: Betsy Cooper, Executive Director, UC Berkeley Center for Long-Term Cybersecurity; Steve Weber, Professor, UC Berkeley School of Information
Panelists: Marc Goodman, Founder, Future Crimes Institute; Martin Giles, Partner, Former Writer, The Economist and Partner, Wing Venture Capital; Sameer Bhalotra, CEO, StackRox

02:10 p – 03:00 p | South The Sandbox-ICS Stage | SBX-W09
Sandbox: Industrial Cyberthreats: The Kaspersky Lab View
Andrey Nikishin, Special Projects Director, Kaspersky Lab

Since Stuxnet we have registered a growing number of cybersecurity incidents in the industrial environment. In this presentation we will share the data collected, analyze some examples of attacks on the industrial environment, provide some forecasts for the future development of industrial cyberthreats and discuss possible solutions for mitigating the risk of cyberincidents.

02:10 p – 03:00 p | West 2017 | P2P2-W09
P2P: Effective (or Ineffective…) Methods of Managing Third-Party Risk
Corey Epps, Senior Director, Information Security, CVS Health

Most organizations today rely on their third parties. Recent studies show 84% of healthcare companies share sensitive data with third parties. Given the rise of cybercrime, identity theft, regulations and contractual requirements where companies must comply, the management of third parties is paramount now more than ever. Come discuss what methods others use to manage risk in third parties.

03:20 p —4:10 p | West 2014 | FON1-W13
Focus-on: End Island Hopping Hackers’ Vacation in Your Information Supply Chain
Ed Cabrera, Vice President of Cybersecurity Strategy, Trend Micro; Tom Kellermann, Chief Cybersecurity Officer, Trend Micro

Forget spear phishing—hackers are now focused on weaknesses across the entire information supply chain of publicly traded multinationals, including cloud hosting providers, PR agencies and other sources of market intelligence. Join this session to explore the latest island-hopping tactics and learn advanced strategies for managing the systemic risk within the modern information supply chain. Continue this conversation in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented.

03:20 p – 04:10 p | South The Sandbox-IoT Stage | SBX1-W13
Sandbox: Hacking IoT: Why Security in IoT is Failing (and how to fix it!)
Ted Harrington, Executive Partner, Independent Security Evaluators

Utilizing case study analysis of attack anatomies, this session will explore the fundamental security shortcomings that plague the IoT industry and articulate how to resolve those problems. Data and outcomes from both IoT Village in particular as well as the broader research community are analyzed in order to present actionable guidance.

04:30 p – 05:20 p | West 2018 | FON3-W16
Focus-on: How Infosec Maturity Models Are Missing the Point
Jack Jones, EVP Research & Development, RiskLens

Infosec maturity models abound, and although they provide some value, they completely ignore fundamental elements that ultimately determine whether an infosec program is mature—or not. This session will explore what those missing elements are, why they are so critical, how to gauge maturity in those dimensions, and the steps you can take to help make your organization more mature. Continue this conversation in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented.


RSAC USA 2016: My Agenda Day 2 Tuesday

The RSA Conference USA for 2016 is less than two weeks away. Today’s blog will share with you my schedule for Tuesday, my second day of the conference, to indicate what interests me. Post-conference I may post notes from those sessions that I found notable.

Tuesday, March 1, 2016

08:10 a – 08:40 a | South Live at Esplanade Ballroom | KEY-T01
Keynote: The Sleeper Awakes
Amit Yoran – President, RSA

We are all in agreement that the industry is failing, but the path forward remains hotly debated. Do we keep doing what we’ve always done and just do more of it, or do we take a radical new approach across industry, practitioners and public policy? We can’t do both. Which side are you on?

08:50 a – 09:10 a | South Live at Esplanade Ballroom | KEY-T02
Keynote: Trust in the Cloud in Tumultuous Times
Brad Smith – President and Chief Legal Officer, Microsoft

We are living in extraordinary times. While the evolution of cloud computing has transformed the way we work, recent geopolitical events have precipitated debates on the roles that governments and industry should play in defending and securing society, and the appropriate balance between security, privacy and the freedom of expression. Brad Smith puts modern events into context and discusses a path forward.

