RSAC USA 2016: My Agenda Day 3 Wednesday

The RSA Conference USA for 2016 starts a week from tomorrow. Today’s blog post will share with you my schedule for Wednesday, my third day of the conference. As I did in my last posting, Tuesday’s schedule, my schedule for Wednesday is followed by some alternate sessions that are my fall-back choices, all very interesting.

Wednesday, March 2, 2016

08:00 a – 08:50 a | Wednesday Track Session 1 | West 3002 | TECH-W02
Giving the Bubble Boy an Immune System so He Can Play OUtside
Kevin Mahaffey, Co-Founder, CTO, Lokout

Why are Google, Facebook and others removing “standard” elements, such as VPNs, Firewalls, and rigid ACLs from their IT architecture? This presentation will share lessons learned and pitfalls in moving to data-driven security from experience securing a fast-moving organization, building security products and investing in a number of security startups.

09:10 a – 10:00 a | Wednesday Track Session 2 | West 2007 | PRV-W03
Can Government Encryption Backdoors and Privacy Co-exist? Is It an Oxymoron? [Panel]

Three distinguished panelists, a privacy expert, a crypto expert and a former cybersecurity policy maker for the Office of the President, will engage in a lively debate on whether government encryption backdoors and privacy can co-exist or are they in such a fundamental conflict that one necessarily obliterates the other.
Moderator: Chenxi Wang, Chief Strategy Officer, Twistlock, Inc.
Panelists: Matthew Green, Assistant Professor, Johns Hopkins University, Michelle Dennedy, Chief Privacy Officer, Ciso

10:20 a – 11:10 a | Wednesday Track Session 3 | North 133 | SPO3-W04
More Books You Should Have Read By Now: The Cybersecurity Canon Project
Rick Howard, Chief Security Officer, Palo Alto Networks

Last year, the Palo Alto Networks CSO presented 20 books that we all should have read by now. Since then, he has formed the Cybersecurity Canon Committee to add more books to the list and to select candidate books to officially induct into the Canon. He will discuss how the community can help with the project and will present five new books that are on the candidate list.

11:30 a – 12:20 p | Wednesday Track Session 4 | West 3003 | EXP-W05
A Conversation on Silicon Valley/DC Security Collaboration [Panel]
Ashton B. Carter, Secretary of Defense, Department of Defense, USA; Ted Schlein, General Partner, Kleiner Perkins, Caufield & Byers

U.S. Secretary of Defense Ashton Carter will speak with Ted Schlein, regarding the importance of technology, innovation and cybersecurity, and the opportunities for the Department of Defense and Silicon Valley to join forces.

01:00 p – 01:50 p | West 2015 | P2P1-W07
P2P: Security of Public Cloud Services: It Takes a Village
Ben Rothke, Senior eRC Consultant, The Nettitude Group

Your cloud provider may have every attestation from PCI to SSAE-16, but that means nothing if your team doesn’t know cloud security and what they have to do. Cloud security is inherently a shared responsibility model. If you are not doing your part, you won’t have security. Even with the move to the cloud, there’s a huge of amount of security that still needs to be done.

02:00 p – 02:40 | South Live at Esplanade Ballroom | Key-W08
Keynote: Dave Isay on the History of StoryCorps and the Power of Storytelling
Dave Isay, Founder, StoryCorps

Dave Isay is one of the most trusted and respected broadcasters working today. The recipient of four Peabody Awards, a MacArthur Fellowship and the 2015 TED Prize, his lectures tap into the heart and soul of human experience by interweaving stories told by the people that lived them. He is an author, documentarian and founder of StoryCorps.

02:40 p – 03:10 p | South Live at Esplanade Ballroom | Key-W10
Keynote: Turning the Tables: Radical New Approaches to Security Analytics
Martin Fink – Executive Vice President, Chief Technology Officer, Hewlett Packard Enterprise

The battle between attackers and attacked has long been asymmetric. The answer lies in Big Data analytics. But as security operations mature, current analytics approaches will struggle to handle the exponentially growing volume of data with richer context, new machine sources and at machine speed. Martin Fink will talk about a radically new system and data protection architectures that could turn this asymmetry on its head.

