What is a Peer-2-Peer session? Peer2Peer sessions enable groups that share a common interest to come together and explore a specific security topic. You will be digging into a topic you really care about in a room with like-minded peers and a facilitator. Wondering which conversation will be the most relevant to your job role and concerns? We asked each session facilitator to provide a short summary to help you decide.
This post highlights seven P2P sessions (Scroll down for answers). Links to other session summaries are at the bottom of the page.
- Hacking High: Teaching Our Kids Vital Cyber Skills
- Who’s Invited to Your Party? Minimizing Risk From Outsourced Partners
- Trimming the Waste From Your Security Portfolio
- Why the Cyber Fusion Center Concept Works
- Effective Incident Response from the Front Lines
- Does The New 2015 California Data Breach Law Protect Individual Privacy, Corporate Security, Both, or Neither?
- Challenges in Network Forensics
We also included some questions to get you started thinking so that you come to the session prepared with some thoughts.
Hacking High: Teaching Our Kids Vital Cyber Skills (P2P-T07A)
Who should attend?
Hacking High Teaching Our Kids Vital Cyber Skills is for anyone who sees the great need in our industry for developing skilled cybersecurity professionals. This could be hiring managers, security trainers and educators, or anyone with the passion for building the next generation. The goal of this session is to show them easy ways to be part of the solution.
Why is this topic important?
Information security is in crisis. We need more skilled cybersecurity professionals, yet we don’t have a consolidated plan for building people with those skills. Kids may know how to point and click, but they don’t know how the underlying technology works or know the basics on how to keep themselves information safe online. Most teachers lack resources and personal knowledge to teach technology to teenagers. Ronald Woerner, directory of cybersecurity studies at Bellevue University and facilitator of the session suggests we teach hacking in schools. Kids will do it anyway, so let’s do it right. The discussion will include the role of cybersecurity and hacking competitions for 7-12 grade students.
What should attendees think about?
Two things to consider: [1] How is your community or school system educating the younger generation to prepare them for the multitude of IT and Cybersecurity careers? Is a cybersecurity curriculum in place? If so, what does it contain? [2] What are solutions for filling that gap? How can we work together to implement those solutions for our school aged kids.
What will attendees walk away with after the session?
Attendees of the “Hacking High” session will fully understand the issues and come away with actionable ideas to be part of the solution. They will hear from other industry experts who are successfully doing it in their community to everyone’s benefit. They will see the bright star of hope to meet the critical needs of our industry in a fun and safe way, by teaching hacking in high school.
Who’s Invited to Your Party? Minimizing Risk From Outsourced Partners (P2P-T07D)
Who should attend?
This session is for anyone whose organizations utilize outsourced partners to do business—partners that connect to internal computing resources and/or have access to proprietary information, forming “the elastic insider network,” as well as those who assess security of organization-partner information exchanges and network connectivity. Anyone whose roles include IT technical, IT security, legal, asset-management, risk-management, insurance should attend. This session will be strategic and tactical, not deeply technical.
Why is this topic important?
Consider the recent breach headlines: in many cases, the compromised partners opened the door to the corporation’s networks. Outsourcing is a well-established trend across many industries, and organizations are increasingly engaging partners to support business operations, including core functions. Virtually all of these partner-supported operations involve information sensitive or even strategic to the organization, and many involve giving the partner access to internal networks.
What should attendees think about?
Think about the partners engaged by your business, the types of operations they support, and the information and business networks they access, particularly mission critical, sensitive, or regulated.Consider what processes you have in place to assess potential partners, to monitor and audit partner operations that involve your business, and to mitigate IT security incidents involving partner access. Asses the contracts you have with your partners, specifically that language that gives you (1) rights to direct how the partner uses your business information and connects to and uses your internal networks; (2) rights to audit the partner; and (3) rights to direct how the partner engages and uses partners that also have access your sensitive information.
What will attendees walk away with after the session?
Attendees will leave with an understanding of the issues, assessments and controls involving outsourced, connected partners. “I anticipate a vibrant, in-depth, inclusive discussion that surfaces a variety of viewpoints and debate between them. I expect to spark for participants some of those invaluable RSAC “Aha!” moments, where they gain new perspectives and insights that they bring back to add immediate value to their work and spark meaningful change in their organization,” says Ken Morrisson, a principal with Morrisson Consulting and facilitator of this session.
Trimming the Waste From Your Security Portfolio (P2P-T08B)
Who should attend?
The attendees who will most benefit from this session are those who are responsible for planning their organization’s overall security portfolio and strategy — those who are looking at the next procurements while trying to justify the past ones. The discussion can also be helpful to security professionals who have to maintain current tools and who recommend purchases; they often have a lot to say about how the products are really being used (or not).
Why is this topic important?
