Thom’s Tremendously Titillating Tour to Tirelessly Train Towards The Tactical Triumph


ITSPmagazine coverage, podcasts, webcasts, articles, and all our happenings during RSA Conference 2019 will be made possible by the generosity of our sponsors. We are ever so grateful for your support.

Have a story to share and want to join us for the journey? We invite you to discover the benefit of the full coverage sponsorship and let us know if you are interested in joining us for our adventures. We look forward to another exciting conference.

By Thom Langford

OK, so I admit I spent more time working on the title than I did this particular text that you are reading, but hey, one has to Typically Try, right?

RSAC 2019 will be a first for me in that I am representing myself, not expensing my trip on the company’s dime. I am attending, in part, to the generosity of ITSPmagazine, and all I have to do in return is type out a few words for them. After reading the above title, I can already see them regretting their decision.

Hear more from Thom in this Unusual Gathering podcast about Advertising, Branding, Marketing, and Privacy in the Cyber Society.

I often attend RSAC without a solid itinerary, getting a lot of value of the “hallway track” and the multitude of events that are thrown in and around the city during the conference proper. However, since I now have some of my personal cash invested in this trip (I am staying in an AirBnB with a shared bathroom, for goodness sake — oh the humanity!), it is probably wise to get at least some kind of structure together. To wit:

The Sessions

HUM-T06: Humans Are Awesome at Risk Management

Tuesday, March 5 | 11:00 - 11:50 AM

Speaker: Andy Ellis, CSO, Akamai Technologies

Humans are horrible at risk management! Have you seen the news about Florida Man? How are we even still around? And yet, we are still around. Humans are awesome at risk management; we’re now the dominant species on the planet. Why? How? Explore humanity’s advantages in making rapid, generally correct risk choices.

Learning Objectives:
1: Understand how risk choices that appear unreasonable from the outside may not be.
2: Learn how to identify the hidden factors in someone’s risk choice that most influence it.
3: Find out how to help guide people to risk choices that you find more favorable.

ID-T07: Studies of 2FA, Why Johnny Can’t Use 2FA and How We Can Change That

Tuesday, March 5 | 1:00 - 1:50 PM

Speakers: L Jean Camp, Professor, Indiana University & Sanchari Das, Doctoral Researcher, Indiana University

Why do people fail to adopt 2FA? Reasons for resistance include usability, acceptability and risk perception. What usability failures stop enrollment? What are common avoidance behaviors and their motivations? What type of interactions can mitigate these? The presentation will include methods and tools to evaluate sources of resistance as well as strategies and resources to change these.

CXO-T09: How to Manage and Understand Your Human Risk

Tuesday, March 5 | 3:40 - 4:30 PM

Speaker: Lance Spitzner, Director, SANS Institute

CISOs are realizing that cybersecurity is more than just technology, it's about managing human risk. An effective approach to managing human risk is a mature awareness program. However, many CISOs do not understand what a successful program looks like or struggle to enable one. This talk will provide CISOs a roadmap and concrete examples of how to define success and the path to get there.

Learning Objectives:
1: Learn how to communicate the goals/objectives of your awareness program and the value to the org.
2: Understand how to leverage a maturity model to identify where the program is, where to go and how to get there.
3: Identify the key traits and skills that make a highly effective awareness officer.

KEY-R02S: Burnout and You: Fireside Chat with Dr. Christina Maslach

Thursday, March 7 | 8:00 - 8:50 AM

Speakers: Christina Maslach, Professor of Psychology, Emerita, University of California, Berkeley & Josh Corman, CSO, PTC

More attention is focused ensuring a nearly infallible security posture, and little on security teams. Become hyperaware of the impact of stress, and the fallout that leads to profound industry issues like burnout and toxicity. Renowned expert Dr. Maslach provides an understanding of stress in other industries and applies it to cyber. And gives guidance on championing wellness in your organization.