03:10 p – 03:30 p | South Live at Esplanade Ballroom | KEY-W11
Keynote: Ascending the Path to Better Security
Martin Roesch – Vice President and Chief Architect, Cisco Security Business Group

Security professionals are grappling with how to protect their organization from a multitude of new and unforeseen threats. Gaining an advantage against attackers and improving security outcomes requires having a true sense of the value of the protection capabilities in place. Martin Roesch will discuss methods to measure the value of existing security approaches to ascend the pyramid of pain, enable business growth and deliver better security.

03:30 p – 04:00 p | South Live at Esplanade Ballroom | KEY-W14
Keynote: The (Inevitable?) Decline of the Digital Age…
Mark McLaughlin – Chairman, President and CEO, Palo Alto Networks

We live in the digital age, an age of immense productivity but at serious risk due to the increasing lack of trust driven by security concerns. This must and will be corrected. The future will show the decline of legacy, point-product security based on technologies that primarily focus on detection. Instead, we’ll see the rise of next-generation prevention-oriented security platforms. Old-line thinking that hurts trust will fall to the wayside.

04:00 p – 04:50 p | South Live at Esplanade Ballroom | KEY-W15
Keynote: The Great Questions of Tomorrow
David Rothkopf – Chief Executive Officer and Editor, FP Group

There is a universal view that the changes associated with the technological revolution have been profound and will accelerate. Rothkopf will argue that those changes have been underestimated. He will assert that the very fabric of civilization is being rewoven and that the result will force us to rethink basic concepts about who we are, how we govern ourselves, our fundamental rights and the nature of war, peace and money.


01:00 p – 01:50 p | South The Viewing Point at Gateway | FRM-W07
A Roundtable with Three Cyber-Wisemen [Panel]

Six years ago no country had a cyber-coordinator or even a cybersecurity strategy. That’s changed, and it may need to change again. All the old topics are still in play, but new problems are reshaping policy agendas. The job of cyber-coordinator is evolving in ways we can’t yet predict. Three cyber-coordinators will have a frank discussion about agendas and top priorities for the coming year.
Moderator: James Lewis, Director and Senior Fellow, Strategic Technologies Program, CSIS
Panelists: Alex Dewdney, Director, Cyber Security, CESG; Eviatar Matania, Head of the Israeli National Cyber Bureau, Israel National Cyber Bureau, Prime Minister’s Office; Michael Daniel, Special Assistant the to President and Cybersecurity Coordinator, The White House

08:00 a – 08:50 a | Wednesday Track Session 1 | West 2004 | CXO-W02
Real-World Examples of Positive Security ROI
John Pescatore, Director, SANS Institute

In every industry and across government agencies, there are those who suffered a major breach and those who avoided the same attacks or greatly minimized the damage. This session will detail six real-world examples of security organizations that avoided breaches by delivering and quantifying positive business return on investments in improving security. Real numbers will be used in all examples.

08:00 a – 08:50 a | Wednesday Track Session 1 | West 3008 | HUM-W02
Trends in Social Engineering: How to Detect and Quantify Persuasion
Markus Jakobsson, CTO, ZapFraud

Email scams are still very effective as they have evolved to avoid current security countermeasures by making its contents more individualized and credible to the recipient. We describe persuasion in 419 scams and Business Email Compromise (BEC) scams, and discuss how an improved understanding of persuasion can help lay the foundation for more effective anti-scam tools.

09:10 a – 10:00 a | Wednesday Track Session 2 | West 3006 | ASD-W03
Transforming Security: Containers, Virtualization and Softwarization
Dennis Moreau, Senior Engineering Architect, VMware

This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally improve security visibility, security analytics, system resilience and actionable context, greatly increasing our ability to attest that systems will be secure and compliant in any state into which they may be driven.

09:10 a – 10:00 a | Wednesday Track Session 2 | West 3008 | HUM-W03
Proactive Measures to Mitigate Insider Threat
Andrew Case, Director of Research, Volexity

The threat posed by rogue insiders affects every organization worldwide. The difficulties in balancing employees’ legitimate need to access corporate data along with the need to compartmentalize access are often in conflict. This presentation will walk through several real-world insider threat cases and discuss proactive measures that could have greatly mitigated the damage and losses.

