One Hacker’s Guide to the Week of RSAC 2019

Feb 26, 2019
Jerry Gamblin
Director of Security Research at Kenna Security

Share with Your Network

Next week, starting on March 3rd, I will be in the Bay Area for both BSides SF and RSA Conference (RSAC) 2019. As a security professional (and a hacker, the good kind) working for a security company, these events present a great opportunity to learn from business, risk and technology experts as well as network with my cohort. Given that I’ve been to RSA eight times now, it’s safe to say that I’ve learned a few things along the way. Hopefully, a glimpse into some of the highlights of what I’m looking forward to in my schedule will help others in getting the best from their RSAC experience. Or just connect with me at the event. Either way, let’s get to it.


I’ll be starting off at BSides San Francisco, a great start to a great week with lots of deep, technical discussions. This year I’m excited to be presenting:  

  • How to Build an Application Security Program – Be sure to join me for this session if you need to start or revamp your application security program as I’ll be sharing what has worked for me, what has not worked and things you should absolutely *never* do in setting up an application security program
  • Automating Web Application Bug Hunting (presenting with Jonathan Cran) – If you are a bug bounty hunter or an application security analyst the ability to automate your web hunting tools is the best way to get paid. Join me for this talk where I will discuss how I do this and share some of my favorite scripts.


  • RSAC Innovation Sandbox Contest – Starting the RSAC experience off with some innovation, I look forward to watching the ten finalists showcase their groundbreaking security technologies.
  • CSA Summit – After the innovation, I plan to head over to the Cloud Security Alliance Summit to hear from some of the leaders in cloud security like Wendy Nather from Duo who will be participating with other leaders in discussing The Approaching Decade of Disruptive Technologies.
  • BSides San Francisco – Then back to BSides so this time I can learn, rather than stress about speaking.  
  • Transitioning from a CISO to Founder (Happy Hour Panel) – Kenna’s own CTO and Co-Founder Ed Bellis (and my boss) will be speaking, so I’ll be attending to support and hear more about the transition to founder.


  • Bugcrowd Hacking Methodology Lunch and Learn – While I’m in SF for RSAC I plan to pop over to a hacking methodology workshop given by Bugcrowd’s Jason Haddix. Jason is one of the most respected voices in the bounty community so I am looking forward to catching up with him.  
  • Kenna Security Party – After the day at events, it’ll be time to party with Kenna Security, our customers, partners, and anyone interested in joining the fun. This year our team is hosting a rooftop party at the brand-new Virgin Hotel.




  • The Etiology of Vulnerability Exploitation – Michael Roytman, our chief data scientist, and Jay Jacobs from the Cyentia Institute will dig in on what they found researching why some vulnerabilities get exploited.

I hope to see you at the show!

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...



Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.