CXO-R11: The Fine Art of Creating a Transformational Cybersecurity Strategy

Thursday, March 7 | 2:50 - 3:40 PM

Speakers: Jinan Budge, Principal Analyst, Forrester Research &
Andrew Rose, Chief Security Officer, Vocalink, a Mastercard Company

Your board looks to you to transform security to match your firm’s digital reinvention. Join this session with analyst Jinan Budge of Forrester and CSO Andrew Rose of VocaLink to learn how to (1) create a strategic and transformational security program, (2) document that strategy and (3) present it to the board to get resources, and turn it into outcomes that better protect your firm and its customer.

Learning Objectives:
1: Learn how to be a strategic security leader.
2: Understand how to create a strong strategy document and how to present it to the board to get resources.
3: Utilize the six keys to prioritize security efforts and drive security transformation.

PROF-F01: Five Secrets to Attract and Retain Top Tech Talent in Your Future Workplace

Friday, March 8 | 8:30 - 9:20 AM

Speaker: Laurie Battaglia, CEO & Workplace Strategist, Aligned at Work

High demand and rising compensation have put the cybersecurity industry under increasing pressure to attract and retain high performers. Turnover can cost you money and high levels of risk. How can you prevent top talent from jumping to your competition? Leaders play a key role in keeping people satisfied and engaged. Learn proven ways to keep your professional team thriving at work.

Learning Objectives:
1: Learn five key areas where people focus when deciding to stay or go at their current employer.
2: Know current statistics and stories that determine what people want in their workplace and career.
3: Walk away with practical steps you the leader can take to connect and engage with team members.

PROF-F02: Why the Role of the CISO Sucks and What We Should Do to Fix It!

Friday, March 8 | 9:50 - 10:40 AM

Speakers: Gary Hayslip, Vice President, CISO, Webroot &
Rick McElroy, Head of Security Strategy, Carbon Black

The role of CISO is an ever-slogging fight at times to implement security, reduce risk and train employees on basic security hygiene principles. The job tends to eat at security executives with its high stress and career risk, plus the role itself is still maturing. So what is a CISO to do? Who would want this type of job? Let’s talk about some ideas on how to help our peers thrive in this role.

Learning Objectives:
1: Understand the role of the CISO and its strategic importance to the business.
2: Learn about the stresses, risks, hostile opposition and ambivalence CISOs face daily in their jobs.
3: Learn about initiatives from peers on managing the stress and turmoil as a CISO and be successful.

DevOps Wine0ing (Not Whining) Cocktail Party

Information Security Magazine Breakfast Briefing (I’m checking out the competition, boss, honest!)

Threat Modeling Brunch with IriusRisk

Security Blogger Awards (is it still on this year?)

This is my first cut of the agenda, and I reserve the right to not attend these and attend others, especially if some of my friends, colleagues, old drinking buddies and interesting random strangers turn up. Because that is what RSAC is really about: meeting, networking and swapping ideas and opinions in real time.

The educational element is excellent of course, but it is rare that they will address exactly the problems you are facing day to day. You will learn something, you will expand your knowledge and you will take fantastic advice away with you, but it is rare that you will get an hour face-to-face with the speaker. Taking the opportunity to really network and chew the fat with your old chums, as well as new ones, is an invaluable way of really focusing your efforts.

Of course I have some specific goals (remember my reason for staying in the Airbnb?): I will be networking to find potential consulting work in the future, looking for NED or advisory positions, and seeing what is coming on the horizon. Meeting my old boss and mentor, my old deputy, old workmates, a multitude of other pals, even the guy who reckons he is the sole founder of Host Unknown (when everyone knows that is me), is just icing on the cake. I am definitely looking forward to catching up with the person who said I could use their hotel room bathroom, too.

It's going to be a long, endless week, but I do know that I will come back with more knowledge, more passion, more energy and more excitement for our industry than ever before.

Tremendously Titillating indeed….

Looking for more itineraries on the road to RSA Conference 2019?

You're in luck! We have many more to share with you. Go on, check them out!

Have one to share? Let us know!