Skip to content ↓ | Skip to navigation ↓

It’s day two of the RSA Conference, and this is when things really start ramping up. And as if we didn’t have to walk great distances from event to event in years past, we now have the addition of another pavilion and even more ground to cover.

The following are some highlights from some of the sessions today, and maybe a few thrown in that were left over from the opening of the event on Monday, and we are grateful for those Tripwire team members who took the time to jot down a few of their thoughts on the sessions they attended.

It was really exciting to see standing room only and overflowing crowds at some of the sessions held by Tripwire’s subject matter experts, like this session with Bryce Schroeder that covered Restoring Trust after a Breach:


We were also quite fortunate to have Kelly Kingman available at some the the sessions to “visualize” some of the thoughts of the presenters in real-time as the talks were being given. See the picture below, and watch for more of Kelly’s fantastic visual interpretations from RSAC.

Diablo Security: What Can Infosec Learn from Video Games? (MASH-T07B)

Session Abstract: Adventure games make it easy for us to understand how our skills, weapons and countermeasures match up to the threats we expect to face. In this session, we’ll discuss models and lessons learned from video games that can be applied to infosec to help you better prepare for adversaries and learn from lost battles. After all, why shouldn’t your day job be fun and make you feel more like a hero?


Anthony M. Freed (attendee): “Tripwire’s CTO Dwayne Melançon gave fantastic session discussing what security professionals can learn from the video gaming industry, and it is amazing how much wisdom and strategy he was able to discern from his many hours of game play. Melançon discussed how elements of adventure games are analogous to how we evaluate our security team’s skill sets, and how our choice of tools (read as ‘weapons’) and countermeasures should match up to the actual threats we combat daily. These games can teach us how to allocate resources, decide which tools are worth the effort of maintaining and which should be abandoned, and how all the pieces fit together to create our ‘character’ and how we can evaluate our strengths and weaknesses. Melançon has a gift for analogous descriptions, and this session did not disapoint.”

Some quotes from Melançon:

  • “We need to understand our own capabilities and where we’re good or bad. Then find help to complement us…”
  • “We need to do more objective analysis on our own security controls and counter measures…”
  • “You need to be very clear about your goals and objectives, and then see your progress along the way…”

Computer Forensics and Incident Response in the Cloud (ANF-T07A)

Session Abstract: Computer security incident response plans include physical server access, and the ability to scan logs and pull data from forensic devices. When in the cloud, there is no physical access or forensic devices in place. However cloud providers can provide the data and expertise you need. This session will offer a blueprint of capabilities your cloud provider should have to conduct computer forensics.

Ken Westin (attendee): “Conducting forensics in the cloud is difficult due to  chain of custody issues. A server cannot be seized as the system is shared with other users which raises issues of privacy. Evidence that is collected and provided to you is based on the providers “word” where you have to trust the information they are providing you is valid.  Investigators are reliant on cloud providers to acquire evidence however those collecting the data may not be qualified for forensic acquisition. The location of the server may also not be known and data can be split across multiple servers in different countries further complicating the issues.”

“Traditional digital forensics is still appropriate for many investigations, however increasingly with the rise of virtual and cloud bases services it is no longer practical or even impossible. Amazon’s recent launch of  Amazon Cloud Trail is addressing some of these issues through records API calls made to your account and delivers log files to your Amazon S3 bucket. More cloud providers are providing similar tools. It is important to understand what you and your provider should take responsibility for, there is some overlap, but establishing a clear hierarchy establishing who handles what elements.”

Security Basics Seminar (SEM-M01)

Session Abstract: The Security Basics Seminar explains some of the most important security principles and is designed for practitioners with three years or less of information security experience. It lays a foundation of essential concepts that will enhance understanding of the more advanced security issues that will be discussed during the week. The seminar will feature some of the giants of the security industry.

Ed SMith (attendee): “This session provided a great springboard into the RSA conference by helping attendees get up-to-speed on the latest security trends. Useful for anyone who has been out of the industry for a while, but also a nice refresher for veterans who may not be up to date on areas outside their focus . At the beginning of the session, Hugh Thompson RSAC Program Committee Chair, introduced 5 laws of security: 1. Focus efforts on the People that want something of yours, not “bad guys” 2. Security is not about security, but mitigating risk 3. Most breaches are simple, not complex, 4. People are bad at security without education 5. Hackers look for weak points (see #3). As  an example for #4, Thompson talked about using LinkedIn for reconnaissance and spear phishing since hackers can target people by company and role. Looking to the future, Thompson sees psychology as being just as important as security metrics in managing cyber risk. Additional speakers covered authentication, GRC, app security, crypto, firewalls, malware, and mobile. Overall a good session–not too basic while covering a broad range of topics.”

Conundrums in Cyberspace: Exploiting Security in the Name of, well, Security (KEY-T02)

Session Abstract: Trust in technology has been badly undermined by public disclosures of widespread government surveillance programs. As the important public debate over the limits of government access to private data continues, customers, governments and others need to know where technology providers stand.

Speaker: Scott Charney, Corporate Vice President, Trustworthy Computing, Microsoft

Tim Erlin (attendee): “While some of the content was certainly valuable and interesting, this keynote has to be summarized as ‘We’re not RSA and here’s why.’ The underlying theme of the presentation was really a marketing message about how Microsoft isn’t like RSA, doesn’t have backdoors in their products, and fights mass surveillance on principle. Key to this message are the specific principles on which Microsoft operates: Privacy, Security and Transparency. Charney paid attention to all three, as well as addressing different security problems differently; specifically calling out Cybercrime, Economic Espionage, Military Espionage and Cyberwarfare. His strategies are detailed in a published paper.”