09:10 a – 10:00 a | Wednesday Track Session 2 | West 3014 | TV-W03
RSAC Studio: The Dark Web and Cyberespionage: Fact, Fiction and Future
Vicente Diaz, Principal Security Researcher, Kaspersky Lab Global Research & Analysis Team, Kaspersky Lab; William Gragido, Head of Threat Intelligence Research, DS Labs, Digital Shadows

Attackers are lurking. What is the current and future state. and how can we prepare?
9:10 AM: In the Dark: An Introduction to the Hidden World of the Dark Web,  William Gragido
9:40 AM: A Futurist’s Look at Nation-State Cyberespionage, Vicente Diaz

10:20 a – 11:10 a | Wednesday Track Session 3 | West 2016 | PNG-W04
Government in the Crossfire: Data Privacy in an Era of Growing Cyberthreats [Panel]

Join ex-Microsoft CISO and former U.S. Cybersecurity Coordinator Howard Schmidt, EFF attorney Lee Tien and State of Wyoming CIO, Flint Waters, for a discussion about safeguarding citizen data in the cloud. They will tackle responsibilities of cloud providers and government, the latest threats and challenges, and how they are dealing with them.
Moderator: Paul Roberts, Editor in Chief, The Security Ledger
Panelists: Flint Waters, State Chief Information Officer, Director, State of Wyoming; Lee Tien, Senior Staff Attorney, Electronic Frontier Foundation

10:20 a – 11:10 a | Wednesday Track Session 3 | West 3002 | TECH-W04
Applying Top Secret and Military Network Grade Security in the Real World
Dan Amiga, Founder and CTO, Fireglass; Dor Knafo, Security Research Team Leader, FireGlass

The technologies around protecting top classified military grade networks goes far beyond traditional security practices like firewalls, proxies, IPS and advanced endpoint protection. This session will share and demo experiences building military grade solutions like real air-gapped and transparent networks, one-way communication, shadow services, visual only modes and how one can use them today.

10:20 a – 11:10 a | Wednesday Track Session 3 | West 3014 | TV-W04
RSAC Studio: Embracing and Extending Kids’ Curiosity to Inspire Future Professionals
Michael Kaiser, Executive Director, National Cyber Security Alliance; Pete Herzog, Managing Director, ISECOM

We expect kids today to use technology yet not know how it works. We need to teach them how to enjoy taking control of their gadgets and inspire future cybersecurity rock stars. 10:20: The Awesome Truth about Hackers; Pete Herzog; 10:50: Attracting a New Generation of Cybersecurity Professionals; Michael Kaiser

11:30 a – 12:20 p | Wednesday Track Session 4 | West 2016 | PNG-W05
How the USG’s Rule for Intrusion Software Will Kill Global Cybersecurity [Panel]

In seeking to prevent the sale of surveillance tools to oppressive regimes that use technology to commit human rights abuses, the Commerce Department announced a new proposal for implementing of the Wassenaar Arrangement export controls. Panelists discuss the proposed rule, the potential costs to U.S. industry and global cybersecurity if the rule is implemented, offering more sound alternatives.
Moderator: Catherine Lotrionte, Professor, Georgetown University
Panelists: Cheri McGuire, Vice President, Global Government Affairs & Cybersecurity Policy, Symantec Corporation; Chris Boyer, Assistant Vice President, Global Public Policy, AT&T Services, Inc.; Eric Wenger, Director for Cybersecurity & Privacy, Cisco Systems; Ian Schneller, Executive Director, Global Cyber Partnerships and Government Strategy, JPMorgan Chase

11:30 a – 12:20 p | Wednesday Track Session 4 | South The Viewing Point at Gateway | SBX3-W05
Sandbox: Cryptoparty: tuTORial — Learn How to Use TOR to Be Anonymous Online
Runa Sandvik, Privacy and Security Researcher

The avalanche of disclosures in recent years has made it clear that encryption is the way forward for those who wish to protect their data and their communications. This presentation will take a look at Tor and how the tool allows users to be anonymous online. This presentation will also discuss how you can build an enterprise onion site (like Facebook) and better support users of the Tor network.

