As you likely know, RSA Conference is one of the largest and most comprehensive security events held each year. Choosing which sessions to attend and how to prioritize your time can be a big job.
At Threat Stack, we have SecOps on our minds big-time, so in this post we put together a list of related sessions that we think are absolutely can’t-miss.
Before you start reading, however, make a note to join us at Booth #S2504 to meet with one of our experts for tips on how to Secure the Strange Things Happening in Your Cloud!
1. Seminar: DevOps Connect: DevSecOps
When & Where: April 16, 2018 | 9:00 AM – 5:00 PM | Moscone South 308 DOC
What It’s All About: In the past few years, security integration within the DevOps pipeline has given rise to the idea of DevSecOps. Once seen as the bottleneck and inhibitor of the development and deployment process, security has become an integral part of the movement towards automation and the removal of manual oversight enforcement. As stated in the DevSecOps Manifesto, “We must adapt our ways to ensure data security and privacy issues are not left behind because we were too slow to change.”
Threat Stack’s Take: This day-long seminar will feature dozens of speakers on the topic of how to marry your development, operations, and security processes in a way that will accelerate and protect your organization.
2. Seminar: Security’s Role in GDPR Compliance
When & Where: April 16, 2018 | 1:00 PM – 5:00 PM | Moscone North 20 IAPP
What It’s All About: Hopefully you’ve heard by now: The GDPR is the biggest piece of privacy legislation the world has seen in decades. Due to its broad territorial scope, anyone doing business with Europeans must abide by its mandates and understand its compliance obligations. That means security, too. It may be a “data protection” law, and the focus of many privacy professionals, but the law mentions “security” 53 times over the course of 100 pages. Not only does the GDPR introduce for the first time an EU-wide concept of “appropriate security,” but it also brings data breach notification continent-wide. Will you be ready to notify authorities within 72 hours of discovering a breach? In this half-day workshop, the IAPP brings you the sharpest minds to not simply explain what the law says, but to help you understand how to operationalize it.
Threat Stack’s Take: Not too many businesses will be able to get away with completely ignoring the new GDPR regulations, so it’s a good idea to be informed and prepared for the May 25, 2018 implementation deadline. This half-day seminar will go deep on what you need to know to take a proactive approach to GDPR. Don’t wait till the last minute!
Speaker(s): Former CISO of Bloomberg
When & Where: April 17, 2018 | 11:40 AM – 12:00 PM | South Expo Briefing Center
What It’s All About: How do you simplify your security architecture without throwing out security tools or flattening the network? How do you keep your network team happy by improving network performance and reducing outages while also becoming more secure? And, how do you spend less yet get more? This session with the former CISO of Bloomberg will share what he wished he’d discovered earlier in his security career.
Threat Stack’s Take: We always love to hear from practitioners about what it’s like in the real world of security and especially SecOps. We expect this to be a strong mix of tactical and strategic advice, and a can’t-miss session for anyone tasked with balancing spend and results when it comes to security.
Speaker(s): Grant Bourzikas, CISO and VP of McAfee Labs Operations; Chatelle Lynch, Chief Human Resources Officer at McAfee
When & Where: April 17, 2018 | 1:00 PM – 1:45 PM | Moscone North 20
What It’s All About: Security talent isn’t scarce, innovation is. As security professionals, we’re focused on a talent shortage crisis, but the focus should be on talent efficiency. This session will provide building blocks for growing the cybersecurity innovation pipeline and opportunities for partnering with the business to achieve security program outcomes.
Threat Stack’s Take: Every organization that takes security seriously has butted up against the talent crunch. In this class, two leaders at McAfee will explain how to maximize the value of the talent you do have on board and take advantage of other resources out there (like our Cloud SecOps Program℠) to get the extra help you need to meet your security goals and achieve innovation.
Speaker(s): James Routh, CSO, Aetna
When & Where: April 17, 2018 | 1:00 PM – 1:45 PM | Moscone West 2005
What It’s All About: This session will explore five to seven different implementations of models (machine learning) that drive frontline security controls and what the journey was like in the implementation. The implementation approach started out as a “Big Data for security” program and resulted in six other independent implementations of machine learning driving frontline security controls that have talent implications.
Threat Stack’s Take: Often it feels as though the hype of machine learning has truly outpaced real-world technologies and implementations. In this classroom-style talk, the CSO of Aetna will discuss the way machine learning is working in security right here, right now, and explain how even smaller businesses can take advantage. He’ll also take a look at where the technology is headed in the future. It promises to be an engaging talk!
Speaker(s): Aaron Rinehart, Chief Enterprise Security Architect, UnitedHealth Group and Dr. Chenxi Wang, Founder, The Jane Bond Project
When & Where: April 19, 2018 | 8:00 AM – 8:45 AM | Moscone South 208
What It’s All About: This session will look at the DevOps security practics from three large companies including United Health. From a centralized registry, to decentralized API gateways, to native security controls with orchestrators, these different strategies integrate security into the DevOps toolchains at various points. The talk will analyze their commonalities and recommend a set of building blocks for DevOps security.
Threat Stack’s Take: Sometimes the conversation about SecOps gets stuck up in the clouds. But it’s important to get back down to earth and look at specific toolchains that can make integrating security into DevOps not only possible, but successful as well.
7. Class: Building a Data-Driven Security Strategy
Speaker(s): Gabriel Bassett, Senior Information Security Data Scientist, Verizon
When & Where: April 19, 2018 | 8:00 AM – 8:45 AM | Moscone South Esplanade 157
What It’s All About: Strategy adds vision to security spending beyond the news of the day. This talk will focus on data-driven security strategy from CISO to engineer. We’ll examine how it can be linked to the organization’s mission, then look at various strategy options, finishing with an end-to-end example. You’ll leave able to minimize friction in your organization and more efficiently use your limited resources.
Threat Stack’s Take: It’s easy to get caught up in the headlines and start believing that the latest zero-day is where you should be focusing your security energies. But the reality is often much more mundane, and looking at the data can help you take a clear look at where to focus your limited security resources.
8. Class: Dos and Don’ts of DevSecOps
Speaker(s): Hasan Yasar, Technical Manager, CERT Division at Software Engineering Institute, Carnegie Mellon University
When & Where: April 20, 2018 | 9:00 AM – 9:45 AM | Moscone South 208
What It’s All About: DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.
Threat Stack’s Take: It’s important to go deep on what we mean when we talk about DevSecOps (or SecOps — same idea!) After all, how are we going to achieve the holy grail of all businesses adopting DevSecOps if we can’t even agree on what it means and how to do it right. This should prove to be a useful session exploring key principles, common pitfalls, and how to apply CI/CD methodologies to security.
Thanks for reading, and we hope to see you at RSA Conference!
You can also follow along with our Twitter @threatstack, where we’ll be posting about sessions and insights in real-time during the show.