RSA® Conference offers a full day of seminars at no additional charge to full Conference delegates.
Security Basics Seminar - 3 Years or Less Experience - Full Day
Time: 8:30 a.m. - 5:00 p.m.
Taught by the leaders in the field, the Security Basics Seminar explains some of the most important security principles and technologies to new practitioners or those with under three (3) years' experience. It lays a foundation of essential concepts to enhance understanding of advanced issues to be discussed during the week.
Back to Top
8:30 a.m. - Introduction & the Business of Security
- Speaker: Hugh Thompson, Chief Security Strategist, People Security
9:30 a.m. - Crypto 101/Encryption Basics, SSL & Certificates
- Speaker: Ivan Ristic, Director of Engineering, Qualys, Inc.
10:30 a.m. - Break
10:45 a.m. - Authentication Technologies
- Speaker: Bill Duane, Distinguished Engineer, Office of the CTO, RSA, The Security Division of EMC
11: 45 a.m. - Lunch
12:45 p.m. - Application Security
- Speaker: Jason Rouse, Principal Consultant, Cigital, Inc.
1:45 p.m. - Viruses, Malware and Threats
- Speaker: Vinny Gullotto, General Manager, Malware Protection Center, Microsoft Corporation
2:45 p.m. - Break
3:00 p.m. - Firewalls and Perimeter Protection
- Speaker: William Cheswick, Lead Member of Technical Staff, AT&T Labs Research
4:00 p.m. - Governance, Risk and Compliance
- Speaker: Steve Schlarman, eGRC Solution Manager, RSA, The Security Division of EMC
Know Your Threats and Countermeasures: Improving Application Security - Full Day - New for 2011!
Time: 8:30 a.m. - 5:00 p.m.
Building security into applications versus adding it later is a best practice that also lowers development costs. Through demos and lectures from the experts, you will learn about a variety of security issues as well as prevention techniques and countermeasures. Three (3) years or more of software development experience is required.
Back to Top
Moderator: Kathy Kriese, Senior Product Manager, RSA, The Security Division of EMC
8:30 a.m. - Truth or Fiction:
The rise of software vulnerabilities and the impact the vulnerabilities have on organizations
- Speaker: Kathy Kriese, Senior Product Manager, RSA, The Security Division of EMC
8:40 a.m. - Security in the Software Development Lifecycle:
For each lifecycle stage, what are the activities and responsibilities?
- Speaker: Steve Lipner, Senior Director of Security Engineering Strategy, Microsoft Corporation
9:25 a.m. - Break
9:40 a.m. - Secure Design Principles:
Defense in depth, least privilege, compartmentalization, guest/tenant isolation, reduction of attack surface, fail-secure, no reliance on client-enforced security, secure interoperability, secure-by-default
- Speaker: Alberto Revelli, Senior Consultant, Cigital, Inc.
10:30 a.m. - Secure Coding:
Demonstrate issues and illustrate prevention/remediation techniques - part 1
- Speakers: Jacob West, Director of Security Research Group, Fortify, an HP Company
Brian Chess, Founder and Chief Scientist, Fortify, an HP Company
12:00 p.m. - Lunch
1:00 p.m. - Secure Coding:
Demonstrate issues and illustrate prevention/remediation techniques - part 2
2:30 p.m. - Security Testing:
Fuzzing, threat modeling, benefits/limitations of testing techniques, source code scanning, vulnerability scanners
- Speaker: Chris Eng, Senior Director of Research, Veracode, Inc.
3:45 p.m. - Break
4:00 p.m. - Vulnerability Response:
Representatives for defined roles, third-party tracking, regression testing, root cause analysis, patches - creation and communication
- Speaker: Reeny Sondhi, Director, Product Security, EMC Corporation
4:45 p.m. - Security Resources:
CERT, NIST, RSA Labs, RSA Share Community, (ISC)2 and more
- Speaker: Kathy Kriese, Senior Product Manager, RSA, The Security Division of EMC
4:55 p.m. - Close
Professional Development Seminars - New for 2011!
The Professional Development Track has evolved into new seminars that provide professionals at all levels insight into career advancement and strategies to achieve peak performance at work.
Information Security Leadership Development: Building and Managing a Successful Information Security Program - Morning Half-Day
Time: 8:30 a.m. - 11:30 a.m.
In most security training, there is little focus on how to build and operate a successful security program. Experienced security leaders deliver a morning seminar focused on bridging this gap.
