Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Mobile Security at RSA Conference 2016.

RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)

1) Hacking Exposed: The Mac Attack

Speaker: Dmitri Alperovitch ( @DAlperovitch ), George Kurtz ( @George_Kurtz )

Windows attacks receive all the attention. However, Mac and Linux have gained in popularity with the adversary. This session will focus on common Mac attack vectors and other cross-platform hacks that are typically seen in enterprise intrusions. We will also cover practical counter measures to make these alternate platforms more resilient.

>>Go To Presentation

image courtesy: https://www.flickr.com/photos/khamtran/5871541424

2) Android Serialization Vulnerabilities Revisited

Speaker: Roee Hay ( @roeehay )

This session is about Android Serialization vulnerabilities. We revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837) which allowed for privilege escalation. We also present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20) which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.

>>Go To Presentation

image courtesy: https://www.flickr.com/photos/26087974@N05/4244333014

3) The State of End-User Security—Global Data from 30,000+ Websites

Speaker: Andreas Baumhof ( @abaumhof )

We live in a rapidly changing environment. Mobile commerce is skyrocketing, browsers/OS are changing, web applications enable increasing functionality—yet the only thing that seems constant is the amount of flaws and vulnerabilities we find in these software components. Using data from more than 30,000 websites, this session will explore the state of security ecosystem and myths and assumptions.

>>Go To Presentation

4)Building an Android Scale Incident Response Process

Speaker: Adrian Ludwig

The Android ecosystem has over one billion active devices from hundreds of OEMs and carrier networks. The Android Security Team will explain how the ecosystem is able to respond quickly and effectively to security incidents. This will be part historical analysis of actual incidents, such as the Stagefright vulnerabilities, and part data-focused analysis of technology and processes we developed.

>>Go To Presentation

5) How to Analyze an Android Bot

Speaker: Kevin McNamee ( @KevMcNamee )

This presentation will demonstrate a complete end-to-end analysis of an Android bot. This will include the decompilation and static analysis of bot code and the dynamic analysis of the bot’s behavior in a controlled sandboxed environment. The session will provide details of the lab environment and tools used for the analysis.

>>Go To Presentation

image courtesy: https://www.flickr.com/photos/neccorp/14445634744

6) Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

Speaker: Nathan Lesser ( @natelsr )

Imagine being dependent on a wireless infusion pump to receive the correct dosage of life-supporting medication. Now imagine the implications, were that pump to be maliciously hacked. In this session learn more about how to successfully secure these medical devices, based on work being conducted at the National Cybersecurity Center of Excellence (NCCoE) with premier health care organizations.

>>Go To Presentation

image courtesy: https://www.flickr.com/photos/jasonahowie/7910370882

7) Finding Triggered Malice in Android Apps

Speaker: Christopher Kruegel ( @lastlinelabs )

Traditional techniques to detect malice in Android apps struggle to identify trigger-based changes to application logic. Unfortunately, such triggers are a key component of targeted malware, where the trigger is the mechanism that ensures that the code is only executed at the target. This talk will review how static analysis can be used to detect and leverage triggers for more robust detection.

>>Go To Presentation

8) Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware 

Speaker: John Miller

This session will cover two key trends in mobile malware observed over the past 12 months and explore the evolution in fraud-linked mobile malware where criminals are developing credential theft tools that attempt to duplicate the successes of Windows malware in modifying victim interactions with targeted services. Also a look at mobile ransomware variants becoming more numerous and damaging.

>>Go To Presentation

Your Complete Guide To Top Talks @RSA Conference 2016 (USA)

Get your FREE Guide on Top Talks @ RSA Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top Threat Intelligence talks at RSA Conference 2016.

RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)

1) Dreaming of IoCs Adding Time Context to Threat Intelligence

Speaker: Travis Smith ( @MrTrav )

Find an interesting Intelligence Framework followed by a good undertanding of logstash & logstash filtering, tardis, kibana reporting etc.

>>Go To Presentation

2) STIX, TAXII, CISA: Impact of the Cybersecurity Information Sharing Act of 2015

Speaker: Bret Jordan ( @jordan_bret ), Mark Davidson

Amid privacy concerns and after a decade-long battle, the U.S. Cybersecurity Information Sharing Act (CISA) of 2015 was passed. Critics claim CISA is a surveillance bill in disguise; proponents claim the act provides a needed legal framework for information sharing. Can CISA actually improve cyberdefense without risking privacy? Are there unforeseen roadblocks? What about STIX/TAXII?

>>Go To Presentation

3) IOCs Are Dead—Long Live IOCs!

