ITSPmagazine coverage, podcasts, webcasts, articles, and all our happenings during RSA Conference 2019 will be made possible by the generosity of our sponsors. We are ever so grateful for your support.
Have a story to share and want to join us for the journey? We invite you to discover the benefit of the full coverage sponsorship and let us know if you are interested in joining us for our adventures. We look forward to another exciting conference.
By Thom Langford
OK, so I admit I spent more time working on the title than I did this particular text that you are reading, but hey, one has to Typically Try, right?
RSAC 2019 will be a first for me in that I am representing myself, not expensing my trip on the company’s dime. I am attending, in part, to the generosity of ITSPmagazine, and all I have to do in return is type out a few words for them. After reading the above title, I can already see them regretting their decision.
Hear more from Thom in this Unusual Gathering podcast about Advertising, Branding, Marketing, and Privacy in the Cyber Society.
I often attend RSAC without a solid itinerary, getting a lot of value of the “hallway track” and the multitude of events that are thrown in and around the city during the conference proper. However, since I now have some of my personal cash invested in this trip (I am staying in an AirBnB with a shared bathroom, for goodness sake — oh the humanity!), it is probably wise to get at least some kind of structure together. To wit:
Tuesday, March 5 | 11:00 - 11:50 AM
Speaker: Andy Ellis, CSO, Akamai Technologies
Humans are horrible at risk management! Have you seen the news about Florida Man? How are we even still around? And yet, we are still around. Humans are awesome at risk management; we’re now the dominant species on the planet. Why? How? Explore humanity’s advantages in making rapid, generally correct risk choices.
1: Understand how risk choices that appear unreasonable from the outside may not be.
2: Learn how to identify the hidden factors in someone’s risk choice that most influence it.
3: Find out how to help guide people to risk choices that you find more favorable.
Tuesday, March 5 | 1:00 - 1:50 PM
Speakers: L Jean Camp, Professor, Indiana University & Sanchari Das, Doctoral Researcher, Indiana University
Why do people fail to adopt 2FA? Reasons for resistance include usability, acceptability and risk perception. What usability failures stop enrollment? What are common avoidance behaviors and their motivations? What type of interactions can mitigate these? The presentation will include methods and tools to evaluate sources of resistance as well as strategies and resources to change these.
Tuesday, March 5 | 3:40 - 4:30 PM
Speaker: Lance Spitzner, Director, SANS Institute
CISOs are realizing that cybersecurity is more than just technology, it's about managing human risk. An effective approach to managing human risk is a mature awareness program. However, many CISOs do not understand what a successful program looks like or struggle to enable one. This talk will provide CISOs a roadmap and concrete examples of how to define success and the path to get there.
1: Learn how to communicate the goals/objectives of your awareness program and the value to the org.
2: Understand how to leverage a maturity model to identify where the program is, where to go and how to get there.
3: Identify the key traits and skills that make a highly effective awareness officer.
Thursday, March 7 | 8:00 - 8:50 AM
Speakers: Christina Maslach, Professor of Psychology, Emerita, University of California, Berkeley & Josh Corman, CSO, PTC
More attention is focused ensuring a nearly infallible security posture, and little on security teams. Become hyperaware of the impact of stress, and the fallout that leads to profound industry issues like burnout and toxicity. Renowned expert Dr. Maslach provides an understanding of stress in other industries and applies it to cyber. And gives guidance on championing wellness in your organization.
Thursday, March 7 | 2:50 - 3:40 PM
Your board looks to you to transform security to match your firm’s digital reinvention. Join this session with analyst Jinan Budge of Forrester and CSO Andrew Rose of VocaLink to learn how to (1) create a strategic and transformational security program, (2) document that strategy and (3) present it to the board to get resources, and turn it into outcomes that better protect your firm and its customer.
1: Learn how to be a strategic security leader.
2: Understand how to create a strong strategy document and how to present it to the board to get resources.
3: Utilize the six keys to prioritize security efforts and drive security transformation.
Friday, March 8 | 8:30 - 9:20 AM
Speaker: Laurie Battaglia, CEO & Workplace Strategist, Aligned at Work
High demand and rising compensation have put the cybersecurity industry under increasing pressure to attract and retain high performers. Turnover can cost you money and high levels of risk. How can you prevent top talent from jumping to your competition? Leaders play a key role in keeping people satisfied and engaged. Learn proven ways to keep your professional team thriving at work.
1: Learn five key areas where people focus when deciding to stay or go at their current employer.
2: Know current statistics and stories that determine what people want in their workplace and career.
3: Walk away with practical steps you the leader can take to connect and engage with team members.
Friday, March 8 | 9:50 - 10:40 AM
The role of CISO is an ever-slogging fight at times to implement security, reduce risk and train employees on basic security hygiene principles. The job tends to eat at security executives with its high stress and career risk, plus the role itself is still maturing. So what is a CISO to do? Who would want this type of job? Let’s talk about some ideas on how to help our peers thrive in this role.
1: Understand the role of the CISO and its strategic importance to the business.
2: Learn about the stresses, risks, hostile opposition and ambivalence CISOs face daily in their jobs.
3: Learn about initiatives from peers on managing the stress and turmoil as a CISO and be successful.
DevOps Wine0ing (Not Whining) Cocktail Party
Information Security Magazine Breakfast Briefing (I’m checking out the competition, boss, honest!)
Threat Modeling Brunch with IriusRisk
Security Blogger Awards (is it still on this year?)
This is my first cut of the agenda, and I reserve the right to not attend these and attend others, especially if some of my friends, colleagues, old drinking buddies and interesting random strangers turn up. Because that is what RSAC is really about: meeting, networking and swapping ideas and opinions in real time.
The educational element is excellent of course, but it is rare that they will address exactly the problems you are facing day to day. You will learn something, you will expand your knowledge and you will take fantastic advice away with you, but it is rare that you will get an hour face-to-face with the speaker. Taking the opportunity to really network and chew the fat with your old chums, as well as new ones, is an invaluable way of really focusing your efforts.
Of course I have some specific goals (remember my reason for staying in the Airbnb?): I will be networking to find potential consulting work in the future, looking for NED or advisory positions, and seeing what is coming on the horizon. Meeting my old boss and mentor, my old deputy, old workmates, a multitude of other pals, even the guy who reckons he is the sole founder of Host Unknown (when everyone knows that is me), is just icing on the cake. I am definitely looking forward to catching up with the person who said I could use their hotel room bathroom, too.
It's going to be a long, endless week, but I do know that I will come back with more knowledge, more passion, more energy and more excitement for our industry than ever before.
Tremendously Titillating indeed….