Everyone is concentrating on buying more and more without thinking about replacing or retiring any of it. It’s important to look at what’s really working for you, what’s turned into shelfware for various reasons, and whether you can make more efficient use of your budget without having to ask for an increase every year.
What should attendees think about?
Attendees should have a good list of what they’re already using in-house — and that’s not always as easy as you think; large enterprises or newly merged ones may have multiple sets of products doing pretty much the same thing. They should also think about their security portfolios in terms of functionality: what are they using for blocking at each layer? Where are the blind spots where they don’t have good visibility? How often are they actually able to use each product rather than “getting around to looking at the logs” once a month?
What will attendees walk away with after the session?
“I’m hoping that attendees will share honest thoughts about what they wish they had, what’s been a waste of resources and money in their experience, and how they can strategically consolidate their tools. At some point we have to stop building layers and throwing security spaghetti at the wall, hoping something sticks,” says Wendy Nather, research director of information security at 451 Research, and facilitator of this session.
Why the Cyber Fusion Center Concept Works (P2P-T08C)
Who should attend?
Ideal participants for this session are those that have accountability for, or manage, a security operations center (SOC) or a CSIRT.
Why is this topic important?
“We’ve spent too many years responding to the aftermath of a breach. We need to be better positioned to move faster, identify potential problems sooner, and collaborate with extended security teams in realtime in order to move to a more proactive defense model,” says Dave Baumgartner, vice-president of cyber-security at Target and facilitator of this session.
What should attendees think about?
Some questions to come thinking about are: What is the biggest problem you face in identifying potential threats? Are you able to track the time from alert to containment today? What’s the single most challenging aspect of containment that drives to longer response times?
What will attendees walk away with after the session?
“My goal is for attendees to walk away with some very basic, but highly effective ideas to reduce the amount of time it takes to respond to valid security alerts and for them to feel empowered with a plan to reduce response time,” Baumgartner says.
Effective Incident Response from the Front Lines (P2P-T08D)
Who should attend?
The main audience is the practitioners and technical managers responsible for threat detection and response. CISOs would also benefit by gaining insight into challenges they might not even be aware of and contribute by offering their perspective.
Why is this topic important?
Organizations of all types now accept that security incidents of many types are inevitable and they can rapidly escalate into damaging breaches. “Most have threat detection and response as a top priority this year so they don't become the next headline,” says Lucas Zaichkowsky, an enterprise defense architect from Resolution1 Security.
What should attendees think about?
Attendees should think about how defending against a determined hacker is different from defending against opportunistic threats. They should then reflect on capabilities and human talent required to identify and rapidly resolve intrusions in progress before the damage is done. What's working for them today? What could they be doing better?
What will attendees walk away with after the session?
Attendees will gain an understanding of common deficiencies that hinder rapid threat detection and response and how others have overcome those challenges.
Does The New 2015 California Data Breach Law Protect Individual Privacy, Corporate Security, Both, or Neither? (P2P-T09A)
Who should attend?
This session is especially for attendees who are responsible for privacy and data security compliance, the ones who will be on the hook for the new California Data Breach Law standards.
Why is this topic important?
“Everyone should watch what’s happening in California to forecast privacy next moves on the national and international level,” says Jill Bronfman, Professor of Data Privacy and Director of the Privacy and Technology Project at University of California Hastings College of the Law and the facilitator of this session.
What should attendees think about?
A question to think about in preparation for this session: How will new technologies change the way we think about data collection and storage?
What will attendees walk away with after the session?
“I’m hoping that attendees will walk away from the session with not only an understanding of how the law has changed, but how it will continue to change to keep up with technology,” Bronfman says.
Challenges in Network Forensics (P2P-T09B)
Who should attend?
This session is specifically for people who are doing research in the area of network security, and IT security analysts responsible for the security of their enterprise networks. Attendees should be familiar with existing tools such as Intrusion Detection Systems (IDS) and firewalls.
Why is this topic important?
In the case of a cyber-attack, it is important to determine how the attack happened and who did the attack. Network forensics is an extension of network security as data is collected from security products such as IDS and firewalls. Network forensics is quite challenging as attackers have their own techniques to cover their traces.
What should attendees think about?
Attendees should think about how they collect, preserve and present the evidence. They should also think about tricks attackers use to hide their traces, and how we can detect them. They should be prepared to walk through “what-if” scenarios, says Anoop Singhal, a senior scientist with NIST and the facilitator of this session.
What will attendees walk away with after the session?
Attendees will have a better understanding of network forensics , as well as the limitations of the current security tools to do forensic analysis. They will have new ideas on what needs to be done to solve some of the challenges.
Check out P2P sessions in parts one, two, three, four, five, and six. We look forward to seeing you in San Francisco!