RSAC USA 2015: My Agenda Day 5 Friday

The RSA Conference USA for 2015 wrapped up last Friday.  I am using this blog to share with you my personal schedule for the five days of the conference, to indicate what interested me and what I experienced. Today I share the last conference day, Friday, complete with session descriptions from the RSAC catalog.

As always, please write to me if you have any questions about any these sessions or any other question about the RSA Conference.

  • HT-F01 : Top 10 Web Hacking Techniques of 2014  – Jonathan Kuskos, Senior Application Security Engineer, and Matt Johansen, Senior Manager, Threat Research Center, WhiteHat Security

Every year the security community produces a stunning number of new Web hacking techniques. Now in its 9th year, the Top 10 Web Hacking Techniques list encourages information and knowledge sharing and recognizes researchers who contribute excellent work. In this talk, the speakers did a technical deep dive and took us through the Top 10 Web Hacks of 2014, as picked by an expert panel of judges.

  • HUM-F02 : Cybersecurity Awareness is a Big Deal for Small Business  – panel

This session focused on the cybersecurity challenges of small and medium sized businesses, and the impact of small business cybersecurity on the Nation. The Department of Homeland Security and partners discussed existing efforts to help improve small business cybersecurity, including the “Stop.Think.Connect.” Campaign and the Critical Infrastructure Cyber Community (C3) Voluntary Program.


  • Andy Ozment, Moderator, Assistant Secretary, Department of Homeland Security, Office of Cybersecurity and Communications
  • Duncan Logan, Founder and Chief Executive Officer, Rocket Space
  • Michael Kaiser, Executive Director, National Cyber Security Alliance
  • William O’Connell, Vice President for Global Trust, ADP
  • GRC-F03 : Taking a Business Risk Portfolio (BRP) Approach to Information Security  – Johna Till Johnson, Chief Executive Officer and Founder, Nemertes Research

Many business executives mistakenly seek to reduce information security risk to zero. This is both impossible and wrongheaded. A better approach is to position InfoSec risk appropriately within a business risk portfolio, and manage and mitigate accordingly. This session provided a blueprint for crafting a BRP and embedding Infosec within it.

  • KEY-F44 : The Hugh Thompson Show – Hugh Thompson, Program Committee Chairman, RSA Conference, and Srinivasan Pillay, M.D., Chief Executive Officer, The NeuroBusiness Group

A conversation between Mr. Thompson and Mr. Pillay about physiological and psychological roots of information security crime and hacking.