It's two years in, and COVID is still threatening to steal RSA Conference's mojo. But for those willing to brave Moscone in San Francisco (and those attending virtually), you won’t be disappointed. Here are our picks for must-see talks.
RSA Conference 2020 snuck in just under the wire, in late February of 2020, just before the COVID-19 virus took hold in the U.S. and the gates slammed down on normal life. Last year’s show was a “virtual only” event. But this year promised to be different — a return to normal or, at least, as close to normal as possible with the Omicron variant and its alphanumeric offspring running roughshod over U.S. communities.
Or not. What’s clear is that the last two years have seen a lot of water flow under the bridge in the information security space. Trends like digital transformation and cloud adoption went into hyperdrive since 2020, urged along by COVID-induced lockdowns and the shift to remote work.
As a consequence, the cybersecurity landscape now in 2022 looks very different than it did back then. Whether virtual or in-person, the RSA Conference promises to bring you up to speed quickly on the latest trends in both threats and defense: from ransomware to DevSecOps to Software Supply Chain Security.
So, what sessions should be on your RSA dance card? Here are the ones we’ll be checking out at the big show.
[ Get key takeaways from a survey of 300+ security professionals on software security. Plus: Download the report: Flying Blind: Firms Struggle to Detect Software Supply Chain Attacks ]
Monday, June 6, 2022
Is a Secure Software Supply Chain Even Possible, Let Alone Feasible? (14:20)
This talk features Steven Lipner of SAFECode and Tony Sager, of the Center for Internet Security. It’s always useful to challenge the fundamental assumptions that we make in carrying out our day to day jobs. One of the good things that shows like RSA do is put you in the presence of folks who can hit you with some new ideas and thinking that shake those fundamental assumptions - and thereby get you moving in a more productive direction. That’s why I like this talk on the first day of RSA. As its title suggests: Steve and Tony are challenging one of the fundamental assumptions of the software development and information security fields right now: that there is such a thing as a software “supply chain” and that — conceptually — a software supply chain behaves in pretty much the same way as physical supply chains do — you know, the kinds used to make televisions or automobiles or phones. As Steve and Tony point out: that fundamental assumption may be wrong and worthwhile reconsidering. "Chain" is a broken metaphor for security, they’ll argue. And thinking of software development as a “chain” versus, say, a supply "web" blinds us to alternative models developers should be using to secure development pipelines, including those that mix standards, testing, and (yes) enforcement.
You’ll need a Full Conference pass to attend this talk.
Tuesday, June 7, 2022
Colonial Pipeline - What Happened, What Changed (09:40)
This panel is moderated by Bryson Bort of SCYTHE, with Suzanne Lemieux of API; Tim Starks of CyberScoop; and Tim Weston of DHS/TSA. The Colonial hack, ransomware infection and subsequent disruption in the pipeline’s operation was the most explicit and publicized attack on critical energy infrastructure ever in the U.S. and gave way to a raft of new regulations and attention on critical infrastructure cybersecurity. But there’s still much that isn’t known — or widely known — about the incident and what followed. In this session, Bryson and crew will discuss what happened during the Colonial Pipeline breach from multiple perspectives. Attendees will also hear from a TSA Cybersecurity Coordinator to discuss what changed in the government’s treatment of risk to pipelines and other critical infrastructure, why it changed, and what's next.
You’ll need an Expo Plus pass to attend this talk.
Software Supply Chain Security is no game, or is it? (13:10)
Software supply chain security is one of the big issues under consideration at this year’s show. And — for the most part — these are pretty weighty discussions. Fortunately, ReversingLabs' Jasmine Noel has found a way to have some fun with the topic. Her Tuesday afternoon talk will test your knowledge of software supply chain security against that of your peers. Do you know what type of attacks can and cannot be detected at different points in a software lifecycle? Jasmine will kick it “game show”-style to teach the audience about different software supply chain attack, detection, and mitigation techniques.
You’ll need an Expo pass to attend this talk.
Addressing Supply Chain Security Risks: MITRE's System of Trust (13:15)
One of the biggest obstacles to improving the security of organizations is the tendency of large and complex organizations to “silo” around different functions and areas of expertise. So: the legal team addresses legal issues, the development team focuses on software development, and info sec teams focus on securing the IT environment. The problem is that attackers have never recognized the boundaries separating internal “turf.” If an exploit like Log4Shell can facilitate access to a sensitive network…great! Do cybercriminal gangs care that they’re getting their access by way of a vulnerable open source library versus, say, a vulnerable VPN concentrator? Not a bit. What’s needed is a way to bring all these functions together with a single purpose: reducing cyber risk and ensuring more ‘trustworthy computing’ to (not) coin a phrase. That’s what this talk is about. MITRE — the organization that brought us the amazingly useful ATT&CK taxonomy — has a new framework for supply chain security. The Supply Chain System of Trust (SoT) is a means of “defining, aligning, and addressing the concerns and risks that stand in the way of organizations’ trusting suppliers, supplies, and service offerings.” Robert Martin, a senior software and supply chain assurance principal engineer at MITRE Labs will unveil the new framework in this talk. "The System of Trust is about organizing and amalgamating existing capabilities that just don't get connected right now,” he told to ensure full vetting of software as well as service provider offerings, for example.