09:20 a – 09:50 a | South Live at Esplanade Ballroom | KEY-T03
Keynote: Louder Than Words
Christopher Young – Senior VP and GM, Intel Security Group

Our challenges are considerable—billions of smart devices lack baseline protection; intensive customization limits the effectiveness of our threat defense; the talent shortage we face is real… and growing. How does the industry move forward? Do we invest in threat intelligence sharing across sectors? And what is the government’s role vs. the private sector’s? Chris Young maps out a new model for cybersecurity , and shares what’s already underway.

09:50 a – 10:40 a | South Live at Esplanade Ballroom | KEY-T04
Keynote: The Cryptographers’ Panel [Panel]

Join the founders and leaders of the field for an engaging discussion about the latest advances and revelations in cryptography, including research areas to watch in 2016 and insights drawn from lessons learned over the last three decades.
Moderator: Paul Kocher, President and Chief Scientist, Cryptography Research, Rambus
Panelists: Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science, Israel; Moxie Marlinspike, Founder, Open Whisper Systems; Ronald Rivest, MIT Institute Professor, MIT; Whitfield Diffie, Cryptographer & Security Expert, Cryptomathic.

10:40 a – 11:30 a | South Live at Esplanade Ballroom | KEY-T05
Keynote: Remarks by Admiral Michael S. Rogers, U.S. Navy, Commander, U.S. Cyber Command, Director, National Security Agency/Chief, Central Security Service.

12:00 p – 12:50 p | South The Viewing Point at Gateway | FRM-T07
The Evolving Landscape of Cybersecurity: Threats, Opportunities, and Partnerships in a Changing World
Loretta Lynch, Attorney General of the United States

Loretta E. Lynch, Attorney General of the United States will discuss The Evolving Landscape of Cybersecurity: Threats, Opportunities, and Partnerships in a Changing World.

01:10 p – 02:00 p | Tuesday Track Session 1 | West 2015 | P2P1-T09
P2P: Security Maturity Models: A Dime a Dozen or Priceless?
Pete Lindstrom, VP, Security Strategies, IDC

Security professionals are besieged with maturity models and control frameworks and regulatory requirements, all in the name of protecting the organization. But do strong security programs actually reduce risk? How can they be tested? What are the key elements of a program? Participants will discuss these topics in search  of tips and tactics for a successful program.

02:20 p – 03:10 p | Tuesday Track Session 2 | West 2004 | CXO-T10
My Life as Chief Security Officer at Google
Gerhard Eschelbeck, Vice President Security Engineering, Google

What’s it like heading up security for one of the world’s biggest tech companies and hacker targets? Google VP of Security Engineering Gerhard Eschelbeck will give a rare inside look at his daily job, how he protects the data of millions of people and companies, the big and little challenges Google faces with security and what keeps him up at night.

03:30 p – 04:20 p | Tuesday Track Session 3 |  West 2016 | PNG-T11
Encryption and Information Sovereignty: Destroying the Internet to Save It? [Panel]

This panel will investigate the inherent tensions between information security and national security, focusing specifically on encryption policy governmental needs to access secure information, and civil rights. By convening panelists with expertise in industry, government, law and academia, this panel aims to offer empirically grounded perspectives in order to move toward a workable solution.
Moderator: Shawn Powers, Assistant Professor, Georgia State University
Panelists: Julia Powles, Lawyer Researching Technology Law and Policy Cloud Cybercrime Centre, University of Cambridge; Paul Rosenzweig, Founder, Red Branch Consulting; Peter Neumann, Senior Principal Scientist, SRI International Computer Science Lab; Tom Corcoran, Head of Cyber Threat Intelligence, Zurich Insurance Group.


01:10 p – 02:00 p | South The Viewing Point at Gateway | EXP=T09R
The Seven Most Dangerous New Attack Techniques, and What’s Coming Next [Panel]

Which are the most dangerous new attack techniques for 2016/2017? How do they work? How an you stop them? What’s coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned to know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.
Moderator: Alan Paller, Research Director and Founder, SANS
Panelists: Ed Skoudis, Instructor, SANS; Johannes Ullrich, Dean of Research, SANS Technology Institute; Mike Assante, ICS Director, SANS.

01:10 p – 02:00 p | West 2018 | LAW-T09
Hot Topics in Technology Law [Panel]

A moderated panel discussion of legal topics by practicing technology lawyers. Topics shall include pending legislation and the role of state actors (governments) in regulating technology and innovation.
Moderator: Rita Helmes, Research Director, IAPP
Panelists: Jon Stanley, Counsel, Verrill Dana LLP; Michael Aisenberg, Senior Fellow, George Washington University Center for Cyber & Homeland Security; Richard Abbott, Director, RA Consulting.

