RSAC 2014: RSA Conference Preview

Next week, the RSA Conference, one of the largest security conferences in the U.S. will take place in San Francisco. Most of my work next week will center on meetings with vendors. I’ll be looking at products, hearing about new research, and putting faces with names.

When I’m not in briefings, I’m going to do what I always do, and speak to attendees – the people who live in the trenches – to get their take on a few things. First, I’m going to quiz as many people as I can about the news surrounding RSA (the company) and the NSA, just to see if it had any impact on their day-to-day at the office or at home.

Second, I’m going to be talking to people about their goals and plans for the year when it comes to InfoSec. Often, when I hold these off the record discussions, I learn more about the security challenges organizations face in a single sitting, than I would by attending talks all afternoon.

The RSA Conference theme this year is “Share. Learn. Secure.” It’s a timely theme, because in addition to the major show, there are other gatherings in San Francisco next week that offer this exact level of interaction.

B-Sides San Francisco is taking place on Sunday and Monday at the DNA Lounge. B-Sides San Francisco and B-Sides Las Vegas are the two most-known conferences, but there are B-Sides conferences held regularly all over the globe.

To be honest, they’re a perfect example of the theme that is being promoted by the RSA Conference this year. If you’ve never attended one, you should. A listing of pending B-Sides gatherings is available here.

Speaking of sharing knowledge and learning, B-Sides Las Vegas has need of mentors for their proving ground program.

“We all know how hard it can be to find your voice, or even to convert your data into talking points that won’t lose your audience. So we’re looking to pair each of the Proving Ground applicants up with a mid-to-high profile mentor, with a solid track record of public engagement, who will work with them from CFP to podium.”

Moreover, on the learning front, OWASP is offering free classes at Jillian’s next week, on Monday at 2:00 p.m.

“This intensive boot-camp focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code and understand fixes.”

TrustyCon is the other show taking place next week, but it has sold out. For those who don’t know, TrustyCon was born out of protest. Most of the speakers were scheduled to appear at the RSA Conference, but canceled their talks due to the aforementioned news surrounding RSA’s business dealings with the NSA. Unfortunately, the conference had limited space, but it could return next year.

While I’m not a fan of talks when I go to the RSA Conference, I did see some things on the agenda that might be of interest. To me the interesting tracks will be Human Element, and Security Strategy. However, the usual tracks, such as governance, risk, and compliance, hackers and threats, and cloud security and virtualization, are also worth checking out.

I’m planning on running daily posts from the show. With each post, I’ll try and stick to a theme. As things stand, my plans are to talk about a given security control and offer some insight into the vendors that can address them. A “who has what” recap of the things I see on the expo floor if you will.

In addition, I’m open to suggestions. So if there’s something you want me to look into and report on, leave a comment, send me an email, or send me a message on Twitter, and let me know.

Update:

A reader recently informed me that I’ve missed something. On Saturday and Sunday, just prior to the start of RSA, the ISSA is running their annual CISO Forum. The opening dinner is Saturday at 5:00 p.m., where Brian Krebs is scheduled to keynote. Additional details are available here.