Speaker: Ryan Kazanciyan ( @ryankaz42 )

Indicators of Compromise were meant to solve the failures of signature-based detection tools. Yet today’s array of IOC standards, feeds and products haven’t impeded attackers, and most intel is shared in flat lists of hashes, IPs and strings. This session will explore why IOCs haven’t raised the bar, how to better utilize brittle IOCs and how to use intrinsic network data to craft better IOCs.

>>Go To Presentation

4) Bridging the Gap Between Threat Intelligence and Risk Management

Speaker: Wade Baker ( @wadebaker )

Here's an overview of the presentation: Bridging Risk & IR in Verizon's DBIR; Building Understanding; Finding Common Ground; Bridging the Gap; Crossing the Divide

>>Go To Presentation

Your Complete Guide To Top Talks @RSA Conference 2016 (USA)

Get your FREE Guide on Top Talks @ RSA Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top CISO talks at RSA Conference 2016.

RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)

image courtesy: https://www.flickr.com/photos/purpleslog/2870445260

1) Super CISO 2020: How to Keep Your Job

Speaker: Todd Fitzgerald ( @securityfitz )

This presentation gives some great insights on the present 2016 security scenario. Find content like security leadership in leading organizations, the C-Level stakeholders CISO needs to balance with, the workforce today, behavioral trends & more.

>> Go To Presentation

2) How to Steer Cyber Security with Only One KPI: The Cyber Risk Resilience

Speaker: Jan Nys ( @Jankbc777 )

This presentation gives you an understanding of the present security industry with key insights and also a roadmap to move ahead, threat landscape etc.

>> Go To Presentation

3) Security Program Development for the Hipster Company

Speaker: Robert Wood ( @robertwood50 )

Cloud services have evolved and can now replace nearly every facet of traditional infrastructure. This movement has enabled rapid scale while introducing a considerable element of risk. This session will discuss a framework for getting started building a security program in an organization that is built purely on cloud services, covering the contradictions and opportunities of that business model.

>> Go To Presentation

4) Partnership with a CFO: On the Front Line of Cybersecurity

Speaker: Dr. Christopher Pierson ( @DrChrisPierson )

'Many CFO's know that they need to spend more on cyber risk management', many such facts can help us understand the cyber security industry today. Communicating properly to the CFO can solve many pain points and this presentation helps us do so. Learn about Drivers, Compelling Arguments and more.

>> Go To Presentation

5) The Measure of Success: Security Metrics to Tell Your Story

Speaker: Julie Bernard ( @juliein10A ), Wendy Frank , Lisa Lee ( @lisainmiami )

Information Security as a problem is rather complex and it gets more difficult in terms of quantification. This presentation helps us with some metrics that will help us make security more understandable.

>> Go To Presentation

6) From Cave Man to Business Man, the Evolution of the CISO to CIRO

Speaker: James Christiansen ( @Riskydata )

The CISO is evolving to CIRO. Successful IT security leaders are transforming their skills to meet the demands for today and future needs of their organization. A CIRO understands how to prepare board presentations, information risk management, third-party risk and regulatory requirements, and how to balance those with the needs of the business. Earn your seat at the table by becoming a CIRO!

>> Go To Presentation

Image source: https://www.flickr.com/photos/christianmesiano/2826827826

7) Understanding the Security Vendor Landscape Using the Cyber Defense Matrix

Speaker: Sounil Yu ( @sounilyu )

The Cyber Defense Matrix enables organizations to define clear categories for the range of products and services that are available in the marketplace to solve our various infosec problems. This model removes confusion around the security technologies that we buy and helps organizations align their vendors to have the right suite of capabilities to execute their information security mission.

>> Go To Presentation

image courtesy: https://www.flickr.com/photos/hernanpc/7115374283

8) Vendor Security Practices: Turn the Rocks Over Early and Often

Speaker: Martin Andrews; Michael Hammer ( @MichaelHammer )

Too often security is reviewed at the end of the vendor selection process. It ends up blocking projects moving forward as you identify issues with already selected vendors. Reverse the process with security considered early and business teams can avoid investing precious time on unsuitable vendor candidates and get rankings for suitable ones. This session will show you how using real examples.

>> Go To Presentation

image courtesy: https://www.flickr.com/photos/rueful/8538388071

9) Adjusting Your Security Controls: It’s the New Normal

Speaker: Jim Routh ( @jmrouth1 )

Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.