02:20 p – 03:10 p |  South The Viewing Point at Gateway | SBX3-T10
Sandbox: Robot Cars, Risk and Ethics: Lessons for Artificial Intelligence [Panel]

Autonomous vehicles are now appearing on our roadways. This session will look at the new risks they pose—including ethics or value judgments that have no clear consensus—and how those risks could be managed, including what existing law might say about them. This also gives us insight into the challenges faced by broader industries that are developing artificial intelligence products.
Moderator: Kevin Kelly, Senior Maverick, Wired Magazine
Panelists: Jerry Kaplan, Visiting Lecturer, Computer Science, Stanford University; Patrick Lin, Director, Ethics + Emerging Sciences Group, California Polytechnic State University; Stephen Wu, Attorney, Silicon Valley Law Group.

03:30 p – 04:20 p |  West 3003 | EXP-T11
Security Investigative Journalists Speak Out — More Breaches, More Problems [Panel]

OPM, Ashley Madison, Hacking Team and more. From infosec inside baseball to the year’s biggest hacks, these gumshoes have seen it all. This panel session—back by popular demand and moderated by noted security researcher and OpenDSN CTO Dan Hubbard—will discuss the biggest, most important and most controversial cybersecurity stories of the past year.
Moderator: Dan Hubbard, Chief Technology Officer, OpenDNS
Panelists: Brian Krebs, Investigative Reporter, Krebs On Security; Joseph Menn, Technology Projects Reporter, Reuters; Kevin Poulsen, Contributing Editor, Wired.

03:30 p – 04:20 p | West 3006 | ASD-T11
Nothing Lasts Forever — Trust Has an Expiration Date
Matthew Bryant, Application Security Engineer II, Uber Technologies, Inc.

Sometimes trust comes with an expiration date: domains, CDNs, hosts and other digital resources are all ephemeral. With DNS, dynamic instances, web links, whitelists and other extensions of trust pointing to so many third parties—do you really know who is in control? This talk explores the security issues that arise when digital assets expire and presents novel attacks exploiting expired trust.


RSAC USA 2016: My Agenda Day 1 Monday

The RSA Conference USA for 2016 is less than two weeks away. Today’s blog will share with you my schedule for Monday, February 29, 2016, my first day of the conference. Post-conference I may post notes from those sessions that I found notable.

Monday, February 29, 2016

08:30 a – 09:20 a | West 3018 | BAS-M01
Introduction and a Look at Security Trends
Hugh Thompson, Program Committee, RSA Conference

The security industry has significantly changed over the last 25 years, as reflected in the content at RSA Conference. This introductory session will look at some of the major shifts, the economics that are driving the shifts, and the trends that are shaping current and future directions.

08:30 a – 12:30 p | West 2006 | TCG-M01
TCG: Securing the IoT with Trusted Computing [Panel]

The root of security for IoT begins with trust – including trusted device identity and secure communications with protection of sensitive information. These foundational elements must come together to provide a more secure IoT solution. In this half-day RSA Conference session you will hear from industry leaders and see demonstrations of IoT security in action.
08:30 a – 08:40 a | Welcome, Mark Schiller, TCG Executive Director
08:40 a – 09:15 a | Keynote: Trust-Based Security for Multi-Dimensional Clouds, Doug Cahill, Enterprise Strategy Group (ESG)
09:15 a – 10:10 a | Panel 1: IoT, Trust and Security, Moderator: Darin Andersen, CyberTrust; Panelists: Lee Wilson, Security Innovation; Max Senges, Google
10:00 a – 10:10 a | Update from TCG and Demo Highlights, Mark Schiller, TCG Executive Director
10:10 a – 10:55 a | Panel 2: Things to Do with the TPM, Moderator: Paul Roberts, Security Ledger; Panelists: Paul England, Microsoft Corporation; Matthew Garrett, CoreOS
10:55 a – 11:05 a | Break
11:05 a – 11:50 a | Panel 3: Network Security in the IoT , Moderator: Larry Ponemon, Ponemon Institute; Panelists: Steve Venema, Polyverse; Tony Sager, Center for Internet Security
11:50 a – 12:00 p | End of Seminar
12:00 p – 12:30 p | Demonstration Showcase
10:30 a – 11:20 a | West 3018 | BAS-M03

Innovation in Network Security
Michael Geller, Principal engineer, Cisco Systems, Inc.

