Meeting New People, Supporting The Community, And Paying It Forward At RSA Conference


ITSPmagazine coverage, podcasts, webcasts, articles, and all our happenings during RSA Conference 2019 will be made possible by the generosity of our sponsors. We are ever so grateful for your support.

Have a story to share and want to join us for the journey? We invite you to discover the benefit of the full coverage sponsorship and let us know if you are interested in joining us for our adventures. We look forward to another exciting conference.

By Rick McElroy

I am super excited about RSA Conference 2019 for a number of reasons.

One is for the cheap, shameless plug that Gary Hayslip and I had a talk accepted!!!! We have been at this a long time and it's been a goal for a while to get a talk accepted at RSAC. Join us Friday for “Why the Role of the CISO Sucks and What We Should Do About It.”

Interested in learning more? Listen to our podcast with Marco Ciappelli and Sean Martin to get a sneak peak at what we will be talking about.

But that’s not the only reason to be excited. Every year I get to see a ton of my friends. We are all in the same four-block radius at most times and, trust me, the only other time that happens is ... Black Hat and DEFCON. It’s not only a great way to get excited for the hard year ahead but also a great chance to actually have some time with people you care about that help make a difference for each other. There are so many opportunities to meet people.

Is there someone you heard speak and wanted to say hi to? Awesome — hit them up. Don’t be afraid to introduce yourself. In my experience, there are only a handful of people who won’t give time back to someone in the community. Take on a cool goal like meeting just five new people; or, perhaps, use it as an opportunity to meet people in a similar role in a similar company. They are probably dealing with the same issues. Get your teams together with theirs. Use events like these to not only learn, but also to build a network.

As always, I look to conferences to help me learn and hone my skills. I love going and listening to the latest research and talks. I always hope to see some talks that are “different.” What do I mean by different? New topics are a great place to start. Unique spin on an old topic. Excellent speaker I can learn from. Talks that separate themselves from the noise. Someone or a team with interesting things to say always piques my interest.

Here is a list of a few of the session that caught my eye that I will be attending.

I had the pleasure of meeting Paula Januszkiewicz at Black Hat Europe last year and it’s really cool to see that she has a talk. Always love to invest in my red team roots and am looking forward to this one!

Top 10 Ways to Make Hackers Excited: About the Shortcuts Not Worth Taking

Tuesday, March 5, 11:00 – 11:50 AM | South Stage

Speaker: Paula Januszkiewicz

Paula is the Founder and Chief Executive Officer of CQURE Inc. and CQURE Academy. She is Enterprise Security MVP, honorable Microsoft Regional Director for CEE and a world-class cybersecurity expert, consulting customers around the world. She is a top speaker at conferences including Microsoft Ignite, RSA Conference, Black Hat 2018 USA and Gartner Security Summit. Her presentations gather thousands of people.

Januszkiewicz has 15 years of experience in cybersecurity, performing penetration tests, architecture consulting, trainings and seminars. She has performed hundreds of security projects, including those for governmental organizations and big enterprises. She also creates security awareness programs for various organizations and top management. What is more, she has access to a source code of Windows!

I know over the last twenty years I have constantly had to adapt my education and awareness programs and often, when speaking with peers, we believe there has to be a better way. After all, have we achieved the results we have wanted after all of this time telling people not to click on links?

Ira Winkler has done this for 30-plus years. Really interested in this talk.

Lessons Learned from 30+ Years of Security Awareness Efforts

Tuesday, March 5, 3:40 – 4:30 PM | South Stage

Speaker: Ira Winkler
Ira Winkler, CISSP, is President of Secure Mentem and Author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals and named a modern-day James Bond by the media, and was named “The Awareness Crusader” by CSO Magazine in receiving their CSO COMPASS Award. He has designed and implemented and supported security awareness programs at organizations of all sizes, in all industries, around the world. He performs espionage simulations, where he physically and technically breaks in the largest companies in the world, investigating and offering cost-effective prevention.

I’ve seen Ann present a number of times and I am super interested in what MS has to say about this. OS manufactures and people who write the binaries that we all use have a big role to play in our lives. Always wanted to hear what they have to say during her Wednesday keynote.

Wednesday, March 6, 10:30 – 10:55 AM | West Stage

Speaker: Ann Johnson
As Corporate Vice President of the Cybersecurity Solutions Group at Microsoft, Ann Johnson oversees the go-to-market strategies of cybersecurity solutions for one of the largest tech companies on our planet. As part of this charter, she leads and drives the evolution and implementation of Microsoft’s short- and long-term security solutions roadmap with alignment across the marketing, engineering and product teams. Prior to joining Microsoft, her executive leadership roles included Chief Executive Officer of Boundless Spatial, President and Chief Operating Officer of vulnerability management pioneer Qualys, Inc., and Vice President of World Wide Identity and Fraud Sales at RSA Security, a subsidiary of EMC Corporation.

