When you think of Fisherman's Wharf, cable cars, and all-things San Francisco, do you feel the buzz and excitement of RSAC season? With this year’s RSA Conference just a couple of weeks away, and with more than 500 sessions planned, it can be a bit overwhelming to sort out which sessions are must-attends and which keynotes are going to be first-class.
Discover your weak points and strengthen your resilience: Run a Free Ransomware Readiness Test
Not to worry — we’ve got your back. Our team has compiled the top sessions you won’t want to miss, organized by day, time, and department. Follow our handy-dandy agenda below to make sure you’re taking advantage of everything RSAC has to offer.
For executive leaders, HR teams, and management
Monday, April 24
Rise and shine with opening session Modern Bank Heists (8:30 – 9:20 a.m.) You’ll hear CISOs from Mastercard and the U.S. Secret Service discuss cyberattack and e-fraud trends impacting the financial sector. Additionally, speakers Tom Kellerman, Ron Green, and Matt O’Neill will talk about attack trends and relevant countermeasures they’re seeing today.
Take a break for breakfast and then grab a seat at the next session, The Art of Inclusion: Helping Diversity to Shine (10:50 – 11:40 a.m.). As diversity, equity, and inclusion (DEI) become the hot topics of the cybersecurity workforce, the single-minded focus on measuring diversity is turning DEI into a "feel good" metric and data point, but organizations struggle to embed DEI into their culture to create tangible benefit. This discussion will explore the importance of inclusion being the foundation of diversity. Note: to encourage open and honest feedback, media participants are not allowed to attend this session.
Tuesday, April 25
Start out day two of the conference with Engagement through Entertainment: How to Make Security Behaviors Stick (8:30 – 9:20 a.m.). This session promises to answer the age-old question, “What’s in it for me?” To help an audience today pay attention to what’s being said, they need to be offered something first. Like it or not, this also applies to cybersecurity content. This case study-rich discussion will share how to best bring general market communications into cybersecurity instead of fear, uncertainty, and doubt.
From there, jump right into Who Says Cybersecurity Can’t Be Creative? (9:40 – 10:30 a.m.) to learn how taking an innovative approach to cybersecurity can help security teams stop an attacker in their tracks.
After that, spend some time strolling the expo and visiting all your favorite vendors (including Varonis at booth N-5345!) before grabbing a seat at the next exciting session, It’s Not All Fun and Games: Cyber Threats to Professional Sports (1:15 – 2:05 p.m.). They say the best offense is a good defense. Join the FBI and the CISOs from the NBA, NFL, and NHL as they discuss the intersection of professional sports, cybersecurity, and coordination with law enforcement.
Finally, round out your Tuesday with what might be the most highly anticipated session of the conference, Hacking the Cloud: Play-by-Play Attack on GitHub, Okta, and Salesforce (2:25 – 3:15 p.m.). Varonis’ own Brian Vecci will walk you through how an attacker uses off-the-shelf security tools, API calls, and scripting to discover secrets in a public repository, leading to user impersonation in Okta, privilege escalation and sensitive data discovery in Salesforce, and ultimately data exfiltration from AWS. You won’t want to miss this one!
Wednesday, April 26
Get hump day started off right with How Your Brain Responds to Stories (10:45 a.m.; as of publication date, no end time was given). Successful cybersecurity professionals, global leaders, and visionaries don’t just present data — they also tell great stories that earn trust and create impact. Leadership consultant and CEO Karen Eber demystifies effective storytelling and explains how to harness it to create empathy and inspire action.
For a summary of the rollercoaster that was 2022, make sure to check out The State of Cybersecurity – Year in Review (11:10 – 11:30 a.m.). In this keynote, Kevin Mandia, CEO of Mandiant at Google Cloud, will share stories from responding to hundreds of cyber intrusions in the last year. You'll learn about attacker techniques, cyber defense tips for security operators, and how cyber security is impacting board and executive decision-making.
Wrap up your RSAC with one of the most popular sessions, Stranger Together: Becoming Monty Python (11:30 – 11:55 a.m.) This not-to-be-missed keynote promises both laughter and tears. Get up-close-and-personal as legend and co-creator of Monty Python Eric Idle shares his insights of how teamwork helped five British writers and an American cartoonist conquer the world of comedy, and how “Always Look on the Bright Side of Life” became a philosophy and a hit song which helped Eric survive show business, COVID, and cancer.