The networks we use to deliver services are evolving. Applications and services are virtualized and moving to the cloud. An eight-step process is used to put a structure to make sense of the threat surface for today and tomorrow’s networks.

01:00 p – 4:30 p | South The Viewing Point at Gateway | ISB-M01
Innovation Sandbox – “Most Innovative Startup” Live [Panel]

Witness the Top 10 Finalists battle for the coveted title of 2016 Most Innovative Startup at RSAC Innovation Sandbox Contest. In this fast-pitched session, finalist share why their solution will have the greatest impact on information security in 2016.
01:15 p – 01:30 p, Introduction, Hugh Thompson
01:30 p – 02:45 p, RSAC Most Innovative Startup Top 10 Presentations
– Three-minute pitches followed by Q&A with judges.
02:45 p – 03:10 p, BREAK, Meet and Greet with Top 10
03:10 p – 03:45 p How to Build a Startup into a (Multi) Million Dollar Company, Enrique Salem, Managing Director, Bain Capital Ventures; Ron Miller, Enterprise Reporter, TechCrunch;
– Venture capitalist, entrepreneur and former Symantec CEO Enrique Salem will engage in a candid discussion with some of the leading technology entrepreneurs and executives illuminating how to identify need and develop solutions, build traction and distribution into market space, and acquire and retain the “right” talent at the “right” time of the growth cycle.
03:45 p – 04:20 p, NextWar: The Future of Technology and Geopolitics, Peter W. Singer, New American Foundation
– Robots, artificial intelligence, cyberwar, 3D printing, bio-enhancements and a new geopolitical competition: the 21st century is being shaped by a range of exciting and scary new technologies. Best-selling author and consultant to the U.S. intelligence community, Hollywood film industry and Call of Duty video game series, Peter W. Singer explores emerging trends that will shape the world of technology and security tomorrow.
04:20 p – 04:30 p, Award Ceremony and Winner Announcement


01:30 p – 05:00 p | West 3022 | SEM-M02
Advancing Information Risk Practices Seminar [Panel]

Many challenges face today’s Risk Management programs, including how to rank risk security gaps, handle business interactions and form a qualified resource pool. This half-day seminar will be packed with useful information from a series of respected industry leaders. Discussing successes and pitfalls, these leaders have set out to challenge conventional ideas and pursue cutting edge tactics.
01:30 p – 02:25 p, Practical Quantitative Risk Analysis for Cyber Systems
Marshall Chipper
02:25 p – 03:15 p, Exploring Your Data – Risk Visualization Techniques
Jay Jacobs
03:15 p – 03:30 p, BREAK
03:30 p – 04:15 p, Third-Party Risk Assessment – Death by 800 Questions
Jack Jones
04:15 p – 05:00 p, The Marriage of Threat Intelligence and Risk Assessment
Wade Baker


RSA USA Conference 2016 Coming Up!

RSA USA Conference 2016 is only a few short weeks away. Last year, at the 2015 Conference, I facilitated a Peer-to-Peer (P2P) session titled “Who’s Invited to Your Party?  Minimizing Risk from Outsourced Partners”.

This year I was again invited to facilitate a P2P session titled “Saying Goodbye: Managing Security for Departing Personnel”, scheduled for Thursday, March 3, 2016 at 2:10 pm, Room West 2021.

I will be writing more about this upcoming session in my next few blog posts, but to give you a preview here are the notes to RSA Conference from my submission:

Topic Description :
Personnel departures are a daily occurrence, with resignations, layoffs, terminations, outsourcing, reorganizations, and spin-offs. How do you plan for these? Have you removed all access? Who should manage the data left behind? What are the risks and the best frameworks for addressing this risk? In this session we will discuss best practices for managing the off-boarding process effectively.

Submitter’s Comments:
Employees, contractors and others with access and accounts, all leave your organization at some point. Some departures are planned, others are not. Some departures are immediate, while others
transition out over time. All involve questions about transfer of ownership, what to migrate, what to archive. IT security of the off-boarding process is too often poorly defined, bringing significant risk.

I am looking forward to a great session!

RSAC USA 2015: My Agenda Day 5 Friday

The RSA Conference USA for 2015 wrapped up last Friday.  I am using this blog to share with you my personal schedule for the five days of the conference, to indicate what interested me and what I experienced. Today I share the last conference day, Friday, complete with session descriptions from the RSAC catalog.

