#RSAC is what you make of it

Posted: 2013/02/20 in Conferences, DevOps, Rugged

Q: Are you going to RSA?

A: Of course. RSA is mandatory punishment for people like me.

Like I said just before RSA USA 2012, each year at RSA I want to quit security.

At the end of the day, like with most things…

…it is what you make of it. Make it matter this year. Demand better. I will be.

My suggestions on are worth re-reading :

  • People Value
  • Non-RSA Venue
  • The Bizarre Bazaar of the Exhibit Floor

Anticipated Buzz-Words:

Remember: Just because a buzzword is abused and/or nausiating, doesn’t mean all uses or the ideas/facts behind them are nonsense. The trick is to ask people to define their use, defend their use, and provide specifics.

  • Big Data: This will be the least clear and most abused. It isn’t just having a hadoop cluster or *B or *flops of useless data.
  • Actionable Intelligence: Done right, this is becoming table stakes. Done wrong, this is a marketing retread. Ask for specifics. Most are offering a data feed. Good programs are combining and enriching from OSINT, HUMINT, SIGINT, pay-for feeds of various types, information sharing communities/pilots. This topic is worth sifting out Signal from Noise.
  • Offensive Security: For some, the term itself is “offensive”. This often is heard as “Hack Back”. Which is for most, a really, really bad idea. Aside from the legal or attribution debates… if you can’t consistently change default passwds or basic access control, why do you think you’ll win an escalating fisticuffs with your attacker? My Wed 1pm panel (END-W25) will try to clarify this.
  • Active DefenseThis is a less offensive spin on “Offense”, but definitions vary tremendously. It often means beginning to use deception, deterrence, increased work effort/work factor, increasing the entropy of the attack/er, etc. Again, my Wed 1pm panel (END-W25) will try to clarify this.
  • APT or APT1: Yes folks. The Kitten-Killing, Thought-Terminating Cliche’ is back. Given the one two punch of the Executive Order and the hotly debated APT1 materials put out by Mandiant; China, China, China will be discussed. Not all espionage is out of China. Lots is. Get past the groaning and try to get to substance.
  • Adversary: This is a good one I am pleased to see entering the lexicon. While many “thought leaders” dogmatically fight the inclusion of adversary analysis, they are wrong 😉 . The programs that are modernizing are trying to weave in the chaining of Adversaries -> Motivation Structures -> Preferred Assets Types -> Their Common/Range of TTPs (Tactics, Techniques & Procedures). Much like this artifact from our Adversary talk from RSA last year (slideshare here).


My Speaking Slots:

Monday, February 25, 3:30 PM – RSA USA – Innovators Sandbox – Room 134 – Facilitator

ISB-001 – Do You Know Your Enemy Enemies?: WHO & WHY do matter…

Much of RSA Conference will focus on WHAT & HOW; at Innovation Sandbox we will focus on WHO & WHY. From script kiddies to nation states (or chaotic actor/hacktivists to citizen soldier militias)… gone are the days where our adversaries are only financially driven. We now face a pantheon of adversaries – each with varying motivational structures, preferred asset type(s), capabilities and levels of skill/determination. This facilitated white boarding session will discuss the characteristics of modern adversaries and hopefully raise questions (and answers) on their implications to our risk management priorities.

This White Boarding session should be both fun and challenging – given the innovative crowd.

Monday, February 25, 4:00 – 5:30 PM — BsidesSF at DNA Lounge 

Closing Keynote: Joshua Corman

DNA Lounge is at 375 Eleventh Street San Francisco, CA 94103
I will be “taking the gloves off” in this audience of fellow digerati. We are not getting better (enough), fast enough. We are part of the problem. We need to level-up and we need to entertain some uncomfortable ideas. The pot will be stirred. If there is anything you’ve wished you could say to them, you have a few more days to load me up…It will be followed immediately by: “We Quit” – A Roast of the Infosec Business hosted by Jack Daniel, JadedSecurity, and Javvad Malik.

Tuesday, February 26, 3:50 – 4:50 PM – RSA USA – Room 132 – Panelist

ASEC-T19 – Making Rugged DevOps and Infosec Work

Because of widespread cloud adoption and the DevOps movement, information security has never been at more risk of being completely marginalized by development and the business. This panel will discuss how information security can integrate into these value streams, where agile businesses routinely conjure thousands of compute instances doing over 1000 deploys per day.

Dwayne Melancon will moderate myself and fellow Rugged DevOps trailblazers: Gene Kim, David Mortman, and Nick Galbreath.

Wednesday, February 27, 1:00 – 2:00 PM – RSA USA – Room 309 – Moderator

END-W25 – Offensive Security: Hope or Hype?

With the threat environment dramatically changing, there is a new consensus that it is almost impossible to keep targeted attackers out of any large-scale network. This panel will discuss new thinking around “Active Defense,” or what some would term “Offensive Activities.” We will explore the pros/cons of enacting an offensive security position in defending a company’s networks.

This one is going to be feisty. Born out of some hot offline debates, this clash of the titans needed to happen. I will have my hands full moderating, but I am up for the challenge – and for challenging them. Come watch George Kurtz (CEO of CrowdStrike), Chris Hoff (Juniper), Adam O’Donnell (Sourcefire) and Andrew Woods (Stanford) duke it out. Got anything you want asked?

Thursday, February 28, 8:00 – 9:00 AM – RSA USA – Room 135 – Panelist

HT-R31 – Mayans, Mayhem and Malware

This panel focuses on the persistent gaps and perennial conditions confronting organizations today, notably in areas of compliance and governance related to threat mitigation, education and awareness. Also, we examine the resurgence of advanced, malicious code & content intelligent enough to obfuscate, assess, re-assess and execute against a programmatic strategy.

Will Gragido, Brian Honan and I tried this at RSA Europe and it was surprisingly good – realistic and griity and honest… This time we’re adding two other dynamic characters.

Friday, March 01, 9:00 – 10:00 AM – RSA USA – Room 133 – Co-Presenter

GRC-F41 – Control Quotient: Adaptive Strategies for Gracefully Losing Control

Cloud, virtualization, mobility and consumerization have greatly changed how IT assets are owned and operated. Rather than focusing on loss of security control, the path forward is cultural change that finds serenity and harnesses the control we’ve kept. The Control Quotient is a model based on control and trust, allowing proper application of security controls, even in challenging environments.

I’m teaming up again with David Etue and we’ve been maturing this idea/approach over several years. A lot of my best concepts/models are born near the end of final content creation. This happened again this year with this talk. One of our new models has been sanity checked with a few of you and we’re excited that it will pack a real punch.

I regret this is so early on the last day but this is not one to miss.

The 6 minute RSA Podcast pre-interview of our talk is posted here.

The security challenges have REALLY stepped it up… it’s time we do.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s