11:30 a – 12:20 p | Wednesday Track Session 4 | West 2001 | HUM-T10R
300+ Cities, Millennials and a Mobile Workforce: A Security Gauntlet
Samantha Davison, Security Program Manager, Uber

The words that strike fear in most security practitioners: internationalization, millennial, mobile, fierce “at all costs” culture. This is what we were faced with at Uber. Using a combination of a gamified learning program, outside-the-box ideas, and department and culturally focused training, we were able to build a secure workforce. Learn how to take on these challenges and lessons learned.

02:10 p – 03:00 p | West 2004 | CXO-W05F
Focus-on: How to Prepare for Cybersecurity in 2020: A Panel Discussion (Focus-On) [Panel]

Continue the How to Prepare for Cybersecurity in 2020: A Panel Discussion in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented. This session is limited to 50 attendees. Adding a session to your Schedule does not guarantee you a seat. Admission to this session is on a first come, first served basis.
Moderators: Betsy Cooper, Executive Director, UC Berkeley Center for Long-Term Cybersecurity; Steve Weber, Professor, UC Berkeley School of Information
Panelists: Marc Goodman, Founder, Future Crimes Institute; Martin Giles, Partner, Former Writer, The Economist and Partner, Wing Venture Capital; Sameer Bhalotra, CEO, StackRox

02:10 p – 03:00 p | South The Sandbox-ICS Stage | SBX-W09
Sandbox: Industrial Cyberthreats: The Kaspersky Lab View
Andrey Nikishin, Special Projects Director, Kaspersky Lab

Since Stuxnet we have registered a growing number of cybersecurity incidents in the industrial environment. In this presentation we will share the data collected, analyze some examples of attacks on the industrial environment, provide some forecasts for the future development of industrial cyberthreats and discuss possible solutions for mitigating the risk of cyberincidents.

02:10 p – 03:00 p | West 2017 | P2P2-W09
P2P: Effective (or Ineffective…) Methods of Managing Third-Party Risk
Corey Epps, Senior Director, Information Security, CVS Health

Most organizations today rely on their third parties. Recent studies show 84% of healthcare companies share sensitive data with third parties. Given the rise of cybercrime, identity theft, regulations and contractual requirements where companies must comply, the management of third parties is paramount now more than ever. Come discuss what methods others use to manage risk in third parties.

03:20 p —4:10 p | West 2014 | FON1-W13
Focus-on: End Island Hopping Hackers’ Vacation in Your Information Supply Chain
Ed Cabrera, Vice President of Cybersecurity Strategy, Trend Micro; Tom Kellermann, Chief Cybersecurity Officer, Trend Micro

Forget spear phishing—hackers are now focused on weaknesses across the entire information supply chain of publicly traded multinationals, including cloud hosting providers, PR agencies and other sources of market intelligence. Join this session to explore the latest island-hopping tactics and learn advanced strategies for managing the systemic risk within the modern information supply chain. Continue this conversation in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented.

03:20 p – 04:10 p | South The Sandbox-IoT Stage | SBX1-W13
Sandbox: Hacking IoT: Why Security in IoT is Failing (and how to fix it!)
Ted Harrington, Executive Partner, Independent Security Evaluators

Utilizing case study analysis of attack anatomies, this session will explore the fundamental security shortcomings that plague the IoT industry and articulate how to resolve those problems. Data and outcomes from both IoT Village in particular as well as the broader research community are analyzed in order to present actionable guidance.

04:30 p – 05:20 p | West 2018 | FON3-W16
Focus-on: How Infosec Maturity Models Are Missing the Point
Jack Jones, EVP Research & Development, RiskLens

Infosec maturity models abound, and although they provide some value, they completely ignore fundamental elements that ultimately determine whether an infosec program is mature—or not. This session will explore what those missing elements are, why they are so critical, how to gauge maturity in those dimensions, and the steps you can take to help make your organization more mature. Continue this conversation in a smaller group discussion and Q&A with the presenter. This session will be discussion based—no new slides will be presented.