As always, please write to me if you have any questions about any these sessions or any other question about the RSA Conference.

  • HT-F01 : Top 10 Web Hacking Techniques of 2014  – Jonathan Kuskos, Senior Application Security Engineer, and Matt Johansen, Senior Manager, Threat Research Center, WhiteHat Security

Every year the security community produces a stunning number of new Web hacking techniques. Now in its 9th year, the Top 10 Web Hacking Techniques list encourages information and knowledge sharing and recognizes researchers who contribute excellent work. In this talk, the speakers did a technical deep dive and took us through the Top 10 Web Hacks of 2014, as picked by an expert panel of judges.

  • HUM-F02 : Cybersecurity Awareness is a Big Deal for Small Business  – panel

This session focused on the cybersecurity challenges of small and medium sized businesses, and the impact of small business cybersecurity on the Nation. The Department of Homeland Security and partners discussed existing efforts to help improve small business cybersecurity, including the “Stop.Think.Connect.” Campaign and the Critical Infrastructure Cyber Community (C3) Voluntary Program.


  • Andy Ozment, Moderator, Assistant Secretary, Department of Homeland Security, Office of Cybersecurity and Communications
  • Duncan Logan, Founder and Chief Executive Officer, Rocket Space
  • Michael Kaiser, Executive Director, National Cyber Security Alliance
  • William O’Connell, Vice President for Global Trust, ADP
  • GRC-F03 : Taking a Business Risk Portfolio (BRP) Approach to Information Security  – Johna Till Johnson, Chief Executive Officer and Founder, Nemertes Research

Many business executives mistakenly seek to reduce information security risk to zero. This is both impossible and wrongheaded. A better approach is to position InfoSec risk appropriately within a business risk portfolio, and manage and mitigate accordingly. This session provided a blueprint for crafting a BRP and embedding Infosec within it.

  • KEY-F44 : The Hugh Thompson Show – Hugh Thompson, Program Committee Chairman, RSA Conference, and Srinivasan Pillay, M.D., Chief Executive Officer, The NeuroBusiness Group

A conversation between Mr. Thompson and Mr. Pillay about physiological and psychological roots of information security crime and hacking.


RSAC USA 2015: My Agenda Day 4 Thursday

The RSA Conference USA for 2015 wrapped up last Friday.  I am using this blog to share with you my personal schedule for the five days of the conference, to indicate what interested me and what I experienced. Today I share Thursday’s, complete with session descriptions from the RSAC catalog.

Please write to me if you have any questions about these sessions.

  • MASH-R01 : More Books You Should Have Read by Now: The Cybersecurity Canon Project  – Rick Howard, Chief Security Officer, Palo Alto Networks

Last year, the Palo Alto Networks’ CSO presented 20 books that we all should have read by now. Since then, he has formed the Cyber Security Canon Committee to add more books to the list and to select candidate books to officially induct into the Canon. In this session he discussed how the community can help with the project and presented five new books that are on the candidate list.

  • MASH-R02 : Use of Technology in Preserving and Protecting Humanity – panel

Technology used for humanitarian aims faces some of the toughest security challenges; opportunities seem to be everywhere these days. While security pros say they feel overwhelmed by rate of change, humanitarians grow impatient at the slow pace. This panel discussed why there’s a divide and looked at where information security controls are working, as well as areas needing greater attention.


  • Davi Ottenheimer, Moderator, Senior Director of Trust, EMC
  • Alex Stamos, Chief Information Security Officer, Yahoo
  • Beau Woods, Founder and CEO, Stratigos
  • Bruce Schneier, Chief Technology Officer, Resilient Systems
  • Morgan Marquis-Boire, Senior Researcher, Citizen Lab, University of Toronto
  • CRWD-R03 : Best Practice or Bust? Test Your Approach to Third-Party Risk – James Christiansen, Vice President, Information Risk Management, Accuvant

More than half of all security breaches originate from a third-party breach. This highly interactive whiteboard session focused on participants sharing lessons learned for extending internal security practices to vendors to reduce third-party risk. After suggestions were documented and debated, audience polls determined each idea’s validity if implemented across various industries.

  • EXP-T09R : Security in an Age of Catastrophic Risk – Bruce Schneier, Chief Technology Officer, Resilient Systems

In cyberspace and out, we’re increasingly confronting extremely-low-probability, extremely-high-damage attacks. Protecting against these sorts of risks requires new ways of thinking about security; one that emphasizes agility and resilience, while avoiding worst-case thinking.

