My Love-Hate Relationship with RSA
Here are seven RSA 2020 sessions to help security training and awareness pros cut through the carnival atmosphere and learn something.
Let’s face it. The RSA Conference experience can be overwhelming.
In good ways and in not so good ways.
RSA is equal parts knowledge share, relationships and sideshow. Fancy booths. Shiny lights. Free stuff.
Don’t get me wrong; all this can be fun. We’ll be there ourselves spreading the word about what a comprehensive security awareness initiative can do to change behavior for the better.
But it’s the building knowledge and the relationships that I get excited about. Nothing can compare to connecting with others in the field to swap stories, share ideas, and generally geek out about stuff we’re all passionate about.
The Human Element
Fortunately, this year’s Human Element theme should provide enough material to keep any training and awareness professional interested.
As the RSAC 2020 organizers put it, this theme recognizes that even with all the new technologies, strategies and artificial intelligence being deployed within the industry, it’s still about people and relationships.
In the security three-legged stool of “people, process, technology,” I’m looking forward to spending more time on the people and process legs.
If it’s your first time at RSA, or you’re a businessperson new to the world of security, or you’re new to training and awareness, here are some of my recommendations for sessions to attend.
(Author’s note: I’m cheating with the last two – they’re sessions I’m participating in but I’m including them here because I’m looking forward to learning just as much from my co-presenters, panelists, and the audience!)
February 25, 2020, 2:20 PM – 4:20 PM, Moscone South
- John Elliott, Consultant and Author
- Aaron Rosenmund, Author, Evangelist and Researcher: Incident Response, Pluralsight
InfoSec experts Elliott and Rosenmund will lead tabletop exercises using a cyber-incident scenario to teach attendees how to facilitate a cyber-exercise back at home.
Many training and awareness managers also run tabletops, but if you don’t, this session will make you want to! Discover ways to encourage learning behavior, use incident role-play, tailor a scenario for specific circumstances, and capture lessons learned.
February 28, 2020, 9:50 AM – 10:40A M, Moscone West
- Frank Abagnale, CEO, Abagnale & Associates
- Ori Eisen, Founder, Trusona
Yes, that Frank Abagnale, of Catch Me If You Can fame.
I wouldn’t pass up the chance to learn from one of the country’s most well-known con men what bad guys do with the money they get from exploiting compromised user credentials – responsible for most high-impact breaches – and what motivates them to do it.
February 25, 2020, 8:55 AM – 9:15 AM, Moscone West
- Wendy Nather, Head of Advisory CISOs, Cisco
Perhaps one of the more on-point topics for the Human Element theme, Nather will cover ways to revise outdated security models and engage at a human level.
As Nather will discuss, decentralized management of computing means users everywhere need to be part of the security solution. Business has changed, and security needs to radically change with it. Well said!
February 26, 2020, 1:30 PM – 2:20 PM, Moscone West
- Edna Conway, VP & GM, Global Security, Risk & Compliance, Cloud Supply Chain, Microsoft
- Ophir Gaathon, PhD, CEO/Co-Founder, DUST Identity
I’ve seen Edna speak before and can’t recommend her enough. Though the session description below sounds super tech-heavy, Edna has a straight-talking mentality that even a newbie can understand. When it comes down to it, awareness managers are in the risk business, too, and this talk will touch on another important aspect of risk.
As Edna and Ophir will discuss, the service platform revolution triggered a tectonic shift in global supply chains, escalating unaccounted risk from third-party XaaS providers. Explore ways to bridge trust gaps with entities we don’t even necessarily know exist.
February 25, 2020, 11:00 AM – 11:50 AM, Moscone South
- Dr. Jessica Barker, Co-Chief Executive Officer, Cygenta
Two of my passions combined: psychology and cybersecurity!
The cyber industry has long used fear, uncertainty, and doubt (FUD) to encourage users toward behavior change, but research is showing that doesn’t quite work. Dr. Barker will discuss why people can’t just get scared into security and what can have a more positive impact.
February 26, 2020, 8:00 AM – 8:50 AM, Moscone South
Moderator: Daniel Eliot, Director of Education and Strategic Initiatives, National Cyber Security Alliance
- Lisa Plaggemier, Chief Strategist, MediaPRO
- Masha Sedova, Co-Founder, Elevate Security
- Perry Carpenter, Chief Evangelist and Strategy Officer, KnowBe4
Daniel Eliot of the NCSA will lead three employee awareness experts discussing best practices for employee cybersecurity awareness programs. Specifically, this session will touch on how awareness professionals can think outside of the box to instill behavior changes that optimize enterprise-wide security.
February 26, 2020, 9:20 AM – 11:20 AM, Moscone South
- Lisa Plaggemier, Chief Strategist, MediaPRO
- Tonia Dudley, Security Solutions Advisor, Cofense
I’ll be joining Cofense Security Solutions Advisor Tonia Dudley to explore individual psychological characteristics like apathy, fatigue and denial that make behavioral change challenging. This talk will sift through inherent benefits of human physiology in eliciting constructive outcomes, such as how brain chemistry responds to stories.