- Building Blocks of a Security Program
- Making Regulations & Audit Work for You
- Managing the Breach
Back to Top
8:30 a.m. - Building Blocks of a Security Program
- First 6 Months on the Job
The morning starts off with a walkthrough of what you might expect during your first 6 months on the job. Learn where to spend your time and resources to be most effective without introducing more change than the organization can absorb. Think you should drop a 100 page vulnerability report on the CEO's desk on day 2? Think again. These long-time security leaders will point out the pitfalls to avoid as a new information security officer, and share their tips for building a strong program foundation.
- Speaker: Dennis Devlin, CISO, Brandeis University
- Organizational Structure, What Works
Once you have gotten past the first few months, you will be presented with several important decisions, like how to organize your team. Attendees will hear several approaches to handling critical security functions such as governance, operations, privacy, and incident investigations. There are so many ways to integrate information security responsibilities into the organization, and security officers are meeting the modern day challenges by evolving their program into a more decentralized group spread across various business units.
- Speaker: Evan Wheeler, Director InfoSec, Omgeo
- Security Evangelism
If you don't like politics, than CISO is probably not the job for you. On any given day you may find yourself negotiating with regulators, balancing a severe security exposure against a critical business initiative, and being grilled demanding customer due diligence questions. A critical skill for any security leader is knowing how to shape and improve the security posture of your organization without clashing with the company's culture. Learn from the experiences of a leading CISO how to promote a culture of security in your own organization.
- Speaker: Bruce Bonsall, CISO, Mass Mutual
9:30 a.m. - Making Regulations & Audit Work for You
- Audit is Your Friend & Strategies for Working with the Regulators
No matter what industry you are in these days it seems that you have to deal with some level of regulation. If you know how to approach it, you can really use this to your advantage to improve the security posture of your organization. The key is to really understand the audit function, their role and charter, and how to best maximize the relationship with them whether it be an internal audit group or an external assessor. Learn how to "manage" the audit process, and you will transform yourself from someone who dreads audit to an audit lover.
- Speaker: Justin Peavey, CISO, Omgeo
10:00 a.m. - Break
10:30 a.m. - Managing the Breach
- The Long Walk to the CEO's Office
No matter how good you are, you will someday experience the humbling effects of a data breach. Not only can how you handle the first few minutes, hours, and days of this experience make or break your career, also how you prepare for this event will often determine your tenure with the organization. Attendees will get a rare look into the mind of a CISO as he/she walks down the hall to the CEO's office. Can you guess what is on top of the list?
- Speaker: Ron Baklarz, CISO, Amtrak
- Law School in 20 Minutes or Less
If you aspire to lead a security program of any size, then this session is a must attend for you. More and more these days the CISO is called upon to provide guidance about the security, privacy, compliance requirements and constraints of various (and often conflicting) international laws. This crash course in legal must-know topics will give you a great place to start with your legal education.
- Speaker: David Thomas, Shareholder, Greenberg Traurig, LLP
- Investigative and Forensic Considerations: Interaction with Law Enforcement
Don't miss this unique experience to hear from a senior law enforcement agent what you can expect when you make the call to bring in help on an investigation. Law enforcement can be an invaluable resource to help you through a major breach, but you need to help them to help you. Preserving forensic evidence and coordinating resource are just some of the topics that will be covered.
For those attendees who are lucky enough to have never had a serious breach that required law enforcement assistance, this session will conclude with a simulated meeting between a CISO, his legal counsel, and an FBI agent to discuss a new breach investigation. What better way to learn what to expect and how to prepare than to see it all in action. There may even be some unexpected developments in the investigation to really keep things interesting.
- Speaker: James Burrell , Assistant Special Agent in Charge, Federal Bureau of Investigation
Information Security Career Development: Building and Managing a Successful Information Security Career - Afternoon Half-Day
Time: 12:30 p.m. - 5:00 p.m.
The afternoon seminar offers a learning environment focused on increasing delegates’ value to their employers, and methods to accelerate their careers as information security leaders.
