RSAC USA 2015: My Agenda Day 4 Thursday

The RSA Conference USA for 2015 wrapped up last Friday.  I am using this blog to share with you my personal schedule for the five days of the conference, to indicate what interested me and what I experienced. Today I share Thursday’s, complete with session descriptions from the RSAC catalog.

Please write to me if you have any questions about these sessions.

  • MASH-R01 : More Books You Should Have Read by Now: The Cybersecurity Canon Project  – Rick Howard, Chief Security Officer, Palo Alto Networks

Last year, the Palo Alto Networks’ CSO presented 20 books that we all should have read by now. Since then, he has formed the Cyber Security Canon Committee to add more books to the list and to select candidate books to officially induct into the Canon. In this session he discussed how the community can help with the project and presented five new books that are on the candidate list.

  • MASH-R02 : Use of Technology in Preserving and Protecting Humanity – panel

Technology used for humanitarian aims faces some of the toughest security challenges; opportunities seem to be everywhere these days. While security pros say they feel overwhelmed by rate of change, humanitarians grow impatient at the slow pace. This panel discussed why there’s a divide and looked at where information security controls are working, as well as areas needing greater attention.


  • Davi Ottenheimer, Moderator, Senior Director of Trust, EMC
  • Alex Stamos, Chief Information Security Officer, Yahoo
  • Beau Woods, Founder and CEO, Stratigos
  • Bruce Schneier, Chief Technology Officer, Resilient Systems
  • Morgan Marquis-Boire, Senior Researcher, Citizen Lab, University of Toronto
  • CRWD-R03 : Best Practice or Bust? Test Your Approach to Third-Party Risk – James Christiansen, Vice President, Information Risk Management, Accuvant

More than half of all security breaches originate from a third-party breach. This highly interactive whiteboard session focused on participants sharing lessons learned for extending internal security practices to vendors to reduce third-party risk. After suggestions were documented and debated, audience polls determined each idea’s validity if implemented across various industries.

  • EXP-T09R : Security in an Age of Catastrophic Risk – Bruce Schneier, Chief Technology Officer, Resilient Systems

In cyberspace and out, we’re increasingly confronting extremely-low-probability, extremely-high-damage attacks. Protecting against these sorts of risks requires new ways of thinking about security; one that emphasizes agility and resilience, while avoiding worst-case thinking.

  • KEY-R08 : Into the Woods: Protecting Our Youth from the Wolves of Cyberspace  – panel

Today’s headlines are crowded with stories of kids who fall victim to cybercrimes, including online bullying and predatory behavior. We can’t supervise every dark corner of the Internet, so what is the answer? Stricter laws? Aggressive pursuit of offenders? Education of our kids? This keynote panel discussed challenges and offer solutions designed to ensure the safety of our children.


  • Sandra Toms, Moderator, Vice President and Curator, RSA Conference
  • Alicia Kozakiewicz, President, The Alicia Project
  • Lance Spitzner, Research & Community Director, SANS Securing the Human
  • Michael Osborn, Chief of the Violent Crimes Against Children Unit, FBI
  • Sharon W. Cooper, MD, FAAP