Are you still trying to choose which Peer2Peer conversations you'd like to join at the RSA Conference this year in San Francisco? 

Peer2Peer sessions are group discussions around specific security topics, where participants get the chance to really dig deeply into a topic that that care about with a group of peers. This year we've once again asked the discussion facilitators to help explain what you can expect from their sessions so that you can choose the groups and topics that will be most beneficial and interesting.

This post features the following six sessions: 

1. How Not to Be Hacked—Take the Advantage
2. How Do You Protect Data and Staff during High-Risk Business Travel?
3. Security Tenets for Life Critical Embedded Systems
4. How Do You Build Your Human Firewall? Accountability or Awareness?
5. A Fitness Test for Fostering Women Leaders in IT Security
6. Get a Seat at the Table: Effectively Communicate Risks to the Board 

1. How Not to Be Hacked—Take the Advantage (P2P2-R08) 

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

• Seeking Attendees who are: Trendsetters, change agents, visionaries, and passionates seeking to make a difference one life at a time
• Proper titles of those who will contribute to the session: Product Security Leaders, Parents, and Directors of Security 

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

• Important to industry: Today 3.1 billion people online are now empowered or informed making it impossible to secure every App and Device.
• Important to you: Empowering people to protect themselves prevents human trafficking, enhances quality of life, and limits digital negative events
• Challenge: Are YOUR family members, parents, children, and friends safe and secure online today because of your profession? 

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion? 

• What do you do habitually when navigating to a new website? What do you check? Do you type in URL? Do you Google it?
• How do you protect your children on social media sites? Do you use manual reviews, monitoring software, account management, denial?

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

• Desired outcome: A fresh look and optimism on how to transfer habits of highly knowledgeable security professionals to regular people.
• Takeaways:  Specific simple and highly potent techniques and tips to make the digital world safer and happier for our friends, family, and colleagues.

2. How Do You Protect Data and Staff during High-Risk Business Travel? (P2P2-R15)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for? 

The ideal attendees for this session include IT and cyber security senior management, as well as the C-suite, from global corporations.

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

International business travel is increasing at the same time nation-states and organized crime are expanding their attacks on Intellectual Property and personal information. These threats create increased risk to business travelers and their data in countries outside the U.S. This becomes another attack vector that information security professionals must address within their security programs.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion?

Do you know what type of data your employees travel with internationally, and do you know the threats to your business travelers?

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

Attendees will hopefully walk away with better awareness of potential risks to their employees and data during international travel, and have a starting point for addressing those risks.

3. Security Tenets for Life Critical Embedded Systems (P2P2-W13)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for? 

Developers and manufacturers of life critical embedded system devices are the best audience for this P2P session.  The tenets apply to all embedded systems, but are especially focused on life-critical embedded systems.  So anyone who develops for these devices is the target audience.

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

For embedded system devices, security has generally been an afterthought.  By incorporating the tenets into the development and manufacturing process, these devices will be more secure and less vulnerable to cyber attack.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion? 

It would be best if attendees could read the paper referenced in the abstract, and especially the use cases in the appendix to the paper.  This will set the stage for the discussion.  Opinions may vary about the tenets that are put forth.  If this is the case, I want to know about it and revise the recommendations as appropriate.

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

The attendees will have a better understanding of what life critical embedded system devices are, and how they can be compromised, but also how they can be protected.  The hope is that those individuals who produce life critical embedded system devices will incorporate the security tenets into their development and manufacturing process.

4. How Do You Build Your Human Firewall? Accountability or Awareness? (P2P1-R08)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?           

It’s for attendees who are responsible for training and educating their employees, and risk professionals who see which issues are happening most frequently, and want to find new ways to communicate the complexities of security and risk.  It’s for anyone who has experience in making the shift from security “awareness” to “accountability,” and anyone who is wishing to learn how.  We all know that they same old training and awareness does not work.

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about? 

Security is complicated and we can’t expect the average employee to be a security expert.  Hitting them over the head with FUD messages just scares them away, and repeating only the most basic messages doesn’t make enough of an impact. The problem is that we’re viewing this issue from our lens, not that of the average employee. They have a job to do, and to them, this new information is like asking them to do more work.

We need to think about how we can get more creative and how we can make the message more engaging so people WANT to learn.  It’s not just about sitting through a one-hour training course that doesn’t provide the right outcomes anyway. Companies have held contests to draw on employees competitive spirit; companies have held hackathons and virtual treasure hunts to get employees engaged in the process… Come in having thought about what you’ve tried that’s worked and what new ideas you’re looking to try.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion? 

Attendees should think about what has worked in their organization and what has failed—and be prepared to share it. This isn’t a pride contest; by sharing what doesn’t work, we’ll be helping each other avoid unnecessary pitfalls. And by sharing what has worked, we’ll get to hear about new creative ways to enhance security

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?  

So many of us are trying new creative approaches to drive employee accountability, and I want attendees walking away with new ideas to go back and try. 

5. A Fitness Test for Fostering Women Leaders in IT Security (P2P3-T10)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

This is for anyone who has responsibility for building a cybersecurity or IT risk management team and is interested in attracting, developing and advancing female and minority talent. It’s also for anyone who is passionate about gender balancing and diversity. 

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

The underrepresentation and underutilization of female talent is both a critical business issue and a hindrance to the development of world-class cybersecurity organizations and solutions as well as the overall safety and protection of our country. The number of women in information and cybersecurity according to a recent study done by ISC2 is 10%—which is a decrease from 11% they reported in 2014.

In order to keep up with the demand for cybersecurity professionals, the United States, its corporations and its universities must address the shortage of women in the field. By not employing women, they are missing half of the talent pool, losing diversity of thought and not truly gaining the best possible minds to solve the complex problems and changing landscape of protecting our country, our infrastructure and our citizens and keeping the U.S. competitive in the digital world.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion?

What are you personally and your company doing to attract, advance and retain women in our field?

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

Attendees will have a raised awareness of the issues surrounding hiring and retaining women in security, and will learn about practical ideas and the best practices of companies succeeding in developing and retaining women leaders in cybersecurity. 

6. Get a Seat at the Table: Effectively Communicate Risks to the Board (P2P3-R07)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

The individuals that will benefit most from this session are security professionals that are responsible for cross-company security communication and executive communications including CISO’s, CSO’s and BISO’s.

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

As security has increasingly become an upper management issue, IT professionals responsible for security are called on to communicate risk and exposures to executive audiences who do not have a grasp of IT security. This session will help security professionals adapt their message to an executive audience.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion?

First, think about what questions you have been asked by either the board or executive team at your company. Second, think about the questions you would ask the board or upper management to help you prepare for your communication. Bring your questions to the session and you will have a chance to see how your peers would respond. A great way to prepare.

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

Attendees will learn how to tune their communication to language the board can understand, provide information the board can grasp and scope their message to stay on target. In addition, attendees will learn about cases of communication that were well intended but not effective.

You can check out all of the Peer2Peer sessions on our agenda and read about more sessions here, here and here.