RSA Conference 2024 is coming soon, and this year’s theme is The Art of Possible.
Cybersecurity is always evolving, and the need to stay ahead means staying innovative and creative, which links to this year’s theme. It's all about working together, collaborating, and using our wisdom to achieve the impossible.
The RSA Conference takes place at the usual location in the Moscone Center, San Francisco, between May 6th and May 9th. Around 45,000 attend the RSA Conference each year to connect, learn, network, share knowledge and new experiences, and discover ways to become more resilient to ever-increasing cyberattacks.
To make your RSA Conference journey a successful one, I have put together some tips and a few of my highly recommended sessions that you must not miss.
Tips to make your RSAC experience a memorable one
Attending the RSA Conference can be immensely beneficial for individuals and organizations interested in cybersecurity.
Here's why:
1. Networking opportunities: The RSA Conference gathers cybersecurity professionals, experts, vendors, and enthusiasts from around the world. Networking with these individuals can lead to new collaborations, partnerships, and valuable connections within the industry.
2. Knowledge sharing: The conference hosts numerous sessions, workshops, and presentations covering a wide range of cybersecurity topics. Attending these sessions allows participants to learn about the latest trends, technologies, threats, and best practices in cybersecurity. I have included my personal list of sessions you should not miss during RSAC.
3. Exposure to new products and solutions: The RSA Conference features an extensive expo floor where leading cybersecurity companies showcase their products, services, and solutions. Attendees can explore these offerings, engage with vendors, and gain insights into cutting-edge technologies and innovations in cybersecurity.
4. Professional development: The conference provides opportunities for professional development through workshops, training sessions, and certifications. Participating in these activities can enhance attendees' skills, knowledge, and credentials in cybersecurity.
5. Industry insights: The RSA Conference offers a platform for thought leaders, industry experts, and influential figures to share their insights, perspectives, and predictions regarding the future of cybersecurity. Attending keynote presentations and panel discussions can provide valuable industry insights and strategic guidance.
To get the most value out of the RSA Conference, consider these tips:
1. Plan ahead: Review the conference agenda in advance and identify sessions, workshops, and activities that align with your interests, goals, and areas of expertise. Create a personalized schedule to maximize your time and prioritize key sessions. Get ahead of the queue and reserve seats.
2. Engage actively: Participate actively in sessions, ask questions, and talk with speakers, panelists, and fellow attendees. Be open to sharing your insights and experiences and contributing to the collective learning and knowledge exchange.
3. Network strategically: Take advantage of networking opportunities to connect with peers, industry professionals, potential collaborators, and recruiters. Be proactive in initiating conversations, exchanging contact information, and following up with new connections after the conference.
4. Explore the expo floor: Allocate time to explore the expo floor and visit booths of cybersecurity vendors and exhibitors. Take advantage of product demonstrations, presentations, and one-on-one discussions to learn about new technologies, solutions, and services.
5. Take notes, and follow up: Take notes during sessions, keynotes, and discussions to capture important insights, ideas, and action items. After the conference, review your notes, follow up with contacts, and take concrete steps to implement or apply what you've learned.
Overall, attending the RSA Conference can be a valuable investment in your professional growth, knowledge enhancement, and network expansion within the cybersecurity community. By planning strategically and actively engaging with the conference content and attendees, you can maximize the value and impact of your participation.
My personal list of top sessions to attend at the RSA Conference
Keynotes
I have listened to keynotes from both Bruce Schneier and Catherine Price, and they are always intriguing and inspiring. Both speakers are excellent authors, so be sure to read their books—I've provided links to them below.
I look forward to hearing Bruce's perspective on AI and Democracy during his keynote, and learning how to gain balance in my digital life in Catherine Price's session, Secret to a Healthier Life.
AI and Democracy
AI is altering the fundamental work of democracy globally: campaigning, voting, writing legislation, enforcing policy, how courts are run, and more. Many of the changes will make democracies more responsive to the will of the people, involve citizens ever more deeply in governance, and could make aspects of our society more just—provided we begin the conversation on creating secure and trusted AI systems right away.
Bruce Schneier - Security Technologist, Researcher, and Lecturer, Harvard Kennedy School
Secret to a Healthier Life? Fun!
