Are you ready for this year's RSA Conference in San Francisco? Have you decided which Peer2Peer sessions you'd like to attend? 

Peer2Peer sessions are group discussions around specific security topics, where participants get the chance to really dig deeply into a topic that that care about with a group of peers. This year we've once again asked the discussion facilitators to help explain what you can expect from their sessions so that you can choose the groups and topics that will be most beneficial and interesting.

This post features the following five sessions:  

1. Counterterrorism—The People Factor
2. Integrating Retail Cybersecurity, Loss Prevention, Risk, Fraud and Privacy
3. What’s a Trusted Technology Provider and How Do I Know One When I See One?
4. Compliance as a Hammer: Aligning with FedRAMP
5. Security of Public Cloud Services: It Takes a Village

1. Counterterrorism—The People Factor (P2P2-T11)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

Managers and supervisors should be able to benefit most from the session and contribute to it, as well as individuals who work with confidential or sensitive information. Attendees from organizations that have had a history of work place will also benefit, and investigative professionals should be able to contribute significantly to the session. We’re looking for supervisors of all types, human resources professionals and security analysts.

This session is best approached with an open mind. Individuals should already be sensitized to recognize anomalies in human behavior or have an interest in doing so. Observation skills, logical reasoning and analytical skills are all helpful.

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

Typically information security professionals are immersed in the bits and bytes, they concentrate on the latest technological gizmo and often lose sight of the fact that humans can and do defeat almost any system.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion?

• Have you ever received training on how to recognize potential problems with employees that might lead to cyber or physical incidents?
• Does your firm provide leading edge training on current security challenges such as how to deal with an active shooter?
• How would your organization relate to local law enforcement?
• Who is responsible for calling law enforcement?
• What are the criteria for doing so?
• Is there a policy? Is there suitable training and enforcement to back-up the policies?
• Has your company or your industry experienced an insider incident of any type?
• Is your company planning on a RIF in the near future? Have there been any incidents related to past work force adjustments?

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

Attendees will gain a great appreciation for going beyond technology to secure their organizations and feel they are much better prepared to deal with the human element. They will have:

• A basic familiarity of how to recognize potentially troublesome employees.
• An understanding of how investigations unfold in real life and a realistic set of expectations about them.
• Real life examples of investigations, work place violence incidents and patterns.

2. Integrating Retail Cybersecurity, Loss Prevention, Risk, Fraud and Privacy (P2P1-W09)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

Managers who are trying to integrate across silos: CISOs, CTOs, risk leads, privacy leads and CIOs. 

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

As we continue to work with the board to make sure they understand risk, and new vendors emerge every day with new capabilities, we need to look at how we are building our teams. It is critical to both strategy and performance to be able to show that we are effectively managing information risk across the enterprise, and effectively teaming with partners to mitigate growing attacks.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion?

What are your best practices and tools plus what are you major pain points and gaps?

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

I want us to talk about practical processes that can be implemented as soon as folks get home, we should avoid talking about theory. 

3. What’s a Trusted Technology Provider and How Do I Know One When I See One? (P2P2-T09)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

This Peer2Peer session will be of great interest to those concerned with tainted software and cyber devices.  We'll talk about how best to mitigate the risk of their cyber products being maliciously compromised including counterfeit h/w or s/w components in their supply-chain.

The discussion will be useful to those that provide cyber technology—the provider, hardware and software component suppliers, and value-added resellers, as well as those that buy them - the government, and large and small commercial enterprises.

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

In a world where we all face the possibility of cyber attacks, both those that buy and use commercial technology and those that create and integrate it are concerned that they may inherit products/components that are malicious, that have been tampered with, or that are counterfeit. In this session we will discuss some of the proactive steps they can take to offset these risks, whether they are the buyer, the integrator, or the producer.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion?

If you are a producer/provider: What would you want your customers to ask you so you can explain what you do to deliver products that are genuine and untainted by malicious software or hardware? How would you go about convincing them? What would you tell them or show them?

If you are a consumer: What do you want to ask your provider about the software, hardware, and upkeep to give you confidence that it hasn't been maliciously tainted or includes counterfeit parts? What would you want as evidence to convince you?

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

We hope that the discussion in this session will start the attendees thinking about this topic and the ways they can improve what they are doing and asking others to do to address the problems with cyber supply chains and they will be starting to be proactive about gaining confidence that the goods they receive or deliver are free from malicious taint and contain legitimate parts and software.

4. Compliance as a Hammer: Aligning with FedRAMP (P2P2-R07)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

FedRAMP has been around for a couple of years now, and more companies want to pursue a JAB Provisional Authority to Operate. Is your company participating or thinking about participating in FedRAMP?

This session will encompass what kind of costs are associated with being compliant to the standard; the time to document, work with 3PAO’s, and updating systems to comply.

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

During this hour, we will be discussing how the FedRAMP standard sets the bar for security and how our companies can raise that bar to a higher level.

The key take away will be how to get involved in improving standards such as FedRAMP so that it is easier to conform to them and improve chances in obtaining a JAB Provisional ATO.

5. Security of Public Cloud Services: It Takes a Village (P2P1-W07)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

This session is for those looking to deploy cloud services, but who are concerned about security, privacy and regulatory issues. It’s for anyone from an information security manager up to the CISO; those who understand the basic technical aspects of the cloud, but aren’t clear what they need to do in order to ensure their cloud deployment is secure.

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

Firms are spending tens of billions of dollars in the cloud, but if they don’t know what they need to do to ensure their data is secure in the cloud, those investments in the cloud can quickly turn into significant liabilities.

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion?

You can outsource cloud responsibilities, but you can’t outsource its liabilities. Even if you outsource everything to the cloud; there are still significant management and security management responsibilities that only you can do.

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

Attendees will have an understanding that any use of cloud services is shared responsibility, and they’ll understand what their specific responsibilities are.

You can check out all of the Peer2Peer sessions on our agenda and read about more sessions here, here and here.