>> Go To Presentation

10) Are You Thinking about IT Outsourcing? Top Reasons, Risks and Rewards

Speaker: Lakshmi Hanspal ( @lakshmihanspal )

There is more to outsourcing than just the bottom line and running lean. Any organization embarking on this journey needs to (1) clearly identify and articulate the compelling narrative for steering in this direction, (2) have risk transparency on associated risks when someone else is running your critical part of the business and (3) enumerate the benefits expected to be reaped.

>> Go To Presentation

Your Complete Guide To Top Talks @RSA Conference 2016 (USA)

Get your FREE Guide on Top Talks @ RSA Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top Emerging Areas In Security Technology talks at RSA Conference 2016.

RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)

1) Transforming Security: Containers, Virtualization and Softwarization

Speaker: Dennis Moreau ( @DoctroMoreau )

This session will explore how we can leverage containers, network/endpoint virtualization technologies and virtualized security instrumentation, concurrently, to transformationally improve security visibility, security analytics, system resilience and actionable context, greatly increasing our ability to attest that systems will be secure and compliant in any state into which they may be driven.

>>Go To Presentation

2) Embedded Systems Security: Building a More Secure Device

Speaker: Randall Brooks ( @randallsbrooks )

Here's an overview of the presentation: What are common embedded systems?; What issues do they face?; Recommendations for securing embedded systems

>>Go To Presentation

3) Bring Your Own Internet of Things: BYO‐IoT

Speaker: Carsten Eiram ( @carsteneiram ), Jake Kouns ( @jkouns )

Here's an overview of the presentation: What is loT?; What's the Problem?; What's the Attack Surface?; IoT Security - Current State; Response and Actions

>>Go To Presentation

4) DevSecOps in Baby Steps

Speaker: Hart Rossman ( @HartDanger )

Here's an overview of the presentation: Getting to DevOps; DevOps to DevSecOps; Planning your Epics & Sprints; Use Cases & Examples

>>Go To Presentation

5) Lattice Cryptography

Speaker: Anamaria Costache; Joris Barrier

Somewhat homomorphic encryption schemes using lattices and lattice libraries are discussed. Topic 1: Which Ring-based Somewhat Homomorphic Encryption Scheme Is Best? Authors: Anamaria Costache and Nigel Smart Topic 2: NFLlib: NTT-based Fast Lattice Library Authors: Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian and Tancrède Lepoint

>>Go To Presentation

6) Hardware Attacks and Security

Speaker: Daisuke Moriyama; Peter Pessl

Physical side channel attacks and physical unclonable functions (PUFs) are discussed. Topic 1: Enhancing Side-Channel Analysis of Binary-Field Multiplication with Bit Reliability Authors: Peter Pessl and Stefan Mangard Topic 2: Towards a Unified Security Model for Physically Unclonable Functions Authors: Frederik Armknecht, Daisuke Moriyama, Ahmad-Reza Sadeghi and Moti Yung

>>Go To Presentation

7) Integrating Cybersecurity into Supply Chain Risk Management

Speaker: Jon Boyens

Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This session will present case study research from NIST on cutting-edge practices and tools that today’s industry leaders in supply chain risk management are deploying to secure their supply chains from end to end.

>>Go To Presentation

8) Braking the Connected Car: The Future of Vehicle Vulnerabilities

Speaker: Akshay Anand ( @iamakshayanand ); Karl Brauer ( @karlbrauer )

In this presentation, analysts from Kelley Blue Book’s Automotive Industry Insights will illustrate how the connected car is quickly becoming an unrestricted playground for cyberthreats and how the next generation of in-car technology will intensify already-present vehicle vulnerabilities.

>>Go To Presentation

9) Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

Speaker: Nathan Lesser ( @natelsr )

Imagine being dependent on a wireless infusion pump to receive the correct dosage of life-supporting medication. Now imagine the implications, were that pump to be maliciously hacked. In this session learn more about how to successfully secure these medical devices, based on work being conducted at the National Cybersecurity Center of Excellence (NCCoE) with premier health care organizations.

>>Go To Presentation

10) A New Security Paradigm for IoT (Internet of Threats)

Speaker: Hadi Nahari ( @hadinahari )

All facets of computing have changed since the 1950s, except the security posture of our systems; nowhere is this more the case than in mobile and IoT. Some of our security foundations are outdated: chief among them “static” security, which assumes the threat landscape is static and predetermined. This session will describe the old static security paradigm and the new one: analytics-driven security.

>>Go To Presentation

11) What Is Next-Generation Endpoint Security and Why Do You Need It?

