RSAC USA 2016: My Agenda Day 2 Tuesday

The RSA Conference USA for 2016 is less than two weeks away. Today’s blog will share with you my schedule for Tuesday, my second day of the conference, to indicate what interests me. Post-conference I may post notes from those sessions that I found notable.

Tuesday, March 1, 2016

08:10 a – 08:40 a | South Live at Esplanade Ballroom | KEY-T01
Keynote: The Sleeper Awakes
Amit Yoran – President, RSA

We are all in agreement that the industry is failing, but the path forward remains hotly debated. Do we keep doing what we’ve always done and just do more of it, or do we take a radical new approach across industry, practitioners and public policy? We can’t do both. Which side are you on?

08:50 a – 09:10 a | South Live at Esplanade Ballroom | KEY-T02
Keynote: Trust in the Cloud in Tumultuous Times
Brad Smith – President and Chief Legal Officer, Microsoft

We are living in extraordinary times. While the evolution of cloud computing has transformed the way we work, recent geopolitical events have precipitated debates on the roles that governments and industry should play in defending and securing society, and the appropriate balance between security, privacy and the freedom of expression. Brad Smith puts modern events into context and discusses a path forward.

09:20 a – 09:50 a | South Live at Esplanade Ballroom | KEY-T03
Keynote: Louder Than Words
Christopher Young – Senior VP and GM, Intel Security Group

Our challenges are considerable—billions of smart devices lack baseline protection; intensive customization limits the effectiveness of our threat defense; the talent shortage we face is real… and growing. How does the industry move forward? Do we invest in threat intelligence sharing across sectors? And what is the government’s role vs. the private sector’s? Chris Young maps out a new model for cybersecurity , and shares what’s already underway.

09:50 a – 10:40 a | South Live at Esplanade Ballroom | KEY-T04
Keynote: The Cryptographers’ Panel [Panel]

Join the founders and leaders of the field for an engaging discussion about the latest advances and revelations in cryptography, including research areas to watch in 2016 and insights drawn from lessons learned over the last three decades.
Moderator: Paul Kocher, President and Chief Scientist, Cryptography Research, Rambus
Panelists: Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science, Israel; Moxie Marlinspike, Founder, Open Whisper Systems; Ronald Rivest, MIT Institute Professor, MIT; Whitfield Diffie, Cryptographer & Security Expert, Cryptomathic.

10:40 a – 11:30 a | South Live at Esplanade Ballroom | KEY-T05
Keynote: Remarks by Admiral Michael S. Rogers, U.S. Navy, Commander, U.S. Cyber Command, Director, National Security Agency/Chief, Central Security Service.

12:00 p – 12:50 p | South The Viewing Point at Gateway | FRM-T07
The Evolving Landscape of Cybersecurity: Threats, Opportunities, and Partnerships in a Changing World
Loretta Lynch, Attorney General of the United States

Loretta E. Lynch, Attorney General of the United States will discuss The Evolving Landscape of Cybersecurity: Threats, Opportunities, and Partnerships in a Changing World.

01:10 p – 02:00 p | Tuesday Track Session 1 | West 2015 | P2P1-T09
P2P: Security Maturity Models: A Dime a Dozen or Priceless?
Pete Lindstrom, VP, Security Strategies, IDC

Security professionals are besieged with maturity models and control frameworks and regulatory requirements, all in the name of protecting the organization. But do strong security programs actually reduce risk? How can they be tested? What are the key elements of a program? Participants will discuss these topics in search  of tips and tactics for a successful program.

02:20 p – 03:10 p | Tuesday Track Session 2 | West 2004 | CXO-T10
My Life as Chief Security Officer at Google
Gerhard Eschelbeck, Vice President Security Engineering, Google

What’s it like heading up security for one of the world’s biggest tech companies and hacker targets? Google VP of Security Engineering Gerhard Eschelbeck will give a rare inside look at his daily job, how he protects the data of millions of people and companies, the big and little challenges Google faces with security and what keeps him up at night.

