Your Data-Driven Guide To 2016 RSA Conference (U.S. Edition)

By Bob Rudis (@hrbrmstr)
Sat 23 January 2016 | tags: blog, podcast, -- (permalink)

While I may not be able to attend the 2016 RSA Conference, I can provide some recommendations for those seeking a more data-driven schedule between parties and recovery breakfasts.

There is a high likelihood that Advancing Information Risk Practices Seminar will have sage & practical advice on how to use data to best manage risk in your organization.
The always amazing Anton Chuvakin’s session on Demystifying Security Analytics: Data, Methods, Use Cases will be a great primer for those who have struggled to get a successful analytics practice off the ground.
I’ve been assured no IPv4 addresses, malware hashes or crafty URLs were harmed in the making of Wade Baker’s talk on Bridging the Gap between Threat Intelligence and Risk Management. If there’s anyone who is more data-driven than Jay & I it’s Wade.
“Maturity models” always terrify me as they are prone to simplicty. But, if you’re starting from scratch, they can be an effective gateway drugs into more advanced data-driven security practices. Give Grow Up: A Maturity Model and Roadmap for Vulnerability Management (Core Security) a listen if you’re just starting on the path.
I also wince at the mere hint of “big data”, but Security Monitoring in the Real World with Petabytes of Data may be worth a listen if you’re in a large org and are tired of fighting (and paying for) Splunk.
If data-driven devops is your thing, Scott Kennedy’s DevSecOps—The Tao of Security Science was spot-instanced just for you.
Moar “big data” at this one, but at-scale data classification is a real issue in large orgs. Applying Auto-Data Classification Techniques for Large Data Sets by Anchit Arora may help you carve your towering data peaks down to size.
The economics of security go beyond security department budgets. Destabilizing the cybercrime economy is an approach orgs don’t often think about. You may find key elements of how to do that at Malware as a Service: Kill the Supply Chain.
Jack Jones seems to be arguing against maturity models in his talk: How Infosec Maturity Models Are Missing the Point. Go to both and decide for yourself!
Data-Driven App Sec. With a title like that, it has to be on the list, no?
Hubbard wrote the book on measuring anything and his new book on doing so in cyber is sure to be a hit with the data-driven community. Get a preview of it at How to Measure Anything in Cybersecurity Risk.
Lance² will definitely be including the use of data in their talk on Transforming Your Security Culture: From Awareness to Practice to Maturity.
I don’t know Clay and “best practices” terrify me more FBI iOS hacking, but Building Security Data Science Capability may be chock full of sage advice.
One more where the title alone seems to mandate inclusion: Data Science Transforming Security Operations. It’s by an RSAer at an RSA conference, so caveat spectator.
You might want to check out Effectively Measuring Cybersecurity Improvement: A CSF Use Case for good-er-ah-measure?
Despite now working for a router company, the former OpenDNS folks always have interesting talks. While there’s yet moar “big data” in Using Large Scale Data to Provide Attacker Attribution for Unknown IoCs it will most likely be a fun and informative session.
There seems to be a whole lotta measuring going on this year at RSA and Lisa’s talk on Measuring What Matters may help you focus on asking the right questions so you can get your metrics program back on track (or start one!).
I don’t know how data-driven This Doesn’t End Well: The TLD Explosion will be but I despise these new silly TLDs and if you walk away from this talk hating them, too then it’s Mission: Accomplished for me.
Leveraging Analytics for Data Protection Decisions is a guarantted 5-star talk (NOTE: David did not pay me in pastries to say that).

Did I miss any? Disagree with my chocies? Drop me a note in the comments or on Twitter!

If you do attend any or all of these and like to be on the podcast to give us your first-person review drop us a note or find Jay at RSA and get us your contact info.