The Next World War Will Be Fought In Silicon Valley (KEY-T03)

Session Abstract: We are under attack, and we are not allowed to fight back. Everyone has a breaking point. What’s yours?

Speaker: Nawaf Bitar, Senior Vice President and General Manager, Security Business Unit, Juniper Networks, Inc.

Katherine Brocklehurst (attendee): “I wasn’t expecting this talk to be so philosophical. Nawaf started with outrage–citing historical references, such as the monk who set himself on fire, the protester at Tiananmen Square and others. By contrast, he said ‘like or dislike’ on Facebook is not ‘outrage’ nor is posting a bad review or retweeting (and by the way, neither is #firstworldoutrage).”

“He commented that we have no expectation of privacy and that ‘everybody’s a target, everyone with communication is a target.’ He also noted that our IP and identities are being stolen every day… To do nothing is implicit guilt. He then highlighted that the top two human concerns in the world are 1) family and 2) money. He believes we should have 3) be our digital information and privacy.”

“Finally, he told three historical stories that summed up heroically. My favorite was about germs and hygiene where Dr. Semmelweis in Vienna had discovered and enforced hygiene and reduced infection radically, yet ultimately died in a mental institution due to lack of acknowledgement and respect, as well as loss of his job due to skepticism. There is a pyschological condition called Semmelweis, which means ‘rejection of the unfamiliar.'”

Nawaf challenged that the next Semmelweis is here at RSA, and we need to have new defenses, new ways, new ideas, and new disruptions to regain our advantage against the changing threat landscape–I agreed.”

Tim Erlin (attendee): “Bitar took an aggressive stance on the NSA spying, calling out the industry for participating in what he called ‘first world outrage.’ He specifically speared those who chose to boycott the RSA conference as a form of protest. Starting with a level set against the reality of the world around us was a good start but the talk seemed to devolve into loosely coupled analogies about unsung heroes and unintended consequences. The audience was left with a clear message that ‘active defense’ is the way to go, but also with the lingering idea that there’s some easy, but ignored fix for the industry out there (like hand-washing in 18th century medicine).”

Shifting Roles for Security in the Virtualized Data Center: Who Owns That? (CSV-T07)

Session Abstract: As converged infrastructures take hold, traditional roles are shaken up and reimagined. This session explored how virtualization technologies are changing the operational and architecture roles in IT Networking and Security, and the skill sets required of these updated roles.


  • Malcolm Rieke, Director, Product Management, Catbird
  • Rob Randell, Principal Networking and Security Solutions Architect, VMware (@rjrandell)

Tim Erlin (attendee): “This session was a thinly veiled advertisement for VMWare products. That’s a problem in two ways. First, I don’t want an advertisement in my RSA session. Second, because it was thinly veiled, I didn’t actually learn about the VMWare products that could fulfill on the ‘concepts’ discussed. The idea of ‘application-centric’ deployment in virtual data centers is great, though not new by any means, and the need to shift roles and responsibilities to accommodate new technology is also true, but the presenters stayed too high level, leaving the audience (me, at least), disappointed at the lack of depth in any single area.”

The Seven Most Dangerous New Attack Techniques and What’s Coming Next (EXP-T08)

Session Abstract: Which are the most dangerous new attack techniques? How do they work? How can you stop them? What’s coming next and how can you prepare? This fast-paced session provided answers from the three people best positioned to know the answers: the head of the Internet Storm Center, the top hacker exploits expert/teacher in the U.S. and the top expert on cyber attacks on industrial control systems.

Moderator: Alan Paller, Director of Research, SANS Institute


  • Ed Skoudis, SANS Instructor, Counter Hack Founder (@edskoudis)
  • Johannes Ulric, CTO & Dean of Research, Internet Storm Center (@johullrich)
  • Mike Assante Director, SANS Institute (@SANSICS)

Katherine Brocklehurst (attendee): “In 3014 West, there was a line and crowd unlike I have seen at any of the RSA activities. Our hall holds 6,000 and they were turning people away. Wow! This was a panel, but the rapid-fire detail of all types of potential attacks came from each panelist: Ed Skoudis, Johannes Ullrich, Mike Assante and Alan Paller.”

“Key interest points were that the bad guys have wireless–and in the case of skimmers and memory scraping, wireless has eased the retrieval of the scanned credit card data so that the bad guys don’t have to go back to retrieve the data–they can sit nearby wirelessly and pick-off the data. Another story was about critical infrastructure. They told a story of a guy touring a power site and as they were touring, the guy pulled out his cell phone and wirelessly attached to the device they were in front of and said, ‘Relax! I’m just charging my phone!'”

“Then they went over several concerning stories that have made the media–potential and demonstrated abilities to hack trains, planes and automobiles–all of which have been done to illustrate the risks. Again, wireless being heavily used. Then they advised defense in depth and noted a number of tools that should be used, especially referencing IDS/IPS. Johannes shared about the Bitcoin hack–very timely information. Easily stolen, and your PC can be turned into CPU power that criminals can access and sell over the net. Lastly, they discussed the Android phones and how easy it is to lose your digital wallet.”


And be sure to join us at Tripwire’s RSAC Booth (3501) to get your free customized t-shirt printed on the spot, and listen to an array of in-booth guest speakers we have lined up. For the speaking schedule and information on how to obtain a free RSA Expo pass, see more details here.



picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].


picDefinitive Guide to Attack Surface Analytics

Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.


Title image courtesy of ShutterStock