Seth Meyers is an Emmy Award-winning Writer and current Host of Late Night with Seth Meyers, named one of the 2014 TIME 100, Time magazine’s 100 most influential people and hosted the 66th Primetime Emmy Awards. Meyers began his TV career with Saturday Night Live in 2001, where he was a cast member for thirteen seasons. He acted as Head Writer for nine seasons and “Weekend Update” Anchor for eight seasons. In 2011, he won the Emmy for Outstanding Original Music and Lyrics for host Justin Timberlake’s musical monologue and an additional 14 Emmy nominations for his work as a writer in television.

Espionage & Astrophysics

Not often do we get to say words like countersubversion, counterespionage and counterterrorism with excitement in our voice. However, today former MI5 Director Dame Stella Rimington took to our keynote stage to present on the topics of leadership and teamwork. Dame Stella addressed a variety of topics from her personal journey to becoming the Director General. An eye opener for some of our younger attendees was a throwback to a day when intercepting communications was the physical possession of paper messages between human beings and not email or dropped USBs. The modern day attacks may now be more tech-based, but these life lessons from a global icon have no expiration.

This afternoon our audience was able to a unique keynote experience: “An Astrophysicist Reads the Newspaper: Dr. Neil deGrasse Tyson Explores Our World.” Attendees were able to explore with Dr. Tyson all that is funny, illuminating and alarming about what appears in the world’s current events as seen through the lens of the world’s most famous astrophysicist.

College Day

As the world becomes more and more reliant on digital information, the need to protect that data increases. By 2020, cybersecurity jobs will number 1.5 million worldwide. RSA Conference created College Day to help students find their ideal career options through meeting both industry veterans and companies that are looking for young, talented students to join their ranks. This year, 60 students had access to over 50 sessions, a day in the life of a security expert panel, and met with sponsors during an open house.

Party on Wayne, Party on Garth

We are mixing things up. The Codebreakers’ bash of the 90s is no more, and the new RSAC Bash on Thursday night allows you to choose the party (or parties) that fits your style: Enjoy live blues at The Jam at City View at the Metreon. Test your skills at The Game, featuring billiards and video games at Jillian’s. The Taste offers a beer and wine tasting under the stars in the Mint Plaza. And finally, head to The Groove to listen to two DJs (including DJ Arty) at the Mezzanine Club. Go to one, go to them all – we hope to see you later tonight!

Looking ahead

What will cyberwar look like in 2020?

Speaker: Kenneth Geers, Senior Research Scientist, Comodo Group

Cybersecurity professionals frequently fail to effectively communicate the nature and extent of cyber-risk, resulting in cyber-policies that fail to cover bona fide risks. This session will focus on the scope and extent of cyber-risk and how the insurance industry has attempted (and sometimes failed) to address this risk.

John Loveland

The panel:

• Wendy Frank, Principal, PwC, Moderator
• Diana Kelley, Global Executive Security Advisor, IBM Corporation
• Lisa Lee, IT Examiner, Office of the Comptroller of the Currency
• Latha Maripuri, SVP and Global CISO, News Corp

Frank: What trends do you see happening in security testing?

Maripuri: There is an interesting shift going on. Traditional testing like vulnerability management and pen testing is getting commoditized by many tools and service providers, who focus on finding breaches. The dialogue is shifting to detect and respond. Have we realigned testing programs accordingly? Are we testing our people? Our processes? Do you get a false sense of security from testing and finding problems, when things often don’t get fixed? Are you tracking what does? If it’s too expensive to fix, what happens to those results? Traditional testing methods also don’t translate well to the cloud.

Lee: Do you understand the threat against your organization? What’s driving you to do the test? Weight the level of effort against the impact.

Kelley: Understand the tools to get the needed value out of them. Don’t put too much power into those tests. If you get a stack of problems, how are you going to prioritize and apply fixes?

Lee: Other value can come out of testing, like red teaming. It’s a good a way to train your incidence response team.

Maripuri: Phishing is an easy email to send to your employees, but there’s huge value in raising awareness. Bug Bounty programs take a bit more effort, but crowd sourcing can help you get to the next level.

Kelley: Focus on the impact to the executives. A phishing test is something a CEO will see. It provides “high visual yield”. It will help executives understand what your program is doing and see the success.

Frank: What about the maturity model of testing?

Kelley: First, understand your organization’s maturity and readiness, deploy in a useful manner and get some success, then expand. Don’t try to go to Level 6 maturity right away. Start small, with a small group. Find a high visibility app to get some success and confidence. See the blemishes early and fix them.

Lee: Doing the same thing more often doesn’t really increase value. Rethink the scope and frequency that might just be assumed to add value.

Maripuri: It’s not natural for developers to think about maturity models, but it’s very important. Looking at where you are and where you want to get to can be very helpful. We’ve started aligning our testing to our incident management process. Scanning our servers is good, but we found most errors were coming from the employee base. How do we automate and integrate more? Make testing part of the fabric of how you do services.

Read more here

Hear best practices to vet CSPs from three leading cloud providers.

Speakers:

Bill Burns, Chief Trust Officer, VP Cloud Business Transformation, Informatica
Trey Ford, Head of Trust, Heroku, a Salesforce company
Cory Scott, Chief Information Security Officer, LinkedIn
Jim Trovato, Sr. Director, IT Governance, Risk and Compliance, Informatica

Infosecurity Magazine: At Black Hat, you gave a presentation on why the information security industry should be putting their money where their mouth is and putting warrantees on their products. Six months down the line, do you still feel the same way?

Jeremiah Grossman: A $75 billion industry should offer guarantees. Cyber-insurance shouldn’t be necessary if products are genuinely strong. People are still being hacked all the time. When I first suggested it, it was controversial, I got hate mail, but there’s really no good reason why security companies shouldn’t be offering cyber guarantees.

Infosecurity Magazine: So has there been any progress? Are vendors starting to offer warrantees?

Jeremiah Grossman: There has been some progress, but not great. We should encourage customers to make those demands of vendors. There’s no reason it should be a problem. I brought this in at WhiteHat Security and later at SentinelOne.

Infosecurity Magazine: What feedback have you had from clients?

Jeremiah Grossman: Clients are skeptical, but hopeful. It’s going to take time for people to be comfortable with the concept.

Infosecurity Magazine: The latest (ISC)² workforce study has predicted a 1.8 million skills gap by 2020. Is that number over-hyped?

Jeremiah Grossman: The actual predicted figure may be inflated, but it’s a very real problem.

Read more at www.infosecurity-magazine.com

The connected world is a dangerous place. CISOs must lead their companies to adopt safe business practices.

How should you proceed? IANS reveals the secrets of high-performing CISOs by drilling into findings from CISO ImpactTM, a framework of best practices and diagnostic data gleaned from over 1000 organizations. Armed with strong guidance, CISOs can chart their own paths to leadership.

Speakers:

Stan Dolberg, Chief Research Officer, IANS,
Phil Gardner, CEO, IANS

This talk will present real-world examples from unpublished research to answer this question and more.

Speakers:

Brian Bartholomew, Security Researcher, Kaspersky Lab
Juan Andrés Guerrero-Saade, Security Researcher, Kaspersky Lab

Bruce Schneier