RSAC USA 2015: My Agenda Day 2 Tuesday

The RSA Conference USA for 2015 wrapped up last Friday.  I am using this blog to share with you my personal schedule for the five days of the conference, to indicate what interested me and what I experienced.  Yesterday I shared Monday’s schedule. Today I share Tuesday’s, complete with session descriptions from the RSAC catalog.

Please write to me if you have any questions about these sessions.

  • KEY-T01 : Escaping Security’s Dark Ages – Amit Yoran, President, RSA

We are living in the Dark Ages of security.  We cling to outmoded world views and rely on tools and tactics from the past, and yet we are surprised to find ourselves living in an era of chaos and violence.  We must cast off the past and enter an Age of Enlightenment by pursuing greater visibility into and understanding of our digital world.

  • KEY-T02 : Enhancing Cloud Trust – Scott Charney, Corporate Vice President, Trustworthy Computing, Microsoft

As pressures to accelerate cloud computing climb higher than ever, relationships between vendors, enterprises and governments have evolved to ones comprised of trust and concern in equal measure. How should companies shape their plans? Scott Charney reviewed Microsoft’s cyber security strategy to help leaders innovate aggressively while managing business risk.

  • KEY-T03 : Security on Offense – Christopher Young, Senior Vice President and General Manager, Intel Security Group

In pro sports we avow, “Defense wins championships.” But without offense it’s hard to score the points needed to triumph–cyber security is no different. Chris Young looked at how we change the game, stay relevant, and ensure trust is the foundation of digital life.

  • KEY-T04 : The Cryptographers’ Panel

The founders and leaders of the field join together for an engaging discussion about the latest advances and revelations in cryptography, including research areas to watch in 2015 and insights drawn from lessons learned over the last three decades.


  • Paul Kocher, Moderator, President and Chief Scientist, Cryptography Research
  • Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science, Israel
  • Ed Giorgio, Cryptographer and Security Expert, KEYW
  • Ronald Rivest, Vannevar Bush Professor, MIT
  • Whitfield Diffie, Cryptographer & Security Expert, Cryptomathic
  • KEY-T05 : Secretary Jeh Johnson, U.S. Department of Homeland Security

The growing number of serious attacks on essential cyber networks is one of the most serious economic and national security threats our nation faces. DHS Secretary Jeh Johnson discussed the evolving cybersecurity threat and Homeland Security’s comprehensive strategy to address it.

  • P2P-T07D : Who’s Invited to Your Party? Minimizing Risk from Outsourced Partners – Facilitator: Kenneth Morrison, Principal, Morrison Consulting

Recent headlines suggest your greatest risk may be from trusted, connected partners and those partners have their own partners; all potentially becoming your “insiders”. Questionnaires and standardized forms don’t suffice for assessment. Layered network defenses must be reevaluated. Attendees shared their experiences, and took away new options for controls to limit risk from the elastic insider network.

  • P2P-T08B : Trimming the Waste from Your Security Portfolio – Facilitator: Wendy Nather, Research Director, Information Security, 451 Research

In this discussion, attendees talked about example product portfolios, budgets and activities to help participants evaluate what they could consolidate, cut back, or eliminate. Some areas considered are activities that can be “outsourced” to other departments, products that require too many people to run, duplicate features, and technologies that aren’t being used.

  • CSV-T07R : Something Awesome on Cloud and Containers – Christofer Hoff, Vice President and Security Chief Technology Officer, Juniper Networks and Rich Mogull, Analyst and Chief Executive Officer, Securosis

Chris and Rich first started talking about the impact of cloud computing way back in the Dark Ages of 2009. This is the seventh installation of their genre-defying roller coaster RSA session. This year’s talk lays out the technical evolution of cloud computing; and how evolving practices and a drive towards containerization are already antiquating nascent cloud security models.

  • CSV-T10 : Security and Privacy in the Cloud: How Far Have We Come?  – panel

Come Snowden or iCloud hackers, nothing will rain on the business cloud. Panelists Eran Feigenbaum, Google for Work Security Director; Microsoft CISO Bret Arsenault; noted security expert Bruce Schneier; and moderator John Pescatore of SANS Institute discussed the evolution of security in the cloud.


  • John Pescatore, Moderator, Director, SANS Institute
  • Bret Arsenault, Chief Information Security Officer and Vice President, Microsoft
  • Bruce Schneier, Chief Technology Officer, Resilient Systems
  • Eran Feigenbaum, Director of Security, Google for Work, Google