The Top 10 Sessions to Catch at RSA Conference 2018


RSA Conference 2018 boasts a dizzying array of security vendors in exhibit halls and industry luminaries in sessions spread out across the multiple San Francisco venues where the event will be held next week.

Looking over the list of topics and tracks is a daunting task. At the high-level, the topics include: Analytics, Intelligence & Response, Application Security, C-Suite View, Cloud Security, Cryptography, DevOps, Compliance, Hackers, Human Element, Identity, Law, IoT, Machine Learning and Privacy. Pretty much all the hot-button security issues you can think of.

If you're looking for an overview of what to expect in general at RSA Conference 2018, check out our preview of the 2018 RSA Conference and eSecurityPlanet's overview of the 10 finalists for the RSA Innovation Sandbox contest. You'll find all our RSA 2018 coverage at the eSecurity Planet Guide to RSA Conference 2018.

In this preview, we outline what are likely to be the top 10 sessions at RSA Conference 2018.

1. The Cryptographer's Panel

The annual cryptographer's panel is always a highlight of the RSA Conference, bringing together Ron Rivest (the 'R' in RSA) with the always controversial Adi Shamir (the 'A' in RSA). For the 2018 panel, they will be joined by cryptography pioneers Whitfiled Diffie (famous for the Diffie-Hillman key exchange protocol), Paul Kocher (who designed SSLv3), and Moxie Marlinspike, founder of secure messaging organization Signal.

The panel is part of the day 1 keynotes from 9:20 - 10:05 a.m.

2. Spectre Attacks: Exploiting Speculative Execution

Paul Kocher is also somewhat famous for being one of the co-authors of the research whitepaper on the Meltdown and Spectre attacks that hit Intel in early 2018. Kocher is set to provide advanced technical details and discussion about the Spectre attack in a session titled "Spectre Attack: Exploiting Speculative Executionat 1 p.m. on April 17.

See eSecurityPlanet's account of the Meltdown and Spectre attacks.

3. Humans and Data Don't Mix: Best Practices to Secure Your Cloud

Cloud security is top of mind for many enterprises today and no cloud is more widely used than the Amazon Web Services (AWS) public cloud. On April 17 at 2:15 p.m., Stephen Schmidt, the Chief Information Security Officer (CISO) of AWS, is set to detail lessons he has learned about cloud security that can help reduce risk and improve resiliency.

4. Security Orchestration and Incident Response

While there will be many security experts at the RSA Conference 2018, few are as well regarded as Bruce Schneier, CTO of IBM Resilient at IBM Security. In a session on April 17 at 3:30, Schneier is set to detail his views on security orchestration and incident response.

eSecurity Planet has caught up with Schneier at multiple points over the last decade, including a video interview in 2014 when he offered his views on incident response.

5. Bringing a Knife to a Gun Fight: Are U.S. Cybersecurity Efforts Working?

Law enforcement in the U.S. has had some success in the fight against cyber-crime, a topic of no small concern for many.

In a panel on April 18 at 1:45 p.m. titled "Bringing a Knife to a Gun Fight: Are U.S. Cybersecurity Efforts Working?" the U.S. effort will be debated by John Carlin, Partner and Chair of Global Risk & Crisis Management, Morrison & Foerster LLP; Monika Bickert, Head of Global Policy Management at Facebook; Shawn Henry, President of CrowdStrike Services and CSO of CrowdStrike; Emily Mossburg, Advisory Principal at Deloitte; and Jeffrey Tricoli, Section Chief at FBI.

6. Monty Python and the Holy RFP

Figuring out security requirements is a language and culture of its own. In what is sure to be a lively session on April 18 at 3 p.m., Mary Ann Davidson, the Chief Security Officer of Oracle, will lead a session titled "Monty Python and the Holy RFP (Request for Proposal)".

It's not known if a shrubbery will be required to get past the Knights Who Say Ni that will guard the entrance to the session.

7. Remote Videojacking - New iOS Vulnerability

The RSA Conference is not generally known as the place where security researchers detail new vulnerabilities, but that's what a pair of Symantec security researchers are set to do on April 18 at 9:15 a.m. in a session titled, "Remote Videojacking - New iOS Vulnerability" that promises to unveil a new vulnerability in iTunes WiFi sync.

Looking for more on mobile security? Check out eSecurityPlanet's guide to Enterprise Mobility Management.

8. FIM and System Call Auditing at Scale in a Large Container Deployment

File Integrity Monitoring (FIM) is a critical element of security hygiene. But how do you monitor files and system calls in a large container deployment? That's what Ravi Honnavalli, staff engineer at Walmart, will detail in his April 19 session at 3 p.m.

9. Former NSA and Israeli Intelligence Directors on Resilience

There was a time when it would be unusual to see the head of the U.S. National Security Agency speaking publicly about the agency's efforts. Former NSA director Keith Alexander changed that back in 2012 when he spoke at the DEFCON security conference and then at Black Hat 2013 the year when the Edward Snowden disclosures first broke.

At RSA 2018, Alexander is speaking alongside Nadav Zafrir, former commander of Israel's 8200 Intelligence Unit (Israel's equivalent of the NSA) in a 9 a.m. session on April 20.

10. Abstractions of Security: Mining a Decade of RSA Conference Abstracts

There have been a lot of different topics discussed at the RSA Conference over the years, shedding light on all kinds of issue. In a 'meta' session on April 19, researchers form the Cyentia Institute will reveal insights gleaned from looking at 10 years of RSA Conference abstracts.

Coming Next: Vendor News

Aside from the exhibit hall, the sessions and the innovation sandbox, the RSA Conference is the place where many cybersecurity vendors make major announcements.

Be sure to look for eSecurity Planet's upcoming list of Vendors Making News at RSA Conference 2018, and follow our coverage all week at this link.

Sean Michael Kerner is a senior editor at eSecurityPlanet and Follow him on Twitter @TechJournalist.