8 Must-Attend Security Sessions At RSA Conference 2013

RSA Conference: More Than Socializing And Networking

RSA Conference 2013, which runs this week in San Francisco, has dozens of sessions covering more than two dozen tracks. From risk management discussions to hacking techniques, senior security executives will discuss how to run and maintain effective security programs while security researchers explain some of the latest attacks to help businesses apply the right defenses. RSA Conference is the industry's largest event and is where vendors showcase emerging security technologies and where industry executives land deals. Some of the following hot security sessions are worth attending.

The Killer Next Door: Third-Party Data Breaches

Third-party breaches are having a serious impact on security as outlined by several data breach studies and highlighted recently by the Zendesk breach which impacted Twitter, Tumblr and Pinterest users. A panel of experts will talk about how to prepare and react to a third-party breach. The panel discussion led by James Christiansen, chief information risk officer at risk management software firm Evantix, includes experts from Experian, ID Experts and the law firm of AlvaradoSmith.

When: Tuesday, Feb. 26, 2:30 p.m.
Where: Room 310

Black Hat Budgeting: Raising Compromise Costs

Security experts say one way to defend against attacks is to make it more costly for cybercriminals to carry them out. Making it expensive for attackers to succeed could make them set their sights on other targets. The approach is to create a security strategy that has less rigid defenses. The session, which is moderated by reporter Brian Krebs, includes Richard Bejtlich, CISO of Mandiant, Tim Keanini of nCircle, Jeremiah Grossman of WhiteHat Security and Christofer Hoff of Juniper Networks.

When: Tuesday, Feb. 26, 2:30 p.m.
Where: Room 135

The 20 Critical Controls of Security

A group of public- and private-sector security experts identified 20 security controls in 2009 to help government agencies block attacks against critical systems and lock down sensitive data. Security experts say those controls can be applied more broadly to defend against targeted attacks and other threats posed to businesses. The panel discussion on how to implement the 20 controls as part of a defense strategy is being led by Tony Sager, director of the SANS Institute.

When: Tuesday, Feb. 26, 1:10 p.m.
Where: Room 306

Too Big To Fail: Scaling Security In Era Of Big Data

What exactly is big data? Some organizations are already using data analytics to make risk-based decisions. Several senior security executives will discuss the impact of scale in solving big security challenges, such as detecting targeted attacks or finding and mitigating weaknesses. The session is being led by Forrester senior analyst Rick Holland and includes the CISOs of Zappos, Allergan and Humana.

When: Wednesday, Feb. 27, 8 a.m.
Where: Room 130

The Five Dangerous New Attack Techniques And What's Ahead

Information security expert Ed Skoudis of Counter Hack Challenges and Johannes Ullrich, chief research officer of the SANS Institute, will talk about some of the newest attacks being detected and analyzed by threat researchers. They will describe the most dangerous avenues of attack and how they might evolve over the coming year.

When: Wednesday, Feb. 27, 9:20 a.m.
Where: Room 134

Offensive Security: Hope or Hype?

Some security experts are advocating the radical approach of striking back at attackers or setting up decoy systems and other active defense measures designed to damage an attacker. Panelists will discuss the pros and cons of an offensive security strategy in defending a company's network. The session is being moderated by Josh Corman of Akamai Technologies and has a well-known group of experts including Christofer Hoff of Juniper Networks, Andrew Woods of Stanford's Center for International Security and Cooperation, George Kurtz of CrowdStrike and Adam O'Donnell of Sourcefire.

When: Wednesday, Feb. 27, 1 p.m.
Where: Room 309

Mayans, Mayhem And Malware

This panel discussion aims to focus on the compliance and governance gaps related to threat mitigation, education and awareness. The panel will talk about ways to reassess and execute against a pragmatic strategy to better defend against targeted attacks. Led by Will Gragido of RSA NetWitness, the panel includes Chris Valasek of IOActive, Josh Corman of Akamai Technologies, independent consultant Greg Hoglund and Brian Honan of BH Consulting.

When: Thursday, Feb. 28, 8 a.m.
Where: Room 135

Mobile Security Battle Royale

Apple has enjoyed relatively few attacks on its iOS devices while attacks targeting Google Android tablets and smartphones have skyrocketed, according to studies. Is Apple's security approach succeeding? There are similarities and some subtle differences in the technical implementations of security in mobile platforms. A group of well-known mobile security experts will debate the security of the top mobile platforms, including Apple iOS and Google Android. The session includes security researchers Zach Lanier of Accuvant, Dino Dai Zovi of Trail of Bits, Charlie Miller of Twitter and Tiago Assumpcao of IOActive.

When: Thursday, Feb. 28, 9:20 a.m.
Where: Room 301