- Trends Impacting the Security Skills Organizations Need and the Jobs People Want
- Career Architecture - Building a Career Plan from the Ground Up
- Making the A-List - Differentiating Yourself as an Information Security Professional
- The CISO of the Future - Building a Competitive Skill Matrix
- The Top of the Pyramid - Real Lessons from Today's Security Leaders
Back to Top
12:30 p.m. - Introductions
- Speakers: Mike Gentile, Founder and President, CISOHandbook.com
Lee Kushner, President, LJ Kushner and Associates
12:40 p.m. - Trends Impacting the Sec. Skills Orgs Need & the Jobs People Want
The current characteristics of the information security domain have created a dynamic and challenging landscape for the development of the security professionals that participate within it. Some of these considerations or trends include the unique and demanding needs of the organizations that require security talent, the available training and certification mechanisms to attain these skills, extreme demand for a limited supply of talent, and the overall immaturity of the information security discipline. This panel will illustrate some unique perspectives on this topic, as well as, provide some practical tips to leverage these considerations in your day to day security travels.
- Speakers: Michael Assante, President and CEO, NBISE
Chris Chock, Security Lead, Orange County Transportation Authority
Mike Gentile, Founder and President, CISOHandbook.com (Moderator)
Jeff Moss, Founder of Black Hat and DEF CON, Homeland Security Advisory Council Member
Kevin Richards, President, ISSA International and Vice President, Risk & Security Services, Neohapsis
1:30 p.m. - Break
1:50 p.m. - Career Architecture - Building a Career Plan From the Ground Up
The battle for information security leadership jobs becomes more fierce each year. It is important that the Information Security professional prepare himself/herself to compete in this industry. This session will teach you to effectively plan for future success in your career, setting appropriate goals and targets and understanding your own skills and where you need to develop further.
- Speaker: Michael Murray, Co-Founder, Infosec Leaders
2:30 p.m. - Making the A-list - Differentiating Yourself as an Information Security Professional
Most security professionals are great at what they do, but fall short when it comes to presenting themselves for a career opportunity. This session will:
- Give an overview on how hiring managers and recruiters evaluate potential candidates
- Help define the qualities that make candidates stand out from the competition
- Provide insights on how to "product manage" one's professional assets.
- Speaker: Jeff Combs, Owner, J. Combs Search Advisors
3:10 p.m. - Break
3:30 p.m. - The CISO of the Future - Building a Competitive Skill Matrix
As companies look to select their information security leaders of the future, they will be more demanding. To be both effective and respected, the CISO will need to build a comprehensive skills matrix that places them on the same level as other senior executives. Attendees will learn which key skills and attributes companies search for when selecting their CISO's and how to acquire them.
- Speaker: Lee Kushner, President, LJ Kushner and Associates
4:10 p.m. - The Top of the Pyramid - Real Lessons from Today's Security Leaders
A diverse panel of recognized information security leaders, representing different perspectives and industries, will speak about their backgrounds and their career paths. Discussion points will include items such as how they achieved their success, the criteria that they utilize for their personal career decisions, recognizing and developing talent, as well as where they are heading next. Attendees will leave the session with ideas to apply to their own careers, in pursuit of their long term career goals. The session would allow for audience questions and answers.
- Speakers: Patrick Heim, CISO, Kaiser Permanente
John Kirkwood, Global CISO, Royal Ahold
Lee Kushner, President, LJ Kushner and Associates (Moderator)
Stephen Scharf, CSO, Experian
Time: 1:00 p.m. - 6:00 p.m.
Innovation Sandbox is a unique half-day program representing today's best new security solutions. Back by popular demand, the top 10 start-ups, ranked and judged by our panel of venture capital professionals, CISOs, CTOs, and industry experts, will present their new companies and products in our newly-designed demonstration area and compete for the Most Innovative Company at RSA Conference 2011 award. Innovation Sandbox is included as part of your Delegate and Expo Plus Pass registration. For more information, please visit the Innovation Sandbox web page.
Back to Top
- Interactive White Boarding Sessions
- Trailbreakers Panel
- All-New "Start up Speed Dating" Session
Cloud Security Alliance Summit 2011
Time: 9:00 a.m. - 1:00 p.m.
Abstract:The CSA Summit 2011 provides the most timely and relevant education for securing cloud computing. This year's Summit serves as the venue for the global introduction of several research projects, including research on governance, cloud security reference architectures and cloud-specific computer emergency response teams (CERT). The Summit is kicked off with a keynote from the CEO of one of the industry's leading cloud service providers and includes session presentations and panels from the industry's foremost thought leaders.
The CSA Summit 2011 provides a fantastic opportunity for you to ask questions and learn from experts who are designing and implementing cloud security technologies.