Speaker: Jon Oltsik ( @joltsik )

This session will clarify the definition of next-generation endpoint security and distinguish it from legacy antivirus software. It will also describe how next-generation endpoint security can help organizations improve incident prevention, detection and response.

>>Go To Presentation

12) Attacks on Critical Infrastructure: Insights from the “Big Board”

Speaker: Daniel Cohen ( @iFraudFighter ), Robert Griffin ( @RobtWesGriffin )

Targeted attacks on critical infrastructure continue to increase in number and severity. We’ll present the latest data on these attacks: What is their goal? What are the attacker strategies? How are attacks supported by the darknet? We’ll discuss banking threats discovered at the “Big Board” at the RSA Anti-Fraud Control Center and Smart Grid threat detection in the EU SPARKS project.

>>Go To Presentation

13) Security Advantages of Software-Defined Networking

Speaker: Edward Amoroso

Current practices using wide-area routing over Internet infrastructure decentralize the control of how information is transferred. Software-Defined Networking (SDN) centralizes network control functions, offering more holistic network security management and allowing for dynamic divisioning, multivendor end-to-end security and reduced dependence on the traditional perimeter approach.

>>Go To Presentation

14) Smart Megalopolises. How Safe and Reliable Is Your Data?

Speaker: Denis Legezo ( @legezo )

Road sensors which collect raw data for intelligent transport systems are hugely important, with key decisions around road improvement, traffic jam management and traffic light patterns based on the information they collect. Radars transmit this data to an operation center for detailed analysis, but can governments truly trust and rely on the data?

>>Go To Presentation

Your Complete Guide To Top Talks @RSA Conference 2016 (USA)

Get your FREE Guide on Top Talks @ RSA Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top SoftwareApplication Security & DevOps talks at RSA Conference 2016.

RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)

1) Embedded Systems Security: Building a More Secure Device

Speaker: Randall Brooks ( @randallsbrooks )

Here's an overview of the presentation: What are common embedded systems?; What issues do they face?; Recommendations for securing embedded systems

>>Go To Presentation

2) Introducing a Security Program to Large Scale Legacy Products

Speaker: Millard Taylor ( @tad_taylor )

A discussion of the real-world work and challenges to introduce and maintain a comprehensive security program to a large and complex set of legacy storage products. This includes developing a security architecture, vulnerability response, pushing for necessary security enhancements and application security. In this session, you will hear about which efforts worked well and which didn’t.

>>Go To Presentation

3) Agile Security—Field of Dreams

Speaker: Laksh Raghavan ( @laraghavan )

PayPal started its Waterfall to Agile transformation journey two years ago. That meant that the software security program had to morph as well. The Field of Dreams question of “if you build it, will they come?” was no longer a valid question! Come hear about real-world insights about integrating security into Agile—approaches, processes and tools put in place and the results from them.

>>Go To Presentation

4) Open-Source Security Management and Vulnerability Impact Assessment

Speaker: Gunter Bitz; Henrik Plate

Re-usage of Open Source Software (OSS) has increased in commercial software development by orders of magnitude. This presentation will show how OSS vulnerabilities can be managed at large scale (about 10,000 OSS usages in our case), and how to address sins from the past. At last a concept will be shown which automates the analysis of the exploitability potential of an insecure OSS component.

>>Go To Presentation

5) DevSecOps in Baby Steps

Speaker: Hart Rossman ( @HartDanger )

Here's an overview of the presentation: Getting to DevOps; DevOps to DevSecOps; Planning your Epics & Sprints; Use Cases & Example

>>Go To Presentation

6) Estimating Development Security Maturity in About an Hour

Speaker: Matthew Clapham ( @ProdSec )

The session describes a simple method of estimating a development team’s security maturity, i.e. how well they make a secure software product, by looking at five key factors. The factors and a simple rating system will be shown coupled with real-world samples. Applicable usage scenarios as well as comparison to other security maturity models will be given.

>>Go To Presentation

7) Understanding the “Why” in Enterprise Application Security Strategy

Speaker: Troy Grubb ( @TroyRGrubb )

The Hershey Company initiated a strategic initiative to identify all of the truly critical IT assets that enable the company’s continued success. The evaluation confirmed the importance of protecting their business critical SAP systems. To get executive cross functional buy-in the security team implemented an SAP Vulnerability Management program with a clear strategy of “why” to influence results.

>>Go To Presentation

Your Complete Guide To Top Talks @RSA Conference 2016 (USA)

Get your FREE Guide on Top Talks @ RSA Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks IAM,Artificial Intelligence,datasecurity,crypto & Others at RSA Conference 2016.

RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)

1) DON'T Use Two-Factor Authentication...Unless You Need It!
Speaker: Michael Schwartz ( @GluuFederation )

Conventional wisdom tells us to use two-factor authentication—and it does help to improve security. But the best way to reduce user-friction is to never require a person to authenticate. This talk will provide a modern solution to reconcile these two divergent imperatives by leveraging standard profiles of OAuth2 for “trust elevation.” It’s not just the front door that needs protection!

>>Go To Presentation

2) Rise of the Hacking Machines

Speaker: Konstantinos Karagiannis ( @konstanthacker )

This presentation gives you a good insight on Artificial Intelligence from classification to some evolution factors like the scanners without AI and more.

>>Go To Presentation

3) Intelligent Application Security

Speaker: Julian Cohen ( @HockeyInJune )

This presentation gives you a good insight into application security, it's stats, case studies along with a suggested new security strategy.

>>Go To Presentation

4) Applying Auto-Data Classification Techniques for Large Data Sets

Speaker: Anchit Arora ( @ancarora )

In the current data security landscape, large volumes of data are being created across the enterprise. Manual techniques to inventory and classify data makes it a tedious and expensive activity. To create a time and cost effective implementation of security and access controls, it becomes key to automate the data classification process.

>>Go To Presentation

5) Realities of Data Security

Speaker: Scott Carlson ( @relaxed137 )

PayPal delivers secure payment solutions across the world. Managing the security of customer data is expected across the financial services industry. This talk will focus on real-world strategies that PayPal has employed within our data environment, all while supporting multiple “As a Service,” “World-wide Scale,” “NoSQL” and “Cloud” technologies within a 10+-year-old company.

>>Go To Presentation

6) Crypto 101: Encryption, Codebreaking, SSL and Bitcoin

Speaker: Benjamin Jun ( @BenjaminJun )

Cryptography is the underpinning of digital security. Get introduced to the building blocks of crypto, how they’re applied to secure web connections and bitcoin, and how cryptosystems are attacked in the wild.

>>Go To Presentation

7) (FREE ACCESS) FireCompass : Discover & Compare 1000+ Global Sec...

Description: AI Assistant For Security Product Buying

FireCompass is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. Grab your FREE Account Now (For a Limited Time ONLY).

>>Claim Free Account

Your Complete Guide To Top Talks @RSA Conference 2017 (USA)

Get your FREE Guide on Top Talks @ RSA Conference 2017 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.

>>Click Here To Get Your FREE Guide

Aspirin as a Service: Using the Cloud to Cure Security Headaches

Moving critical workloads into the cloud can be unnerving for security professionals. In reality, though, the cloud offers a whole new set of opportunities for the security team to do things even better than in their on-premises environment. Two seasoned cloud experts will explore the latest real-world, practical tools and techniques for becoming demonstrably more secure as you move to the cloud.

Speakers

Bill Shinn; Rich Mogull ( @rmogull )

Principal Security Solutions Architect, Amazon Web Services

Bill Shinn spends his time helping security teams understand privacy, security and compliance as they move their business to AWS. Prior to AWS, Shinn spent over 12 years managing and leading information security operations and architecture initiatives at some of the largest U.S. financial institutions, including U.S. Bank and JPMorgan Chase.

Rich Mogull has 20 years experience in information security, physical security and risk management. He specializes in cloud security, data security, application security, emerging security technologies and security management. He is also the principle course designer of the Cloud Security Alliance training class and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, he was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, he worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.

Detailed Presentation:

Below are the few indicator topics upon which we will centre our discussion for different domains.

Cloud Security

• How to assess the organizational need and readiness for cloud services
• How to define the policies and controls for protection against risk in cloud services
• How to evaluate the risk factors while opting for cloud services
• How to evaluate cloud security providers
• How to comply with regulations and standards and address data residency related concerns

Threat Modeling for Banking & Telcos

• Understanding the various models of for conducting threat model
• Practical use cases for threat modeling
• Practical exercise of Threat Modeling for specific industry verticals
• Threat Modeling for Banking Ecosystem (Only for participating banks)
• Threat Modeling for Telcos (Only for participating telecom organizations)

SOC and SIEM

• Learn how to architect your SOC or SIEM solution
• Learn the benefits of moving from traditional SIEM to Security analytics
• How to assess your organizational maturity for SIEM solutions?
• How to evaluate SIEM vendors/tools
• How to build Security and operations center
• How to build incident response process and organization
• Learn the Success and failure factors behind SIEM implementation from experts