So much of life drains us, but fun fills us up. Fun—real, true, “feels like sunshine” fun—isn’t frivolous or optional. It’s essential for our health and happiness. Science journalist Catherine Price shares evidence-backed ways to achieve the glow-from-within radiance that comes from true fun.
Catherine Price - Award-Winning Journalist
Learning Lab
If you're looking a little bit more technical then make sure to catch this lab session during RSAC and learn how attackers target APIs and what you can do to defend against those attacks.
Attack and Defend: How to Defend Against Three Attacks Affecting APIs
Modern distributed applications implement APIs and, at the same time, rely on APIs. They are often used like traditional libraries or local software components and share some of the same supply chain risks. However, they will likely be exposed to third parties, adding additional risks. In this lab, you will gain a better hands-on understanding of common attacks and available defense options.
This session will follow the Chatham House Rule to allow for the free exchange of information and learning. Participants can actively engage in the discussion, and attendees are reminded that no comment, attribution, or recording of any sort should take place.
Media Pass holders, College Day Pass holders, and Security Scholars are not permitted to attend. This is a capacity-controlled session. You may reserve a seat in only one Learning Lab. If added to your schedule and your availability changes, you must remove this session from your schedule to allow others to participate.
Jason Lam - Principal Instructor, SANS Institute
Dr. Johannes Ullrich - Dean of Research, SANS Technology Institute College
All Good Things: End of Life and End of Support in Policy and Practice
There's a lot of confusion and uncertainty around end-of-life and end-of-support. They don’t always mean rip-and-replace but are critical to understanding operational and supply chain risks. This session will introduce a cross-sector conceptual and policy framework with considerations for both software producers and operators, and map it to existing and proposed technical tools.
Dr. Allan Friedman - Senior Advisor and Strategist, CISA
Sponsored Briefing Sessions
Come check out Delinea’s session during RSAC to learn about Privileged Access Management (PAM) best practices and get tips for implementing PAM.
Securing Privileges: Implementing Privileged Access Management at H&R Block
Navigate the crucial phases of Privileged Access Management implementation with Donald Goode from H&R Block. PAM reduces risks against stolen credentials and excessive privileges. Uncover PAM best practices, assess privilege risk, and gain confidence in navigating PAM complexities by deploying layered security strategies to withstand the ever-evolving cyber threat landscape.
Finally, my top survival travel tips for security conferences
Here are several tips for attending RSA, or typically, any conference in person. They’ll help you stay safe and reduce the risk of becoming compromised. I follow these practices on my frequent travels, but I take specific precautions while traveling to further reduce risks.
1. Secure your devices: Keep your devices updated with the latest security patches and software updates before you leave for the conference. Enable encryption and strong passwords, and consider using biometric authentication where possible.
2. Use secure connections: Avoid using public Wi-Fi networks, as they can be compromised. Instead, use your mobile data with a virtual private network (VPN) for secure browsing and communication. Make sure your VPN software is up-to-date and reliable.
3. Protect your valuables: Keep your valuables securely locked in your hotel room, either in a safe or locked suitcase. Avoid carrying unnecessary cash or expensive items with you, and be cautious when using ATMs or making financial transactions.
4. Be aware of surveillance: Understand that you may be monitored or recorded in public spaces, both physically and digitally. Practice discretion when discussing sensitive information and be mindful of your surroundings.
5. Use secure payment methods: Use RFID-blocking wallets or sleeves to protect your contactless cards from unauthorized scanning. Consider using secure payment methods such as mobile payment apps or prepaid cards for transactions.
6. Minimize data exposure: Leave sensitive data at home whenever possible. Avoid accessing confidential information or sensitive accounts on public computers or shared networks. Use encryption and password protection for any files or documents you do need to bring with you.
7. Practice device hygiene: Power off any devices when you're not using them to minimize the risk of unauthorized access or remote attacks. Be cautious when connecting to charging stations or using USB ports, as they may be compromised.
8. Stay vigilant: Be mindful of social engineering tactics and phishing attempts, both online and offline. Verify the identity of individuals before sharing personal or sensitive information, and report any suspicious activity to event organizers or security personnel.
