One Hacker’s Guide to the Week of RSAC 2019

Next week, starting on March 3rd, I will be in the Bay Area for both BSides SF and RSA Conference (RSAC) 2019. As a security professional (and a hacker, the good kind) working for a security company, these events present a great opportunity to learn from business, risk and technology experts as well as network with my cohort. Given that I’ve been to RSA eight times now, it’s safe to say that I’ve learned a few things along the way. Hopefully, a glimpse into some of the highlights of what I’m looking forward to in my schedule will help others in getting the best from their RSAC experience. Or just connect with me at the event. Either way, let’s get to it.

Sunday

I’ll be starting off at BSides San Francisco, a great start to a great week with lots of deep, technical discussions. This year I’m excited to be presenting:  

• How to Build an Application Security Program – Be sure to join me for this session if you need to start or revamp your application security program as I’ll be sharing what has worked for me, what has not worked and things you should absolutely *never* do in setting up an application security program
• Automating Web Application Bug Hunting (presenting with Jonathan Cran) – If you are a bug bounty hunter or an application security analyst the ability to automate your web hunting tools is the best way to get paid. Join me for this talk where I will discuss how I do this and share some of my favorite scripts.

Monday

• RSAC Innovation Sandbox Contest – Starting the RSAC experience off with some innovation, I look forward to watching the ten finalists showcase their groundbreaking security technologies.
• CSA Summit – After the innovation, I plan to head over to the Cloud Security Alliance Summit to hear from some of the leaders in cloud security like Wendy Nather from Duo who will be participating with other leaders in discussing The Approaching Decade of Disruptive Technologies.
• BSides San Francisco – Then back to BSides so this time I can learn, rather than stress about speaking.  
• Transitioning from a CISO to Founder (Happy Hour Panel) – Kenna’s own CTO and Co-Founder Ed Bellis (and my boss) will be speaking, so I’ll be attending to support and hear more about the transition to founder.

Tuesday

• Bugcrowd Hacking Methodology Lunch and Learn – While I’m in SF for RSAC I plan to pop over to a hacking methodology workshop given by Bugcrowd’s Jason Haddix. Jason is one of the most respected voices in the bounty community so I am looking forward to catching up with him.  
• Kenna Security Party – After the day at events, it’ll be time to party with Kenna Security, our customers, partners, and anyone interested in joining the fun. This year our team is hosting a rooftop party at the brand-new Virgin Hotel.

Wednesday

• FAIR Institute Breakfast Meeting – If you’re not familiar, Factor Analysis of Information Risk (FAIR) is the only international standard quantitative model for qualifying security risk and provides cybersecurity executives with standards and best practices to measure risk from a business perspective. I look forward to hearing what others are doing with this methodology.
• Google Cloud Security Talks – Again, cloud security. Enough said.
• Cisco Security Customer Summit – Breakout talks on two-factor authentication and a fireside chat with the Talos threat intelligence team.
• Applied Prediction: Using Forecasts to get Proactive About Security – My boss, Ed, will once again be speaking, this time joined by Wade Baker from the Cyentia Institute.
• 2019 Security Bloggers Meetup and Awards – As a security blogger myself this one is a yearly go-to for me. It’s always great to meet and talk shop with others who have the same blogging passion.

Thursday

• Google Cloud Security Talks – Never enough cloud security.
• RSAC Early Stage Expo – This event showcases 50 up-and-coming companies and their technology. It’s fun to walk through and see what they are up to.
• Bridging the Gap: Cybersecurity + Public Interest Tech – This track, new to RSAC, is only on Thursday and resonates for me because it’s very important to us in security to balance innovative technology and our responsibility to the larger community as a whole.

Friday

• The Etiology of Vulnerability Exploitation – Michael Roytman, our chief data scientist, and Jay Jacobs from the Cyentia Institute will dig in on what they found researching why some vulnerabilities get exploited.

I hope to see you at the show!