Enterprise Mobility Security

• Learn the taxonomy of EMM solution
• How to architect your Mobility solution
• How to apply data security policies to users/devices that frequent on and off your corporate network 
• How to enable BYOD trend without compromising on the security of data and violating the regulatory mandates
• How to evaluate different Mobility vendors/tools

iAM

• How do you plan for IAM, PIM and PAM tool deployment in your organization 
• How do you sell your idea to implement IAM solution to your management 
• How do you evaluate IAM/PIM vendors and tools ?
• How do you decide between the Multiple deployment options ?
• How do you audit and report the actions of privileged users ?
• What are the best practices, success and failure factors in IAM tool implementation ?
• How do you measure the effectiveness of your IAM/PIM deployment

Data Security and DLP

• How to do data classification ?
• How to assess the organizational need and readiness for DLP solution
• How to define requirements for selecting proper data security solution
• How to evaluate a DLP vendor/Tool ?
• What are the Success factors and failure factors in DLP implementation ?
• How to define metrics to  measure the effectiveness of DLP tool ?

Advanced Persistent Threats

• How do you deal with targeted and sophisticated attacks?
• Critical capabilities for a APT solution and taxonomy
• How do you prevent and respond to Ransomware attacks ?
• How to you Identify and block complex javascript based attacks ?
• What are the questions to ask APT vendor before selecting any APT solution ?
• What metrics can be used to define & measure the effectiveness of your APT solution ?

DDOS attacks

• How to Identify and remediate DDOS attacks ?
• What are the different ways and tools to protect yourself from DDOS attacks ?
• Critical capabilities for a DDOS security solution
• How to evaluate DDOS vendors and tools ?
• What are the best practices in implementing DDOS solution ?

Vendor risk management

• Understanding the Vendor risks
• How do you assess and manage the risk associated by the use of third party IT products and services ?
• How to create a vendor risk management process and framework within your organization

SCADA Security

• Understanding the risks and attack vectors for SCADA
• Critical controls for SCADA security
• Building a roadmap for securing SCADA

Enterprise Security Strategy

• How to understands the Information Risk Model of your organization
• Connecting the risks to controls using frameworks like COBIT
• Building a roadmap and dashboard
• Framework to present enterprise security strategy to management

IT GRC

• Learn how to architect for GRC solution
• How to Jumpstart your GRC program with freely available tools and content
• Assess your organization's readiness for IT GRC solution
• Learn to set up and  risk assessment workflow, risk acceptance process and IT risk metrics
• Learn how to automate incidence response workflows
• Learn to  measure and report compliance with regulation and other standards.
• Critical capabilities for a IT GRC solution and taxonom
• CISOs who implemented GRC to share their real life experiences

Security intelligence is the act of gathering every available piece of information passing through an organization’s network in order to better understand who’s doing what with whom. Similar to business intelligence, it involves the automated processing of large volumes of data in order to develop profiles, seasonality patterns and other network usage insights; but unlike business intelligence, the goal is not to gain a deeper understanding of a market or identify related customer buying patterns. Rather, security intelligence seeks to understand what is normal with respect to user, application, and data-access behaviors so that when abnormal conditions exist, they can be detected.

What Will You Learn?

• Setting Security Intelligence Goals
• Moving Beyond Log Management & SIEM
• Determining The Business Value Of Security Intelligence

>>Download Complete Report Here

Crypto 101: Encryption, Codebreaking, SSL and Bitcoin

Cryptography is the underpinning of digital security. Get introduced to the building blocks of crypto, how they’re applied to secure web connections and bitcoin, and how cryptosystems are attacked in the wild.

Speakers

Benjamin Jun ( @BenjaminJun )

Ben is a professional seeker of HVF (Hard Valuable Fun) problems. He operates HVF Labs, a company creation lab and halfway house for former company founders. Ben formerly co-founded Cryptography Research, and over 20 billion consumer devices have shipped with security technologies he helped develop and architect. His security components play a role in leading payment systems, mobile phones, digital content, and semiconductor companies. Ben serves on the Board of Advisors of the RSA Conference.

Detailed Presentation:

Realities of Data Security

PayPal delivers secure payment solutions across the world. Managing the security of customer data is expected across the financial services industry. This talk will focus on real-world strategies that PayPal has employed within our data environment, all while supporting multiple “As a Service,” “World-wide Scale,” “NoSQL” and “Cloud” technologies within a 10+-year-old company.

