You’ve reached the point in your #infosec career where you get a full conference pass to RSA. Not coincidentally, this means you are now so busy every day that you don’t have the time to preview the RSA full conference schedule to map out interesting talks.
If you fail to get that prep work done, you can cheat by looking at my list — I had chosen these for my own reasons (each of which is explained below), and only a few of them conflict with each other.
9:15 a.m. PST — The Cryptographers’ Panel
Cryptography is only a small corner of the larger infosec landscape today, but this talk is always a great opportunity to witness conversation about controversial surveillance and privacy issues and just plain cryptogeekery from the giants of the field. The past two previous years were particularly dramatic; Whitfield Diffie publicly grieved for his recently departed wife, and Adi Shamir was unable to attend the conference named after him due to US visa issues and had to attend by video! Anyway, I always attend the cryptographers’ panel.
11 a.m. — Shodan 2.0: The World’s Most Dangerous Search Engine Goes on the Defensive
Moscone West HT-T08
There’s a saying about a blade cutting both ways. Here’s a talk about using what was traditionally considered an “offensive” security search engine in a defensive way. In recent years, there’s been an interest around Shodan being used to map the OT/ICS environment, so I’m hoping to see some of that at this talk, too.
1 p.m. — Privacy: What Customers Want, Why Security Should Care and What To Do Next
Moscone West EZCL-T10
What if someone surveyed 80,000 customers and derived what they really wanted with regards to privacy? That would be some good data and would make for an amazing talk, right? Forrester’s Laura Koetzle will be there to lead small groups to work together to apply the lessons from this research to their own organizations.
1 p.m. — Frameworks, Mappings and Metrics: Optimize Your Time as CISO or Auditor
Moscone West CX0-T10
If CISOs really do spend half their time on compliance activities, wouldn’t it be nice to be able to de-dup some of the repetitive tasks and build some good metrics at the same time? Note that this talk time conflicts with the earlier one.
2:20 p.m. — SOC Metrics: Discovering the Key to SOC Nirvana
Moscone West AIR-T11
“You can’t manage what you can’t measure.” The speaker hopes to take Peter Drucker’s adage and apply it to security operations center management. I’m particularly interested in the speaker’s treatment of metrics around analyst skill development.
8 a.m. — Entropy as a Service: A Framework for Delivering High-Quality Entropy
Moscone West ACB-W01
Entropy quality has always been the dirty secret of cryptography, so of course one solution would be to provide it as a service. I’ve been interested in that idea for years and, in fact, still own the domain RNGaaS.com though never did anything with it because I’m a classic underachiever. Maybe what is needed is “achievement-as-a-service.”
12 p.m. — augmented intelligence certification Security and Privacy Legal Threats and Opportunity
Moscone West LAW-W07
That fact that Winn Schwartau is on this panel was enough to gain my interest. The discussion looks to include a lively set of topics around AI, robots, disasters, and lawyers. Hey, that sounds like it could be a great broadway musical! The next Hamilton could be a singing robot!
1:30 p.m. — The Network Is Going Dark: Why Decryption Matters for SecOps
Moscone West ACB-W09
The shadow of cryptography falls across this list again. Here’s a discussion on how TLS 1.3 might impact network monitoring. All modern browsers support forward secrecy already, and 98% of internet servers prefer it, so the idea of decrypting this “uncrackable” crypto already has value even before TLS 1.3 becomes mainstream.
2:50 p.m. — All That Glitters? Debunking Fool’s Marketing of ML and AI
Moscone West MLAI-W11
As an analyst, I hear claims of AI/machine learning all day long, like it’s a deus ex machina to address every difficult problem a vendor might run into. In my dreams, this talk will be about how to ask questions that could differentiate truth from falsehood. We’ll see.
2:50 p.m. — API Security Exposure for Gift Card Fraud: A 15-Year-Old’s Guide
Moscone West HT-W11
I don’t know about you, but when I was 15, I was pretty much a complete idiot. I was not giving talks about API security exposure at the world’s biggest security conferences. But this kid is, and if for no other reason, I hope to be there to cheer him on. The topic looks goods, too! Note: This conflicts with the previous talk.
4:10 p.m. — Cyber-Litigation 2020: Recent Cases in the Courts and Agencies
Moscone West LAW-W13
The docket for this session will include cyberinsurance, cyberconflict,…