You’ll need a Full Conference pass to attend this talk.
Wednesday, June 8, 2022
CI/CD: Top 10 Security Risks (09:40)
Attacks on software supply chains and agile development teams are a growing threat. Incidents such as the hack of SolarWinds, for example, exposed the vulnerability of agile, continuous integration/continuous delivery (CI/CD) operations to compromise. But what do attacks on development pipelines look like? And where are vulnerabilities concentrated? That’s what this talk takes on. In it, Daniel Krivelevich, the CTO at Cider Security and Omer Gil, Cider’s Head of Research explain the findings of research they’ve done to cross-reference and analyze “the most notorious CI/CD security breaches,” including SolarWinds, CodeCove and PHP. They’ll use their talk to detail the top 10 CI/CD risks that emerged from that analysis and identify the most common patterns found in the attacks. File this under “Makes you Smarter.”
You’ll need a Full Conference pass to attend this talk.
Building Trust in a Zero-Trust World to Confront Tomorrow’s Cyber Threats (13:15)
“Zero Trust” is the Holy Grail of the information security world - the North Star that every enterprise should be navigating by. Or, at least that’s what we’ve been told. Practically, achieving “Zero Trust” is a heavy lift even for the most well-resourced and sophisticated firms. Or is it? This keynote session at RSA brings together an all-star panel of experts who can talk - often from personal experience - about the challenges of transforming security cultures to address a fast-shifting threat environment and how public-private partnerships can be leveraged to help achieve better outcomes. The panel includes Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), Kevin Mandia, CEO of the firm Mandiant (recently acquired by Google) as well as Sudhakar Ramakrishna, CEO of SolarWinds. The always-wonderful Niloofar Razi Howe of Energy Impact Partners is moderating.
You’ll need an Expo Plus pass to attend this talk.
M365 Threat Hunting—How to Understand Attacker's TTPs in Your Tenant (14:25)
One of the biggest changes of the last decade - and especially of the last two years - is the continued, rapid migration of companies to cloud-based infrastructure from physical and internally managed IT infrastructure. This includes office productivity suites like Microsoft 365, Google G-Suite and so on. The importance of this shift can’t be overstated. Organizations across the economy have shifted from a (mostly) physical, on premises IT infrastructure to one that is now, mostly, cloud- based and managed by a cloud provider. While this has its advantages (no more worrying about Patch Tuesday), it also tends to concentrate risk. There might be fewer threats and attacks, but when they happen, everything is at stake. The shift to cloud-based platforms also changes the threat paradigm for internal security teams. That’s why this talk, by the inimitable Aaron Turner of Vectra AI - a longtime Senior Security Strategist at Microsoft - is one you shouldn’t miss. With Microsoft 365 (fka Office 365) ubiquitous, how should security teams understand the risks associated with that platform, or what an attack might look like? Aaron takes an in-depth look at how to prepare to protect the M365 tenant and hunt for threats in it.
You’ll need a Full Conference pass to attend this talk.
Thursday, June 9, 2022
Hacking Exposed: Next-Generation Tactics, Techniques and Procedures (09:40)
One of the big benefits to attending a show like RSA is to catch up on what is cutting edge in threats and attacks. Crowdstrike, as one of the leading endpoint detection and response (EDR) vendors out there has a unique perspective on this and a really wide lens with which to view the threat landscape. This keynote speech features George Kurtz (CEO) and Michael Sentonas (CTO) of CrowdStrike and will highlight upticks in ransomware and supply chain attacks. These two will review the latest trends of next-generation tactics, techniques and procedures from the cyber adversaries who are actively targeting sensitive networks and IT environments. The talk includes a live demonstration of “Living off the Land” techniques used by adversaries, an invaluable resource for would-be victims.
You’ll need an Expo Plus pass to attend this talk.
Questions? Come say hello at #RSAC
ReversingLabs is excited to be an exhibitor this year at the conference. If you’re looking to learn more about our new, innovative technology, such as secure.software, plus get some cool swag, visit us at Booth #4429 in the North Expo. Our team will be happy to answer your questions about who we are and what we do. See you there!