Approximately 50,000 attendees descended on San Francisco’s Moscone Center April 16–20 for RSA Conference 2018. With cyberthreats on the upswing, this year’s theme of “Now Matters” was especially apt, and a wide range of keynotes, sessions, and courses covering cybersecurity today didn’t disappoint. In this post, we’ll recap some of the highlights in a day-by-day rundown of the most interesting sessions, keynotes, and events. Whether you were able to attend or not, we want to share some of the great resources and information that came out of the conference.
Pre-Conference Training & RSA Day 1 (April 15–16)
Early Sessions, Tutorials, & Competition Begins
Early birds to RSA Conference had a chance to participate in a variety of tutorials and training sessions running from Sunday through Monday. Led by respected authorities from the SANS Institute, ISACA, (ISC)², and CSA, these two-day courses served as intensive, skill-building opportunities.
The official conference kick-off on Monday included RSAC CyberSmart Parents Education Seminar: “Keeping Your Family Safe Online, a workshop highlighting the latest research on the online habits of teens and parents, along with guidance for keeping kids safe in the age of social media. Meanwhile, the Securing Diversity seminar included speakers from a wide range of backgrounds and perspectives for a series of morning-long talks.
Close to our hearts here at Threat Stack was DevOps Connect: DevSecOps, a full-day event featuring members of both development and security teams. These speakers provided much hope for the goal of integrated DevSecOps, revealing similar viewpoints on the importance of secure coding and development for the release of quality products.
GDPR Essentials offered a full-day overview of the major change in EU privacy regulation currently underway. The keynote by Juhan Lepassaar, Head of VP Ansip Cabinet, European Commission, gave way to actionable talks and panels. We’ve linked to the slide decks below:
- Get Up to Speed on GDPR Fast
- Will the GDPR and related rules prove a competitive differentiator for Europe?
- A Practical Guide to GDPR Breach Notification and Security Requirements
- The Future of International Regulation?
- Enforcement: When Will the Big Scary Fines Happen, and How Do You Avoid Them?
- Privacy Essentials for Security Professionals
Monday also marked the start of Innovation Sandbox, a competition highlighting what’s new in security innovation. Focusing on the theme of “Taking Humans out of the Security Equation,” each of the 10 competition finalists delivered a three minute presentation on its unique security solution. BigID came out the winner, earning the title of “RSAC Most Innovative Startup 2018.”
RSA Day 2 (April 17)
Kicking Off the Keynotes & Recognizing Award Winners
Tuesday marked the first day of conference keynote speeches, and RSA President Rohit Ghai started off the morning with an upbeat welcome address that urged listeners to focus on their successes despite the current challenging security climate.
The Cryptographers’ Panel followed, featuring moderator Dr. Zulfikar Ramzan, RSA’s CTO, and luminaries in the cryptography field. On stage, the panelists discussed hot topics in cryptography today, including election hacking, quantum computing and its effect on algorithms, cryptocurrency, and the limitations of blockchain technology.
A keynote later in the morning by Secretary of the Department of Homeland Security, Kirstjen M. Nielsen, filled the room as she discussed the DHS’ strategies to protect citizens from cyber attacks. She called out our hyper-connectivity as one of the major risk factors to attacks on both individuals and organizations.
Tuesday also saw the winners of the RSA Conference Awards recognized for their “outstanding contributions… in the field of cryptography, public policy, information security and new in 2018 – security humanitarianism.” The winners included:
- Tim Jenkin, The African National Congress, for Excellence in the Field of Humanitarian Service
- Michael Assante, security expert and instructor, SANS Institute, for Excellence in the Field of Information Security
- Professor Ran Canetti, Boston University, and Professor Rafail Ostrovsky, UCLA, for Excellence in the Field of Mathematics
- Admiral Michael Rogers, United States Navy, for Excellence in the Field of Public Policy
RSA Day 3 (April 18)
Focusing on Females & New Attack Techniques
A major highlight of RSA Day 3 was The Five Most Dangerous New Attack Techniques, and What’s Coming Next, a panel discussion moderated by SANS Institute Research Director and Founder Alan Paller. Panelists from the SANS Institute covered five high-level themes:
- Repositories and cloud storage leakage
- Big data analytics, de-anonymization, and correlation
- Crypto coin mining
- Hardware vulnerabilities like Meltdown & Spectre
- Exploitability in ICS/SCADA
With practical advice on defending against each of these threats, it’s worth watching the full panel video below.
Wednesday’s keynotes honed in on the industry’s female talent, with Girls Who Code Founder and CEO Reshma Saujani recounting her personal and professional success story. Saujani highlighted the tech talent deficit (a common topic of discussion this year), and called out women as the solution, noting the need to overcome “brogrammer” culture.
Monica Lewinsky also delivered a thought-provoking keynote titled The Price of Shame. In light of her own experiences, Lewinsky discussed the fragility of reputation in the digital age.
RSA Day 4 (April 19)
Revealing Hidden Figures, Integrating DevOps With Security Toolchains, & Celebrating at the RSAC Bash
Thursday saw another fascinating woman take the stage to shine light on a group of overlooked industry pioneers. Margot Lee Shetterly — writer, researcher, and entrepreneur — delivered her talk, Hidden Figures: The Untold Story of the Black Women Who Helped Win the Space Race. Based on her 2016 bestselling book, Shetterly discussed NASA’s African-American “human computers” and their vast contribution to history.
Her inspirational speech was balanced with a practical session on Integrating Security with DevOps Toolchains. Led by Aaron Rinehart of UnitedHealth Group and Dr. Chenxi Wang of Rain Capital, the session covered the DevOps transformation stories of three organizations (Target, UnitedHealth, and an unnamed cloud-based financial service startup), offering lessons learned for each. Click here to view the presentation slides.
The evening gave conference goers a chance to let off a little steam at the annual RSAC Bash, held this year at the impressive San Francisco Armory. Revelers enjoyed live music, a futuristic take on food and drink, roving performers, and a remote-control racetrack to name just a sampling.
RSA Day 5 (April 20)
Learning the Dos and Don’ts of DevSecOps & Wrapping Up With The Hugh Thompson Show
Hopefully recovered from the RSAC Bash the night before, attendees took in their final sessions of the week, including Dos and Don’ts of DevSecOps, hosted by Hasan Yassar of Carnegie Mellon University. After reviewing what’s required of an organization’s people, processes, and platforms to get to a DevOps model, Yassar then presented his tips on successfully bringing security into the picture, with a focus on automation, a recurring conference theme. See the presentation slides here.
The conference closed out with The Hugh Thompson Show, an annual RSAC tradition. Led, as it is each year, by the conference’s program chairman, this year’s show focused on both the excitement and fear surrounding artificial intelligence. Dr. Kate Darling of the MIT Media Lab, Dr. Dawn Song of UC Berkeley, and Dr. Sebastian Thrun of Udacity joined Thompson on stage to discuss the potential applications of AI and to debate its pros and cons.
Just as Ghai’s introductory keynote moved to put a positive spin on a dark year of cyberthreats, the brilliant presenters at this year’s RSA Conference have shown us there’s light at the end of the tunnel. From quantum computing to automation, and from bridging the talent gap to getting smart about DevSecOps, the future of cybersecurity looks bright. And, of course, at Threat Stack, we’re glad to see just how many conference participants are jumping on the DevSecOps wagon!
Cloud SecOps Maturity Assessment
Baseline your cloud infrastructure security strategy and find out where you stand.