This year's RSA Conference in San Francisco is jam-packed with opportunities to gain timely information security advice. When it comes to picking sessions to attend, there's a wealth of great-looking options. And I'm not just talking about the closing keynote featuring "30 Rock" star Alec Baldwin.
To help you prioritize, triage and hone your RSA agenda, here's my short list of some of this year's must-see sessions. (Warning: This list remains in-progress, subject to change, and filled with talks which, maddeningly, overlap. But on the upside, many of the keynotes, at least, can be viewed from multiple sites around the conference center, as well as via the RSA Conference website.
Tuesday, April 21
- Escaping Security's Dark Ages (8 a.m.): New RSA President Amit Yoran kicks off the conference with his keynote speech.
- Security on Offense (9:20 a.m.): The rule in information security has long been that hackers play offense, and organizations play defense. But Christopher Young, senior vice president and general manager of Intel Security Group, asks if those rules can be changed.
- The Cryptographers' Panel (9:50 a.m.): Hear a discussion about the latest advances and revelations in cryptography from some of today's top cryptographers, including Adi Shamir - who keynoted the Black Hat 2014 conference in Amsterdam, detailing how drones could be used to circumvent air-gapped networks - as well as Paul Kocher, Ed Giorgio, Ronald Rivest and Whitfield Diffie.
- Jeh Charles Johnson, DHS (10:40 a.m.): Hear from the fourth Secretary of Homeland Security.
- The Evolution of the Cybersecurity Trifecta (1:10 p.m.): A discussion for the C-suite about ensuring your CSO, CIO and CISO work better together.
- The Six Most Dangerous New Attack Techniques, and What's Coming Next (2:20 p.m.): Three of today's smartest information security thinkers - Michael Assante, Ed Skoudis, and Johannes Ullrich - provide insights.
- Security in an Age of Catastrophic Risk (3:30 p.m. to 4:20 p.m.): Taking the risk-based approach to security that's long been recommended by information security experts - including Bruce Schneier, who's running this session - has historically meant devoting the greatest number of your scarce resources to guarding against the most likely and damaging threats. But these days, organizations are facing an array of quite low-probability, yet high-damage attacks. How must they respond?
- How to Avoid the Top 10 Software Security Flaws (3:30 p.m.): If more organizations would focus on mitigating the most common threats and flaws, their products and systems would be a lot more secure.
- Hacking Exposed: Beyond the Malware (4:40 p.m.): Threat-intelligence firm Crowdstrike's CEO and CTO detail latest-generation online attacks that don't employ malware, and how businesses must respond.
- Security and Privacy in the Cloud: How Far Have We Come? (4:40 p.m.): Former Gartner analyst - turned SANS Institute director - John Pescatore moderates a panel featuring Microsoft CISO Bret Arsenault, Bruce Schneier and Google's Eran Feigenbaum.
- Combating Cybercrime within your Organization (4:40 p.m.): Trend Micro's Tom Kellerman teams up with an FBI special agent to describe cyber-attack threats and defenses.
Wednesday, April 22
- How Secure Are Contactless Payment Systems? (8 a.m.): Contactless payment systems are widespread in Europe, and increasingly seen in the U.S. too. Of course, they're also integral for Apple Pay. But are they safe?
- Breach 360: How Top Attacks Impact Tomorrow's Laws, Litigation, Security (10:20 a.m.): Hear three top legal and information security experts pinpoint the biggest data-breach threats facing organizations today, as well as how to mitigate them. (This is a plug for a panel I'm running, so be sure to join us and say hello.)
- Quantitative Security: Using Moneyball Techniques to Defend Corporate Networks (3:30 p.m.): Applying big data techniques to sift through large amounts of data and discern attack trends has long been an information security goal. This discussion from Symantec's Amit Mital will likely outline what's possible today, and what isn't yet within our grasp.
- The Second Machine Age (3:50 p.m.): Andrew McAfee, a principal research scientist at MIT and fellow at the Berkman Center for Internet and Society at Harvard, offers a big-picture looks at the promises and challenges inherent in the "science fiction technologies made real" to which we now have access.
Thursday, April 23
- Drones: All Abuzz with Privacy & Security Issues (8 a.m.): Drones offer great promise for numerous applications - from mapping to physical security - but how do we manage the potential for pervasive aerial surveillance?
- Threat Intelligence is Dead. Long Live Threat Intelligence! (9:10 a.m.): Threat intelligence was one of the hot topics at RSA 2014. One year later, however, organizations still face big challenges when it comes to turning log data and threat feeds into actionable information, never mind attempting to set systems to automatically put that information to work to better defend corporate networks.
- POSitively Under Fire: What are Retailers Facing? (10:20 a.m.): Breaches involving retailers' point-of-sale systems appear to just keep escalating.
- Full Disclosure: What Companies Should Tell Investors About Cyber Incidents (10:20 a.m.): When it comes to U.S. Security and Exchange Commission regulations, as well as smart business strategy, the answer to how much businesses should disclose about data breaches continues to evolve.
- Security in an Age of Catastrophic Risk (11:30 a.m.): Second chance to see Bruce Schneier's talk.
- Renewing the Patriot Act (1 p.m.): This promises to be a must-see debate - on surveillance, terrorism and privacy - featuring James Lewis of the Center for Strategic and International Studies, Schneier, as well as Congressman Mike Rogers, the former chairman of the House Permanent Select Committee on Intelligence.
Friday, April 24
- Top 10 Web Hacking Techniques of 2014 (9 a.m.): WhiteHat Security researchers detail attackers' favorite techniques so you can better defend against them.
- The Six Most Dangerous New Attack Techniques, and What's Coming Next (9 a.m.): Second chance to hear this presentation.
- Android Security: Data from the Front Lines (10:10 a.m.): Insights from Google's lead Android security engineer, Adrian Ludwig. Check your iOS devices at the door?
- Wargaming for the Boardroom: How to Have a Successful Tabletop Exercise (11:20 a.m.): When it comes to locking down networks and systems, many information security experts recommend vulnerability scans, code reviews, penetration testing as well as "deep think" exercises, where people dream up how they would attempt to "attack" their own organization.
- Game Consoles & Mobile Device Security: A Model for the Internet of Things (11:20 a.m.): How can we secure the Internet of Things? This session promises new insights.
- Mobile Security Shootout - Which Smartphones Are Up to the Task? (11:20 a.m.): The always-interesting Chet Wisniewski from Sophos gives today's smartphones a security shakedown.
- Hugh Thompson and Guests (1 p.m.): Come hear RSA program committee chairman Hugh Thompson glean insights from "executive coach" Srini Pillay, as well as put comedic star Alec Baldwin through his paces.
That's my take on some of the top sessions at this year's show. Now, what's on your short list?
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.