By Ben Rothke, CISSP PCI QSA
The RSA conference is about a month away and I am already looking forward to it. As the largest and one of the most influential information security conferences, it has turned into the go-to event of the information security season. Pretty much every player, big and small, in the information security world will be there.
RSA has long been the conference to get up to date information from security practitioners about current issues and threats. Now that the agenda for 2017 is available, four of the key topics for this year’s conference are on:
- Internet of Things (IoT) - While IoT manufacturers and security vendors are focused on IoT device security, hackers are targeting the entire IoT ecosystem—the cloud servers, mobile applications and more that make up the entire system. Let’s also not forget about the many smart cities initiatives going on in major cities across the globe. Understanding the threat surface presented and how these systems are targeted (solar panels to buildings to medical devices to drones), how they are weaponized and the specific challenges faced by vendors in securing them is key.
- Ransomware – This is now a major security issue with no end in sight. Enterprises are being forced to pay a ransom for access to their own data. Sadly, many pay the ransom, which is often demanded in Bitcoins, yet never get the decryption key from the attackers. In addition, it is inevitable that we will soon see IoT devices as a vector for ransomware injection. Sessions at the conference will deal with the impacts that ransomware will have on IoT devices and how to deal with them.
- Threat Intelligence – In 1999, the Financial Services Information Sharing and Analysis Center (FS-ISAC) was established in part that while these firms were cutthroat competitors; they understood that they would all be more successful if they shared threat intelligence. There’s a half-day session on the first day of the conference on Practical Intelligence Sharing: ISACs and ISAOs where some really smart people will be discussing way to make sense from all this data going around.
- Financial Systems – There are four sessions around Bitcoin and blockchains. These technologies are changing the financial world.
Some new things at RSA for 2017 are:
- Early Stage Expo – Many start-ups would have to blow their budget to exhibit on the sold-out expo floor. To create opportunities for the up and coming firms, the Early Stage Expo will be at the San Francisco Marriott Marquis. While away from the main conference, attendees can meet with these startups. Who knows, one of them may be the next Check Point or Kaspersky.
- College Day – On Thursday February 16, students are admitted free to the conference and expo. Given the dearth of information security professionals, the hope is that students considering an information security career will be propelled to move forward and join the ranks.
What is the same as previous years is the massive number of learning sessions. The challenge for me is determining which session to go to, given the overwhelming number of great sessions.
If you are around on Tuesday February 14, I’ll be leading session P2P1-T11 on Countering Cyberespionage. I hope to see you there.
Once last thing, if you are going and didn’t reserve a hotel room, do that yesterday. San Francisco is a small city and there is not a lot of available hotel rooms at reasonable prices. It is not usually a big deal except for large events such as conferences. While RSA is offering free space at the early stage expo, there’s no equivalent for hotel rooms. Book now, or expect to pay a lot more in the coming weeks.
To contact Nettitude’s editor, please email firstname.lastname@example.org.