Speakers

Scott Carlson ( @relaxed137 )

Director - Security Strategy, PayPal

Scott Carlson is a driven technologist specialized in Information Security, Data Centers, Virtualization and Systems Architecture. Having spent the past 18 years in Fortune 500 companies leading engineering efforts across financial, education and Web 2.0 sectors, Carlson can speak technology, manage projects, can be AGILE, play well with others in SCRUMs and can draw diagrams that even senior executives understand. His speaking experience includes VMworld, Interop, RSA Conference USA, OpenStack Summit and the Arizona Technology Forum.

Detailed Presentation:

Applying Auto-Data Classification Techniques for Large Data Sets

In the current data security landscape, large volumes of data are being created across the enterprise. Manual techniques to inventory and classify data makes it a tedious and expensive activity. To create a time and cost effective implementation of security and access controls, it becomes key to automate the data classification process.

Speakers

Anchit Arora ( @ancarora )

Program Manager, Cisco

Anchit Arora has over 10 years of information security experience across a variety of industry verticals. His areas of expertise include data security and governance, security and risk assessments of IT applications and systems, security strategy development, IT audits and SOX compliance. He has held prior positions with Ernst & Young (E&Y) and Portland General Electric. In his current role, as a Program Manager with Cisco, he is responsible for driving several strategic initiatives to protect Cisco’s intellectual property and customer data. Arora can be contacted at ancarora@cisco.com.

Detailed Presentation:

Intelligent Application Security

This presentation gives you a good insight into application security, it's stats, case studies along with a suggested new security strategy.

Speakers

Julian Cohen ( @HockeyInJune )

Detailed Presentation:

Rise of the Hacking Machines

This presentation gives you a good insight on Artificial Intelligence from classification to some evolution factors like the scanners without AI and more.

Speakers

Konstantinos Karagiannis ( @konstanthacker )

Detailed Presentation:

DON'T Use Two-Factor Authentication...Unless You Need It!

Conventional wisdom tells us to use two-factor authentication—and it does help to improve security. But the best way to reduce user-friction is to never require a person to authenticate. This talk will provide a modern solution to reconcile these two divergent imperatives by leveraging standard profiles of OAuth2 for “trust elevation.” Its not just the front door that needs protection!

Speakers

Michael Schwartz ( @GluuFederation ); 

Mike Schwartz is the Founder of Gluu, a security software company serving companies, governments and universities around the world. Schwartz is a domain expert in application security, authentication and API access management. The Gluu Server is one of the leading implementations of OpenID Connect. Schwartz has participated in the development of standards like the User Managed Access (UMA) profile of OAuth2, a new standard for API access management. He also is Co-chair of the Open Trust Taxonomy for OAuth2, a working group at Kantara to create new standards for multiparty federation. Before starting Gluu, Schwartz was a security integrator for many large enterprises. He also was the Founder of an ISP in the ’90s. He now resides with his family (and pigeons) in Austin, TX.

Detailed Presentation:

Introduction and a Look at Security Trends

The security industry has significantly changed over the last 25 years, as reflected in the content at RSA Conference. This introductory session will look at some of the major shifts, the economics that are driving the shifts, and the trends that are shaping current and future directions.

Speakers

Hugh Thompson 

Herbert (Hugh) Thompson is Program Chair for RSA Conference and a world-renowned expert on IT security. Thompson has co-authored several books on the topic and has written more than 80 academic and industrial publications on security. In 2006, he was named one of the “Top 5 Most Influential Thinkers in IT Security” by SC Magazine and has been interviewed by top news organizations, including the BBC, CNN, MSNBC, Financial Times, Washington Post and others. He has been an Adjunct Professor at Columbia University in New York and is Senior VP and Chief Security Strategist at Blue Coat Systems, Inc.

Detailed Presentation:

The Seven Most Dangerous New Attack Techniques, and What's Coming Next

Which are the most dangerous new attack techniques for 2016/2017? How do they work? How can you stop them? What's coming next and how can you prepare? This fast-paced session provides answers from the three people best positioned know: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S., and the top expert on cyberattacks on industrial control systems.

Speakers

Johannes Ullrich ( @johullrich ); Ed Skoudis ( @edskoudis ); Mike Assante ( @assante_michael )

As Dean of Research for the SANS Technology Institute, Johannes Ullrich is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Ullrich worked as a lead support engineer for a web development company and as a research physicist. Ullrich holds a Ph.D. in Physics from SUNY Albany and is located in Jacksonville, FL. He teaches courses on web application security, intrusion detection, IPv6 and more.