03:30 p – 04:20 p | Tuesday Track Session 3 |  West 2016 | PNG-T11
Encryption and Information Sovereignty: Destroying the Internet to Save It? [Panel]

This panel will investigate the inherent tensions between information security and national security, focusing specifically on encryption policy governmental needs to access secure information, and civil rights. By convening panelists with expertise in industry, government, law and academia, this panel aims to offer empirically grounded perspectives in order to move toward a workable solution.
Moderator: Shawn Powers, Assistant Professor, Georgia State University
Panelists: Julia Powles, Lawyer Researching Technology Law and Policy Cloud Cybercrime Centre, University of Cambridge; Paul Rosenzweig, Founder, Red Branch Consulting; Peter Neumann, Senior Principal Scientist, SRI International Computer Science Lab; Tom Corcoran, Head of Cyber Threat Intelligence, Zurich Insurance Group.


01:10 p – 02:00 p | South The Viewing Point at Gateway | EXP=T09R
The Seven Most Dangerous New Attack Techniques, and What’s Coming Next [Panel]

Which are the most dangerous new attack techniques for 2016/2017? How do they work? How an you stop them? What’s coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned to know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.
Moderator: Alan Paller, Research Director and Founder, SANS
Panelists: Ed Skoudis, Instructor, SANS; Johannes Ullrich, Dean of Research, SANS Technology Institute; Mike Assante, ICS Director, SANS.

01:10 p – 02:00 p | West 2018 | LAW-T09
Hot Topics in Technology Law [Panel]

A moderated panel discussion of legal topics by practicing technology lawyers. Topics shall include pending legislation and the role of state actors (governments) in regulating technology and innovation.
Moderator: Rita Helmes, Research Director, IAPP
Panelists: Jon Stanley, Counsel, Verrill Dana LLP; Michael Aisenberg, Senior Fellow, George Washington University Center for Cyber & Homeland Security; Richard Abbott, Director, RA Consulting.

02:20 p – 03:10 p |  South The Viewing Point at Gateway | SBX3-T10
Sandbox: Robot Cars, Risk and Ethics: Lessons for Artificial Intelligence [Panel]

Autonomous vehicles are now appearing on our roadways. This session will look at the new risks they pose—including ethics or value judgments that have no clear consensus—and how those risks could be managed, including what existing law might say about them. This also gives us insight into the challenges faced by broader industries that are developing artificial intelligence products.
Moderator: Kevin Kelly, Senior Maverick, Wired Magazine
Panelists: Jerry Kaplan, Visiting Lecturer, Computer Science, Stanford University; Patrick Lin, Director, Ethics + Emerging Sciences Group, California Polytechnic State University; Stephen Wu, Attorney, Silicon Valley Law Group.

03:30 p – 04:20 p |  West 3003 | EXP-T11
Security Investigative Journalists Speak Out — More Breaches, More Problems [Panel]

OPM, Ashley Madison, Hacking Team and more. From infosec inside baseball to the year’s biggest hacks, these gumshoes have seen it all. This panel session—back by popular demand and moderated by noted security researcher and OpenDSN CTO Dan Hubbard—will discuss the biggest, most important and most controversial cybersecurity stories of the past year.
Moderator: Dan Hubbard, Chief Technology Officer, OpenDNS
Panelists: Brian Krebs, Investigative Reporter, Krebs On Security; Joseph Menn, Technology Projects Reporter, Reuters; Kevin Poulsen, Contributing Editor, Wired.

03:30 p – 04:20 p | West 3006 | ASD-T11
Nothing Lasts Forever — Trust Has an Expiration Date
Matthew Bryant, Application Security Engineer II, Uber Technologies, Inc.

Sometimes trust comes with an expiration date: domains, CDNs, hosts and other digital resources are all ephemeral. With DNS, dynamic instances, web links, whitelists and other extensions of trust pointing to so many third parties—do you really know who is in control? This talk explores the security issues that arise when digital assets expire and presents novel attacks exploiting expired trust.