For technical engineers, system admins, and incident response teams
Monday, April 24
Kick-start your RSAC with Effective and Impactful Infrastructure Defense (8:30 – 9:20 a.m.). Organizations face a constant bombardment around addressing cybersecurity “fires.” How do you identify and mitigate the most critical issues? How do you address resource-constrained environments? Come share what’s worked for your organization in the past and learn from other's experiences! Note: to encourage open and honest feedback, media participants are not allowed to attend this session.
Moving right along, take a seat at this session and find out how We (Could Have) Cracked Open the Network for Under $100 (9:40 – 10:30 a.m.). Presenters will test the hypothesis that decommissioning processes for using secondhand software may not wipe a device clean, leaving critical data from the previous owner accessible and open to abuse.
Tuesday, April 25
Start your Tuesday off by learning how defenders can adopt and use AI chatbot technology during Not Just for Writing Malware - How Defenders Can Use ChatGPT (8:30 – 9:20 a.m.). Etay Maor will talk about how, although we often hear about all the bad things threat actors can do with ChatGPT, through his research, he found several ways defenders can use this tech for good. Note: to encourage open and honest feedback, media participants are not allowed to attend this session.
Next up on your agenda should be Anatomy of the Attack: The Rise and Fall of MFA (9:40 – 10:30 a.m.) With hybrid work now the norm, multifactor authentication is more prevalent than ever. So why are successful, high-profile attacks on the rise? Has MFA failed or is our identity paradigm flawed? Presenters will take a behind-the-scenes look at the three most significant attacks of 2022, break down what happened, and provide essential know-how to avoid becoming the next newsworthy breach of 2023.
Take a break to peruse the expo hall, grab lunch, and network with your fellow RSAC pals before heading back to attend Stories from the SOC Front Lines (1:15 – 2:05 p.m.). This panel of security ops women representing three different industries will share career journeys, incident response and security ops war stories, and discuss how companies can expand talent and development opportunities to increase the number of women in cyber ops roles.
Finish off your Tuesday strong with the fan-favorite Hacking the Cloud: Play-by-Play Attack on GitHub, Okta, and Salesforce (2:25 – 3:15 p.m.) Varonis’ own Brian Vecci will walk you through how an attacker uses off-the-shelf security tools, API calls, and scripting to discover secrets in a public repository, leading to user impersonation in Okta, privilege escalation and sensitive data discovery in Salesforce, and ultimately data exfiltration from AWS. You won’t want to miss this one!
Wednesday, April 26
To improve cyber resilience, it’s time to accept compromise and prepare accordingly. Assume Compromise: Think Like a Hacker to Build Resilience (8:30 – 9:20 a.m.) will teach you how. As cybersecurity breaches continue to happen, hear firsthand from a hacker with decades of experience on why we continue to see single security incidents become cyber disasters, and why it’s essential to adopt an attacker’s mindset when planning our defenses.
Nothing is more exciting than hearing Real World Stories of Incident Response and Threat Intelligence (9:40 – 10:30 a.m.)! In this session, figures in the incident response and threat intelligence industry from WIRED Magazine, Palo Alto Networks, Red Canary, and Dragos, Inc. share their experiences from responding to incidents in the past 12 months.
For fans of fun and entertainment
In addition to fantastic and knowledgeable sessions, RSAC always delivers some awesome water cooler moments, so make sure you save room in your schedule for these festivities!
In addition to all these great sessions, make sure you stop by the Varonis booth for live demonstrations, giveaways, and games!
Monday, April 24
Feel the flow at Pentera’s booth (#1835) with live cyber rap battles taking place every hour, on the hour. Our palms are sweaty, knees weak, just thinking about it.
Tuesday, April 25
Ain’t no party like an Optiv after-hours party, so make sure to register for your spot today. Join the Optiv crew from 6 – 10 p.m. at the historic August Hall downtown and say hi to the Varonis team sponsoring the event.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Megan is the content editor for Varonis and an avid fan of all things AP style. When Megan's not debating whether "cybersecurity" should be one word or two, she loves to travel with her husband and dote unhealthily on their pitbull, Bear.