Are you still trying to choose which Peer2Peer conversations you'd like to join at the RSA Conference this year in San Francisco?
Peer2Peer sessions are group discussions around specific security topics, where participants get the chance to really dig deeply into a topic that that care about with a group of peers. This year we've once again asked the discussion facilitators to help explain what you can expect from their sessions so that you can choose the groups and topics that will be most beneficial and interesting.
This post features the following eight sessions:
- Security Awareness Training: How to Keep It Fresh and Engaging for Employees
- If Your Company Were to Have a Breach Today, How Would You Communicate it?
- Surviving DDOS Attacks in the Age of Mirai-Like IoT Botnets
- Countering Cyberespionage
- Continuous Purple Teaming: “Red Teaming for Success”
- To Source or Not to Source? Is That Really the Question?
- Architectural Threat Analysis: A Cross-Organizational Collaboration
- Ethical, Proactive and Meaningful User-Behavior Analytics
1. Security Awareness Training: How to Keep It Fresh and Engaging for Employees (P2P4-T11)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Chief Information Security Officers, security analysts and training professionals would benefit from attending this session to discuss how to bring security awareness training to life in their organizations.
Q: Why is the topic of your session important for the information security industry?
A: Employee behavior is the greatest threat to an organization’s cybersecurity defenses. Employees must make hundreds of small decisions each day, make sure that those decisions protect your data, not expose it.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: What are you currently doing to education your employees on security awareness? What is working and what is missing?
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Leave this session with ideas from peers in other industries on how to better engage your employees in cybersecurity on a daily basis.
2. If Your Company Were to Have a Breach Today, How Would You Communicate it? (P2P1-W12)
Q: Why is the topic of your session important for the information security industry?
A: This session will explore a communications component of incident response. The session is to focus on crisis communications, and the need and method of planning for communications. The security professional will always be faced with incidents, especially breaches. Poorly handled communications can create additional anxiety in stakeholders, leading to a public relations nightmare. Careful planning of crisis communications is required as to: What is said, when it is said, and who says it. Most of this must be planned, determined, and practiced before an incident. Otherwise communications blunders may occur while responders are running in panic mode as if their hair is on fire. Target, as an example, made several mistakes in their handling of the 2013 data breach that included poor crisis communications. This session is to survey, explore and discuss how organizations communicate during a crisis incident.
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Attendees who are involved with incident response planning, or where their responsibilities include producing information that could eventually be reported to stakeholders. Crisis communications is about information control and flow. Usually the choke point would be a Public Relations department. Information flow beyond the designated choke point, can cause issues leading to reputational damage. For example, a news agency calling up anyone in the company for information and connecting to someone who does not have the facts, or is not authorized to speak on behalf of the company.
Good candidates for this discussion are team members of incident response and emergency response teams, planners for those teams, help desk teams that could be distribution points of communications, and even Human Resources and Legal teams. Of course, corporate communications team members and corporate public relations.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: In order to explore and get a consensus of what organizations are doing, it would help to bring to the table “how does your organization do it?” In other words, do they have a communications plan? Do they have a central focal point for communications? Is there a Public Relations function? How are communications to stakeholders handled? Think of stakeholders to include: Competitors, News Agencies, Customers, Partners, Stockholders, Law Enforcement, and Regulators.
If something happened, such as a data breach, in your organization, who is allowed to answer questions and has your organization communicated and tested this as policies and procedures.
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: The attendee should understand that this is a soft skill that needs to be developed in advance and tested as part of the incident response fire drill. In many cases incident response addresses the technical skills of first responding, or even follow-on forensics. These skills help identify an incident, contain it, eradicate it, recover from it, produce reports, and learn from lessons. The attendee should understand better the stakeholder communications component, which isn’t usually addressed in an incident response scenario.
3. Surviving DDOS Attacks in the Age of Mirai-Like IoT Botnets (P2P3-W12)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Disruption of service and massive DDoS (distributed denial-of-service) is a subject that is on top of the minds of CSOs, CTOs, Data Center Managers as well as Security Engineers and Network System administrators. These attendees are positioned to contribute and benefit from this Peer2Peer session.
Q: Why is the topic of your session important for the information security industry?
A: IoT botnets like Mirai are making it increasingly difficult to defend against DDoS attacks. As more and more essential services are moving in the cloud it becomes absolutely essential for any business to keep their services functioning and defend against DDoS and that’s why this Peer2Peer is important to the information security industry.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: I would like attendees to think about their infrastructure and its defense capabilities to guard against huge 300Gbps DDoS attack launched from 150+ countries with 50,000+ slave IoT devices like cameras, routers and others.
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Attendees will be armed with unique ideas, strategies and peer knowledge on how the industry is preparing to defend against the next massive IoT based attack. They will get unique perspective on methods adopted by their peers to protect against DDoS.
4. Countering Cyberespionage (P2P1-T11)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
Someone who has heard about cyberespionage and knows that it’s an issue, but is not sure just what they need to do to counter it.
Roles:
- CIO
- CISO
- Senior security executives
- Security managers and directors
Q: Why is the topic of your session important for the information security industry?
Cyberespionage a widespread and growing threat. Countless organizations have lots highly confidential information that directly affect their bottom line and competitive abilities. The need to counter cyberespionage is an important task for any enterprise that has valuable intellectual property.
The tools to carry out cyberespionage have become much more effective over the last decade. The perfect storm of high-speed network connectivity and cheap storage means hundreds of gigabytes of corporate data can be easily transferred.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
Which of these is more heavily fortified in your enterprise - the office supply closet with toner and other expensive reequipment; or the gigabytes of confidential and sensitive data in your enterprise?
For far too many firms, it’s the office supply closet. And that is a huge problem.
Q: What information/skills/tools will attendees be armed with when they leave your session?
- Understanding of attacker targets and attack patterns
- Both immediate and long-term guidance on how to deal with cyberespionage
5. Continuous Purple Teaming: “Red Teaming for Success” (P2P3-R07)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A:
- Security Operations Center Manager
- IT Security Lead
- Chief Information Security Officer
Q: Why is the topic of your session important for the information security industry?
A: Security Leaders must continue to justify their security spend. If they can show the results of realistic threat testing and how that maps to continued maturity and risk reduction, they are better postured to brief board level executives on:
- Return on security investments, essentially validating the spend on previous investments
- Identifying security gaps and where additional investments should be made
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Over the last several years, your company has spent hundreds of thousands, or millions of dollars on Information Security Tools to emplace technical and detection controls.
- How do you know they are working?
- How confident are you that your analyst or security staff knows what a real attack looks like?
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: What are the different approaches to automated and manual testing, and what are the benefits of each
- Automated Testing
- Scripting
- Automated Testing Platforms
- Human Testing
- Pen testing
- Red Teaming
- Purple Teaming
6. To Source or Not to Source? Is That Really the Question? (P2P1-R04)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Security leaders that have gone through the process of outsourcing one or more functions of their security program will be the best able to contribute to the discussion. Anyone that has gone through or is anticipating making a sourcing decision for their security program in the next 12-18 months would benefit from the discussion.
Q: Why is the topic of your session important for the information security industry?
A: Every company is facing an increase in competition for good resources and a constantly increasing appetite for new security services. Eventually, we will all face the decision of what to outsource to a trusted third party and what MUST stay in house. This session aims to help security leaders define the parameters for making those choices.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: For those that have gone through the sourcing process, what made a successful engagement work? Conversely, when it went wrong, why? Are there specific functions in a security program that you deemed off limits and why?
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Everyone that leaves the session will be armed with lessons learned on how to make a good sourcing decision, parameters for determining functions that should be off the table, and peers that they can rely on for further discussion when they return to work and face these decisions in real time.
7. Architectural Threat Analysis: A Cross-Organizational Collaboration (P2P3-W08)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Security professionals whose role includes architectural threat analysis (or any security professional who aspires to reach that role) would most benefit from this session.
Q: Why is the topic of your session important for the information security industry?
A: Strong architecture specifications help to drive secure development and architectural threat analysis, but sometimes this is a missed opportunity.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: How does a Security team convince Engineering to draft stronger architectural specifications?
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Participants will learn how they can collaborate with Engineering to produce stronger architectural specifications, enabling early discovery of risks and discussion of alternatives.
8. Ethical, Proactive and Meaningful User-Behavior Analytics (P2P3-R04)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Any attendee will benefit and be able to contribute to the Peer2Peer session. Attendees in Identity and Access Management, Threat Intelligence, Incident Response, and Security Operations may benefit the most. Those in Legal or Human Resources would be appreciated for expert opinion, they should also find the discussion to be enlightening and relevant.
Q: Why is the topic of your session important for the information security industry?
A: User Behavior Analytics is a fast-growing technology in information security, as threats both internal and external become more savvy, it may be the only way to detect compromise. The industry lacks standards or best practices for UBA, let's develop them.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Can you tell when an employee becomes an insider threat or can you tell if a user has been compromised? How do you detect and respond to these threats?
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: During this Peer2Peer session we will draft standards, best practices or recommendations for UBA. Attendees will leave with a basic framework they can use to start a UBA program, have informed conversations with their management, and ask the right questions of vendors who offer UBA tools.
You can check out all of the Peer2Peer sessions on our agenda here: https://www.rsaconference.com/events/us17/agenda.