The RSA Conference, which kicks off on Monday, is one of the largest security gatherings in the infosec calendar. While the conference bears the name of a single vendor (RSA), the event has evolved to become a launching point for news and events from a large and diverse group of security companies.
The RSA Conference is also evolving in terms of the types of content and sessions. Hugh Thompson, program committee chairman for the RSA Conference, noted that just a few years ago the agenda included sessions with titles such as "Software Security is Important." In 2013 there is more maturity, with people talking about how to measure the return on investment (ROI) for security initiatives, for example.
"It really seems that over the last couple of years we have come a long way from sessions that admire the problem, to sessions that now also present solutions and data that can help us make things better," said Ramon Krikken, Research VP at Gartner.
Focus on Big Data, Strong Authentication
This year's event features an emphasis on Big Data.
Art Coviello, executive chairman of RSA, will kick off the conference with a Tuesday keynote on the topic of how Big Data transforms security. RSA is among multiple vendors that have introduced solutions that leverage the power of Big Data to improve security. RSA launched its Big Data security solution in January at the same time that IBM announced its Security Intelligence with Big Data solution.
Multiple vendors will likely release research related to Big Data. Teredata, for example, plans to release a Ponemon Institute study on the topic at the conference. The Ponemon Institute also has a study on visual privacy sponsored by 3M, a study on encryption management sponsored by Venafi, a network security study sponsored by Juniper, and a compliance report sponsored by Thales e-Security.
HD Moore, chief security officer at Rapid7 and creator of the Metasploit Framework, is set to release a comprehensive study about Internet vulnerability scanning. He is expected to reveal some deep-seated issues that could potentially affect hundreds of thousands of users.
While RSA Security will lead off on the keynote stage, the lineup of speakers also includes Cisco's top security executive Chris Young; McAfee's CTO Mike Fey; Art Gilliland, general manager of HP's Security unit; and Andy Ellis CSO at Akamai. In addition, Scott Charney, corporate VP of Trustworthy Computing, will make a case for security optimism.
One of the highlights in any given year at RSA is the cryptographer panel and 2013 is likely to be no different. This year's panel includes: Dan Boneh, professor of Computer Science, Stanford University; Whit Diffie, vice president for Information Security, ICANN and chief cryptographer, Revere Security; Ron Rivest, Viterbi professor of Electrical Engineering and Computer Science, MIT; Adi Shamir, professor, Computer Science Department, Weizmann Institute of Science, Israel.
Looking beyond cryptography, strong authentication is a key topic at RSA this year. Vint Cerf, one of the inventors of TCP/IP, is speaking in a session titled "The Freedom to Be Who You Want to Be: Strong Authentication and Pseudonymity on the Internet." Cerf's talk is particularly timely given the recent launch of the FIDO (Fast Identity Online) Alliance. The FIDO alliance launched earlier this month as a way to make it easier to deploy and use strong authentication. FIDO Alliance will also make an appearance on panels at RSA.
Jimmy Wales, founder of Wikpedia, will discuss security's role in ensuring freedom and democracy during his address. Privacy, a much-debated topic in security circles, will be the focus of a panel discussion featuring the chief privacy officers from Facebook, Google, Microsoft and Mozilla.
Cybersecurity is now a national priority in the U.S., especially given President Obama's recent executive order on a National Cybersecurity Framework.
Among those who will discuss the issue at RSA is Michael Daniel, cybersecurity coordinator at The White House, and Robert S. Mueller III, director of the Federal Bureau of Investigation, who is expected to make a pitch for more cooperation between his agency and the private sector.
Though President Obama's executive order is new, the U.S. government has been working on cybersecurity for the past decade. Tom Ridge, the former first secretary of the U.S. Department of Homeland Security, will speak on a panel with Howard Schmidt, former cybersecurity advisor for President Bush and former cybersecurity coordinator for President Obama, about the government's efforts over the last 10 years and what the future holds.
The conference concludes next Friday with a session by former Secretary of State Condoleeza Rice.