Back to Top
9:00 a.m. – Keynote
- Speakers: Marc Benioff, CEO, Salesforce.com
9:40 a.m. – Cloudnomics: Securing the Cloud within Market Realities
- Speakers: Christopher Hoff, Director, Cloud & Virtualization Solutions, Cisco Systems, Inc.
10:10 a.m. – The Future of Cloud Technology
- Moderator: Liam Lynch, Chief Security Strategist, eBay
- Panelists: Dave Asprey, Sr Director, Cloud Security, Trend Micro
Patrick Harding, Chief Technology Officer, Ping Identity
Scott Chasin, Chief Technology Officer, Content & Cloud Business, McAfee
Eddie Schwartz, Chief Security Officer, NetWitness Corporation
11:00 a.m. – Break
11:10 a.m. – The CSA Roadmap
- Speaker: Archie Reed, Chief Technologist for Cloud Security, HP
Ken Biery, Professional Services Manager, Security Consulting, Verizon Business
Michael Sutton, Vice President, Security Research, Zscaler
Vikas Jain, Director, Product Management, Cloud Identity and Security, Intel
11:50 a.m. – GRC in the Cloud – Today and Tomorrow
- Moderator: Tim Mather, Author, Cloud Security & Privacy
- Panelists: Arti Arora Raman, Vice President Products & Alliances, Agiliance
Eran Feigenbaum, Director of Security, Google Apps, Google
Bill Pennington, Chief Strategy Officer, WhiteHat Security
Pamela Fusco, Vice President Industry Solutions, Solutionary
12:40 p.m. – The Road Ahead in the Cloud – A New and Promising Journey for the Security Professional
- Speaker: Philippe Courtot, CEO, Qualys, Inc.
Can You Trust Your Enterprise? Top Analysts & Implementers Debate Using Trusted Computing
Time: 11:00 a.m. - 3:00 p.m.
Trusted Computing now plays a key role in national security for not only the United States but for the United Kingdom and other nations. What, then, is the role of the trusted platform in the enterprise? This half-day workshop will offer provocative discussion about the role of trust, hardware-based security and why it's finally reached the tipping point. Enterprise customers who have deployed trusted computing for authentication, data protection and network security alongside distinguished moderators Derek Brink, Aberdeen Research; Roger Kay, Endpoint Technologies; and Andreas Antonopolous, Nemertes Research will be featured. Industry experts will question users about their experiences. Attendees can also see the latest technologies in action. Lunch will be provided.
Back to Top
11:00 a.m. – Welcome and Introduction
- Speaker: Steve Hanna, TNC Co-Chair and Distinguished Engineer, Juniper Networks
11:10 a.m. – Keynote Address – Leveraging TPM for Low Cost, Strong Authentication at PwC
- Speakers: Karl Wagner, Director of Global Networking, PriceWaterhouseCoopers
11:40 a.m. – Lunch and Demonstration Showcase
12:10 p.m. – Deployment Models for Your Future Network Security Solutions
- Moderator: Eric Ogren, Founder and Principal Analyst, Ogren Group
- Panelists: Paul Bartock, Technical Director for Information Assurance Transformation, Vulnerability Analysis and Operation Group, U.S. National Security Agency
Michael Lindskoy, Senior Manager and Enterprise Architect, CUNA Mutual Group
12:50 p.m. – Demonstration Showcase Break
1:05 p.m. – Eliminating Risk and Reducing Costs with TPM
- Moderator: Roger Kay, Founder, Endpoint Technologies
- Panelists: Brian Berger, EVP Marketing & Sales, Wave Systems Corp
Boudewiin Kilian, Solution Architect, PriceWaterhouseCoopers
Jeremy Wyant, High Assurance Systems Engineer, General Dynamics
1:45 p.m. – Demonstration Showcase Break
2:00 p.m. – Faster, Lower Costs and High Assurance – The Role of Encrypted Hard Drives
- Moderator: Derek Brink, CISSP, Vice President and Research Fellow, Aberdeen Group
- Panelists: David Bowers, Manager, LE Client Technologists, Dell
Jeff Kam, Information Technology Asset Manager, Dendreon Corporation
Stan Potter, Emerging Technologies Lead, NCSC Trusted Computing Division, U.S. National Security Agency
2:40 p.m. – Demonstration Showcase Break
3:00 p.m. – Closing Remarks