Ed Skoudis ( @edskoudis )

Instructor at SANS

Ed Skoudis Instructor at SANS is a security expert on hacker attacks and defenses, a world-renowned author and president of Counter Hack Challenges—the company that has built the most sophisticated cyber-competitions and ranges used by the U.S. military. He's demonstrated hacker techniques against financial institutions for the U.S. Senate and frequently speaks at security conferences. He is also a SANS Faculty Fellow who teaches thousands of information security professionals how to improve their skills and better defend their networks. He was also the expert called in by the White House to test the security viability if the Trusted Internet Connection (TIC) and provides after-attack analysis on most of the major attacks against commercial organizations where credit card data is lost.

Mike Assante ( @assante_michael )

ICS Director, SANS

Michael Assante is an internationally recognized thought leader in cybersecurity of industrial control systems. Assante held the position of Vice President and Chief Security Officer at the North American Electric Reliability Corporation and oversaw the implementation of cybersecurity standards across the North American electric power industry. Prior to joining NERC, Assante held notable positions at Idaho National Labs and was Vice President and Chief Security Officer for American Electric Power. Assante is a former U.S. Navy intelligence officer with experience in information warfare and information security management.

Detailed Presentation:

State of Cybersecurity: 2016 Findings and Implications

This session will present key results of ISACA and RSA’s State of Cybersecurity Survey. Learn findings of the current cybersecurity landscape. Understand current threats and vulnerabilities as well as how enterprises are responding. Results will include top threats faced, as well as information on controls, skills employers are looking for, security organizational structures and incident plans.

Speakers

Jennifer Lawinski ( @lawinski ); Ron Hale 

Jennifer Lawinski is currently the Editor-in-Chief of online engagement for RSA Conference, driving the editorial strategy as well as managing online content. Before joining RSA Conference, she spent several years covering business technology and the tech industry, among other topics, for publications including Fox News, MSN News, CRN and CIO Insight. She is a graduate of Dartmouth College and earned her M.S. in journalism from Boston University.

Dr. Ron Hale, Ph.D., CISM, is the Chief Knowledge Officer at ISACA. In this position he works with a staff team of subject experts and volunteers from among ISACA’s global membership to develop the products and certifications that support the career advancement of our constituents in information systems audit, cybersecurity, information risk management and the governance of enterprise IT. Hale has professional experience in information and cybersecurity gained as a security manager and as the practice director for Deloitte. Hale was admitted to the Directorship 100 by the National Association of Corporate Directors for his contributions to corporate governance. He has a master’s degree in criminal justice from the University of Illinois and a doctorate in Public Policy from Walden University. 

Detailed Presentation:

Smart Megalopolises. How Safe and Reliable Is Your Data?

Road sensors which collect raw data for intelligent transport systems are hugely important, with key decisions around road improvement, traffic jam management and traffic light patterns based on the information they collect. Radars transmit this data to an operation center for detailed analysis, but can governments truly trust and rely on the data?

Speakers

Denis Legezo ( @legezo ) 

Security Researcher, Global Research and Analysis Team (GReAT), Kaspersky Lab

Denis Legezo got his degree at cybernetics and applied mathematics facility of Moscow State University in 2002. His diploma topic was directly related to information security. Then he started his career as a programmer in different public and commercial companies. Before joining Kaspersky Lab in the beginning of 2014, he worked as a technical expert for one of the Russian system integrators. Legezo collaborated a lot with Russian IT-magazines and online news resources the same thematic. He loves everything that’s high-tech, including embedded systems and modern cars security. 

Detailed Presentation:

Security Advantages of Software-Defined Networking

Current practices using wide-area routing over Internet infrastructure decentralize the control of how information is transferred. Software-Defined Networking (SDN) centralizes network control functions, offering more holistic network security management and allowing for dynamic divisioning, multivendor end-to-end security and reduced dependence on the traditional perimeter approach.

Speakers

Edward Amoroso

Dr. Edward Amoroso serves as Senior Vice President and Chief Security Officer at AT&T, where he is responsible for real-time protection of AT&T’s vast enterprise, network and computing infrastructure, including mobile and video services. During his 30-year career with AT&T, Amoroso has focused exclusively on cybersecurity, working on projects ranging from Unix operating system security to critical infrastructure protection design. He is the author of five published books on cybersecurity and has served as Adjunct Professor of Computer Science at the Stevens Institute of Technology for the past 26 years. 

He holds a B.S. degree from Dickinson College, and M.S. and Ph.D. degrees in computer science from the Stevens Institute of Technology. He is also a graduate of Columbia Business School. 

Detailed Presentation: