Are you planning to check out any of the Peer2Peer sessions at RSA Conference 2017?
Peer2Peer sessions are group discussions around specific security topics, where participants get the chance to really dig deeply into a topic that that care about with a group of peers. This year, we've once again asked the discussion facilitators to help explain what you can expect from their sessions so that you can choose the groups and topics that will be most beneficial and interesting to you.
This post features the following seven sessions:
- Building a Security Data Sciences Program: People, Process and Technology (P2P1-R07)
- Application Security Metrics (P2P3-R11)
- The Wild West Cloud Security Shootout (P2P1-W04)
- Securing IoT: Tech’s Latest Wild West (P2P4-W08)
- Improving Trust in Connected Devices: Do Your Part (P2P4-R07)
- You Can’t Take It with You! How to Manage Security When Personnel Depart (P2P2-R11)
- Talking to Non-Security Professionals—Metaphors, Language and More (P2P2-W08)
1. Building a Security Data Sciences Program: People, Process and Technology (P2P1-R07)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Managers, contributors to building programs, and leaders in the IR and Engineering spaces will benefit most from this conversation.
Q: Why is the topic of your session important for the information security industry?
A: The industry is moving to leverage much more data science driven algorithms and machine learning, but there is no standardized approach to success in combining this information to support incident response activities.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Based on the layered defenses, standard operating procedures, and technologies employed in your respective organizations what has been the most successful tasks to focus human efforts in leveraging a multitude of intelligence sources.
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Attendees will take back thoughts on different technologies which have proven track records to integrating in their own enterprises to help architect a successful data science program as well as leveraging the growing complexity of their environments to build procedures which help to focus efforts into identifying malicious attackers and fraudsters.
2. Application Security Metrics (P2P3-R11)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: CISOs and Application Security Leaders will benefit most from this session. Strategic executives will learn about what kinds of questions to ask about application security in order to measure a program’s effectiveness, and practitioners will learn about how to respond with data-driven, rather than anecdotal or opinion-based, evidence.
Q: Why is the topic of your session important for the information security industry?
A: As more organizations evolve towards leveraging the cloud for managing their technology infrastructure, the application layer remains a primary point of control for both developing new applications as well as introducing new vulnerabilities. Limited resources are available to find, fix, and prevent software security vulnerabilities. Data and metrics are critically important to help practitioners make the best decisions about how to structure and measure the value of an application security program.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Attendees should think about what kinds of questions they get from executives and other stakeholders (clients, auditors, regulators, etc.) about their application security programs. They should also think about how they have responded to these types of queries in the past, and come prepared to discuss challenges they have had in these conversations.
If attendees have little or no experience responding to questions about their application security programs, they should come prepared to share about the challenges they face when trying to talk about your program to key decision makers who allocate budget and resources, but aren’t necessarily security experts themselves.
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Attendees will leave the session with a strong understanding of how to present and discuss their application security activities in terms of depth, breadth, and effectiveness. They can use this information to evaluate their current approach and become better equipped to communicate capably about the value of their program in order to justify necessary resources and budget.
3. The Wild West Cloud Security Shootout (P2P1-W04)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: IT and security practitioners looking to move — or already have moved — to cloud based SAP Hana.
Q: Why is the topic of your session important for the information security industry?
A:
- Common security architectures no longer work in cloud PaaS/IaaS
- Several security controls must change when using SAP HCP or Hana on AWS
- Security programs must adjust to what provider does/does not supply
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Come prepared to discuss/share with peers what they have tried and failed / succeeded at.
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Leave with confident they can tackle most security challenges — albeit differently than they have in the past.
4. Securing IoT: Tech’s Latest Wild West (P2P4-W08)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Given recent security issues relative to IOT and the growing realm of connected devices IOT is top of mind not only for a broad array of security professionals but those on both the manufacturing side as well as the consumer side. Anyone that has to secure IOT devices, procure them, and/or manufacture them would have great input into the discussion.
Q: Why is the topic of your session important for the information security industry?
A: We have seen both a proliferation of connected devices and security issues associated with them including attacks emanating from unsecured connected devices. This shows there is a lack of maturity, standardization and in some cases understanding and appreciation for the risk these devices hold. Left unchecked they will continue to be a growing threat vector putting companies and consumers at risk. We must discuss the best practices for tackling IOT security so we can fully benefit from the seamless experience the technology provides.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Given the state of the union relative to IOT, what is one thing you think can be done to remediate or mitigate the risk?
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: The conversations should stimulate awareness of the issues around IOT and how we got to this point in the industry. Attendees will be able to ferret out ideas around how to address the issue both today and also what needs to happen to form a holistic perspective going forward.
5. Improving Trust in Connected Devices: Do Your Part (P2P4-R07)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Anyone that is interested in the intersection of cybersecurity and human life and safety will benefit. Two areas of frequent discussion are medical device security and connected/autonomous vehicle security.
Q: Why is the topic of your session important for the information security industry?
A: Much of our industry is focused on protecting information. We believe it is important for the industry to also prepare to protect human life and safety.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Do you believe that the current and upcoming devices, cars, “things” that can impact your safety are and will be sufficiently secured?
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Attendees should leave the session with additional insight into the current state of security as it impacts human life and safety, and will also have some ideas on how they can have a personal impact on the security of our shared future.
6. You Can’t Take It with You! How to Manage Security When Personnel Depart (P2P2-R11)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Virtually all attendees will benefit and can contribute, because most everyone is working within, or with, organizations that have personnel departures. As for specific roles or responsibilities, attendees who assess security of processes, or who participate on cross-functional process teams, that involve user access to information system resources and information assets will particularly benefit, such as those in IT security, legal, human resources, asset-management, risk-management, and insurance
Q: Why is the topic of your session important for the information security industry?
A: All organizations regularly have personnel departures: resignations, layoffs, terminations and resignations, that involve employees, contractors, interns, guest workers and visitors. Some of these departures involve people with privileged access, or special relationships with customers or vendors, heightening risk. Departures can be predictable, managed transitions, while other departures occur with little warning. Virtually all departure transitions involve information and access sensitive or even strategic to the organization. Most organizations have some process in place to manage these departures, but may not have a full picture of potential risk or proven mitigation strategies, and could richly benefit from a discussion with their peers.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Attendees should come into the session with some understanding of the departure processes they currently have in place, with some thinking about concerns they have regarding holes in the processes, and what they hope to accomplish within their organization to improve processes.
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Attendees will leave knowing this is a risk widely shared, and armed with a far better understanding of the issues and available controls involving personnel departures. This session will be strategic and tactical, and not deeply technical.
7. Talking to Non-Security Professionals—Metaphors, Language and More (P2P2-W08)
Q: What type of attendee will most benefit from, and be best positioned to contribute to, this Peer2Peer session? Do you have a specific role or job title in mind?
A: Participants who communicate any security information to non-security professionals, including all levels of management, internal business associates, clients, vendors, and the public. No specific role or title.
Q: Why is the topic of your session important for the information security industry?
A: Clear communication is an important aspect that may not be well addressed in a typical security training program.
Q: What is the one thing you would like the attendees to really think about prior to the session as a way to prepare themselves for the discussion?
A: Attendees should really think about what challenges they have had, metaphors and other strategies they used in overcoming the challenges, what remains challenging. The session will be best if participants share both challenges and successes.
Q: What information/skills/tools will attendees be armed with when they leave your session?
A: Attendees will leave aware of potential communication gotchas and strategies for avoiding and resolving them. They will also connect with other attendees who have similar interests and challenges. This is often the most important thing that attendees take back to their work from a conference.
You can check out all of the Peer2Peer sessions on our agenda here: https://www.rsaconference.com/events/us17/agenda.