This one is interesting. I am always looking to shrink the attack footprint and am always interested in big community efforts; plus Intuit is in my home town. :)

All Hands on Deck: An Industry-Wide Movement to Shrink the Attack Surface

Thursday, March 7, 4:00 – 4:25 PM | West Stage

Speaker: Pat Gelsinger
Pat Gelsinger has been serving as Chief Executive Officer of VMware since September 2012, nearly doubling the size of the company during his tenure. He brings more than 35 years of technology and leadership experience.

Before joining VMware, Gelsinger led EMC’s Information Infrastructure Products business as President and Chief Operating Officer. A respected IT industry veteran, he was at Intel for 30 years becoming the company’s first Chief Technology Officer and driving the creation of key industry technologies including USB and WiFi. He led Intel to be the dominant supplier of the microprocessor—while in the significant role as the architect of the original 80486 processor.

Speaker: Shannon Lietz
Shannon Lietz is an award-winning innovator with decades of experience pursuing advanced security defenses and next-generation security solutions. Lietz is currently the DevSecOps Leader for Intuit where she is responsible for setting and driving the company’s DevSecOps and cloud security strategy, roadmap and implementation in support of corporate innovation. She operates a 24x7 DevSecOps team that specializes in adversary management. Prior to joining Intuit, Lietz worked for ServiceNow where she was responsible for the cloud security engineering efforts and Sony where she drove the implementation of a new secure data center. Lietz has experience leading crisis management large-scale security breaches and restoration of services for several Fortune 500 companies.

Here’s a couple Learning Labs the grabbed my eye.

I love democracy. I love freedom. Will for sure be checking this one out.

Defending Digital Democracy: How Security Professionals Can Help

The 2016 and 2018 elections showed that digital threats to democracy are multiplying. Take a crash course on how officials across the US are securing elections by joining a simulation of 2020 under attack. Tables work together to defeat cyber and info ops. This interactive lab will end with an after-action review and tangible steps participants can take to make elections more secure.              

Jordan D’Amato, Executive Director, Defending Digital Democracy Project (D3P), Belfer Center, Harvard
Mari Dugas, Project Coordinator, Cyber Security Project and D3P

Threat Hunting….Clouds….sign me up!

Threat Hunting across Thousands of Multicloud Workloads

How do you know if your public-cloud environments are really safe? Based upon the latest research from the RedLock Cloud Security Intelligence Team this session will present tactics and tools for threat hunting across multiple public cloud environments. Get your hands dirty capturing the flag and learn the most effective countermeasures.

Gaurav Kumar, CTO, RedLock
Matthew Chiodi, Chief Security Officer, Public Cloud, Palo Alto Networks

Given Gary’s and my talk and our work to make all of us happier and healthier, I will for sure be checking this one out.

Mental Health in Cybersecurity: Preventing Burnout, Building Resilience

Mental health is a key element in the human factor, and directly impacts the way in which cybersecurity professionals function in their daily work. This session will cover the psychosocial stressors unique to cybersecurity, discuss burnout and identify management mechanisms. Attendees will learn how to build the foundations for mental resilience, for use in their workplace.   

Facilitator: Ryan Louie, Psychiatrist, Foundation Physicians Medical Group, Inc.

This is all for now but I am sure as we move closer I will add more amazing talks to my list. If you need an easy person to hit up to include on your list, I am sure I won’t be too hard to find. Looking forward to meeting some of you there!
— Rick

Looking for more itineraries on the road to RSA Conference 2019?

You're in luck! We have many more to share with you. Go on, check them out!

Have one to share? Let us know!

About Rick McElroy

Rick McElroy .jpg

Rick McElroy, Head of Security Strategy for Carbon Black has 20 years of security experience educating and advising organizations on reducing their risk posture and tackling tough security challenges. He has held security positions with the U.S. Department of Defense, and in several industries including retail, insurance, entertainment, cloud computing, and higher education. McElroy’s experience ranges from performing penetration testing to building and leading security programs. He holds is currently a certified CISSP, CSIM, and CRISC. As a United States Marine, McElroy’s work included physical security and counterterrorism services. His current role takes him all over the world working with organizations to improve their security strategies and speaking on security and privacy.

Find Rick on LinkedIn
Find Rick on Twitter