  • KEY-R08 : Into the Woods: Protecting Our Youth from the Wolves of Cyberspace  – panel

Today’s headlines are crowded with stories of kids who fall victim to cybercrimes, including online bullying and predatory behavior. We can’t supervise every dark corner of the Internet, so what is the answer? Stricter laws? Aggressive pursuit of offenders? Education of our kids? This keynote panel discussed challenges and offer solutions designed to ensure the safety of our children.


  • Sandra Toms, Moderator, Vice President and Curator, RSA Conference
  • Alicia Kozakiewicz, President, The Alicia Project
  • Lance Spitzner, Research & Community Director, SANS Securing the Human
  • Michael Osborn, Chief of the Violent Crimes Against Children Unit, FBI
  • Sharon W. Cooper, MD, FAAP


RSAC USA 2015: My Agenda Day 3 Wednesday

The RSA Conference USA for 2015 wrapped up last Friday.  I am using this blog to share with you my personal schedule for the five days of the conference, to indicate what interested me and what I experienced.  Today I share Wednesday’s schedule, complete with session descriptions from the RSAC catalog.

Please write to me if you have any questions about these sessions.

  • LAB-W01 : Insider Threat and the Dark Web: Cyber Response Mini-Wargame – facilitators

Companies and organizations are increasingly using wargames to improve cyber response posture. In this session, Booz Allen Hamilton’s wargame team led players through a board game where they will took actions in response to a cyber breach to mitigate damage to the company. This session focused on incident managers who will be called on to make decisions in a crisis scenario. The objective of the game is to identify and successfully mitigate different risk categories following a breach.

Booze Allen Hamilton participants:

  • Mike McConnell, Strategic Advisor and former Vice Chairman, Former Director of National Intelligence
  • Nicole Monteforte, Principal
  • Ronald Sanders, Vice President
  • Thad Allen, Executive Vice President
  • ECO-W03 : Cyber Security for Start-ups: An Affordable 10-Step Plan – David Cowan, Partner, Bessemer Venture Partners

In the past, start-ups could postpone thinking about security threats. But today’s hackers and malware infestations no longer discriminate between the Fortune 50 and the TechCrunch 50. In fact, some increasingly common cyber attacks specifically target smaller, more vulnerable businesses. This session covered an affordable 10-step plan that start-ups can follow to survive in today’s cyberspace.

  • HUM-W04 : What a Relief—It Works! How to Build an Insider Threat Program in One Year  – Dawn Cappelli, Director, Insider Risk Management, Rockwell Automation

A little over a year ago Ms. Cappelli left her job (Director, CERT Insider Threat Center) to build an Insider Risk Program for Rockwell Automation. After 13 years of research, she had to do what she had told everyone else to do. Would it work? She thought it would, and she was right! Ms. Cappelli showed what one can do in 1 year from 60 experts who collaborate monthly. It was shocking to understand what could be leaving an organization.

  • STU-W7 : Stuck in Patterns—How Your Mind Fools You Every Day – Doug Kevilus, Owner, Mentalist Doug Kevilus

Our minds have developed in such a way that it changes and distorts what we see, experience, and remember every day. Some of those distortions we will never recognize. Other times, those distortions create severe consequences in our work and personal relationships.

  • STU-W8 : The Day My Kids Brought Home Malware – Kellman Meghu, Head of Americas Security Architects, Check Point Software

Kids are always texting, streaming shows and surfing the web simultaneously. With all of that Internet activity, what type of malware activity do you think you’d find on your home network? This talk gave an insight from activity on Mr. Meghu’s home network, set up with Enterprise products. Imagine utilizing this technology and finding search patterns of data in your home network – what do you think you’ll find?

  • KEY-W11 The Second Machine Age  – Andrew McAfee, Principal Research Scientist, Center for Digital Business, MIT Sloan School of Management, and Fellow, Harvard Law School Berkman Center for Internet and Society

We are living in a time of brilliant technologies that are bringing us into a second machine age, the greatest era of transformation since the Industrial Revolution.  Dr. McAfee discussed both the great promise and thorny challenges—for organizations, leaders and workers alike—of the world we’re creating as we create and deploy digital technologies that are the stuff of science fiction.


RSAC USA 2015: My Agenda Day 2 Tuesday

The RSA Conference USA for 2015 wrapped up last Friday.  I am using this blog to share with you my personal schedule for the five days of the conference, to indicate what interested me and what I experienced.  Yesterday I shared Monday’s schedule. Today I share Tuesday’s, complete with session descriptions from the RSAC catalog.

Please write to me if you have any questions about these sessions.

  • KEY-T01 : Escaping Security’s Dark Ages – Amit Yoran, President, RSA

We are living in the Dark Ages of security.  We cling to outmoded world views and rely on tools and tactics from the past, and yet we are surprised to find ourselves living in an era of chaos and violence.  We must cast off the past and enter an Age of Enlightenment by pursuing greater visibility into and understanding of our digital world.

  • KEY-T02 : Enhancing Cloud Trust – Scott Charney, Corporate Vice President, Trustworthy Computing, Microsoft

As pressures to accelerate cloud computing climb higher than ever, relationships between vendors, enterprises and governments have evolved to ones comprised of trust and concern in equal measure. How should companies shape their plans? Scott Charney reviewed Microsoft’s cyber security strategy to help leaders innovate aggressively while managing business risk.

  • KEY-T03 : Security on Offense – Christopher Young, Senior Vice President and General Manager, Intel Security Group

In pro sports we avow, “Defense wins championships.” But without offense it’s hard to score the points needed to triumph–cyber security is no different. Chris Young looked at how we change the game, stay relevant, and ensure trust is the foundation of digital life.

  • KEY-T04 : The Cryptographers’ Panel

The founders and leaders of the field join together for an engaging discussion about the latest advances and revelations in cryptography, including research areas to watch in 2015 and insights drawn from lessons learned over the last three decades.


  • Paul Kocher, Moderator, President and Chief Scientist, Cryptography Research
  • Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science, Israel
  • Ed Giorgio, Cryptographer and Security Expert, KEYW
  • Ronald Rivest, Vannevar Bush Professor, MIT
  • Whitfield Diffie, Cryptographer & Security Expert, Cryptomathic
  • KEY-T05 : Secretary Jeh Johnson, U.S. Department of Homeland Security

The growing number of serious attacks on essential cyber networks is one of the most serious economic and national security threats our nation faces. DHS Secretary Jeh Johnson discussed the evolving cybersecurity threat and Homeland Security’s comprehensive strategy to address it.

  • P2P-T07D : Who’s Invited to Your Party? Minimizing Risk from Outsourced Partners – Facilitator: Kenneth Morrison, Principal, Morrison Consulting

Recent headlines suggest your greatest risk may be from trusted, connected partners and those partners have their own partners; all potentially becoming your “insiders”. Questionnaires and standardized forms don’t suffice for assessment. Layered network defenses must be reevaluated. Attendees shared their experiences, and took away new options for controls to limit risk from the elastic insider network.

  • P2P-T08B : Trimming the Waste from Your Security Portfolio – Facilitator: Wendy Nather, Research Director, Information Security, 451 Research

In this discussion, attendees talked about example product portfolios, budgets and activities to help participants evaluate what they could consolidate, cut back, or eliminate. Some areas considered are activities that can be “outsourced” to other departments, products that require too many people to run, duplicate features, and technologies that aren’t being used.

  • CSV-T07R : Something Awesome on Cloud and Containers – Christofer Hoff, Vice President and Security Chief Technology Officer, Juniper Networks and Rich Mogull, Analyst and Chief Executive Officer, Securosis

Chris and Rich first started talking about the impact of cloud computing way back in the Dark Ages of 2009. This is the seventh installation of their genre-defying roller coaster RSA session. This year’s talk lays out the technical evolution of cloud computing; and how evolving practices and a drive towards containerization are already antiquating nascent cloud security models.

  • CSV-T10 : Security and Privacy in the Cloud: How Far Have We Come?  – panel

Come Snowden or iCloud hackers, nothing will rain on the business cloud. Panelists Eran Feigenbaum, Google for Work Security Director; Microsoft CISO Bret Arsenault; noted security expert Bruce Schneier; and moderator John Pescatore of SANS Institute discussed the evolution of security in the cloud.


  • John Pescatore, Moderator, Director, SANS Institute
  • Bret Arsenault, Chief Information Security Officer and Vice President, Microsoft
  • Bruce Schneier, Chief Technology Officer, Resilient Systems
  • Eran Feigenbaum, Director of Security, Google for Work, Google