Your Guide to the 2023 RSA Conference

Varonis has compiled the top RSAC sessions you won’t want to miss. Follow our handy agenda to take advantage of everything RSAC 2023 has to offer.
Megan Garza
5 min read
Last updated July 7, 2023

When you think of Fisherman's Wharf, cable cars, and all-things San Francisco, do you feel the buzz and excitement of RSAC season? With this year’s RSA Conference just a couple of weeks away, and with more than 500 sessions planned, it can be a bit overwhelming to sort out which sessions are must-attends and which keynotes are going to be first-class. 

Discover your weak points and strengthen your resilience: Run a Free Ransomware Readiness Test

Not to worry — we’ve got your back. Our team has compiled the top sessions you won’t want to miss, organized by day, time, and department. Follow our handy-dandy agenda below to make sure you’re taking advantage of everything RSAC has to offer.

Haven’t gotten your ticket yet? Click here to get in for free with our exclusive expo pass code.

For executive leaders, HR teams, and management 

Monday, April 24  

Rise and shine with opening session Modern Bank Heists (8:30 – 9:20 a.m.) You’ll hear CISOs from Mastercard and the U.S. Secret Service discuss cyberattack and e-fraud trends impacting the financial sector. Additionally, speakers Tom Kellerman, Ron Green, and Matt O’Neill will talk about attack trends and relevant countermeasures they’re seeing today. 

Take a break for breakfast and then grab a seat at the next session, The Art of Inclusion: Helping Diversity to Shine (10:50 – 11:40 a.m.). As diversity, equity, and inclusion (DEI) become the hot topics of the cybersecurity workforce, the single-minded focus on measuring diversity is turning DEI into a "feel good" metric and data point, but organizations struggle to embed DEI into their culture to create tangible benefit. This discussion will explore the importance of inclusion being the foundation of diversity. Note: to encourage open and honest feedback, media participants are not allowed to attend this session. 

Tuesday, April 25 

Start out day two of the conference with Engagement through Entertainment: How to Make Security Behaviors Stick (8:30 – 9:20 a.m.). This session promises to answer the age-old question, “What’s in it for me?” To help an audience today pay attention to what’s being said, they need to be offered something first. Like it or not, this also applies to cybersecurity content. This case study-rich discussion will share how to best bring general market communications into cybersecurity instead of fear, uncertainty, and doubt.  

From there, jump right into Who Says Cybersecurity Can’t Be Creative? (9:40 – 10:30 a.m.) to learn how taking an innovative approach to cybersecurity can help security teams stop an attacker in their tracks. 

After that, spend some time strolling the expo and visiting all your favorite vendors (including Varonis at booth N-5345!) before grabbing a seat at the next exciting session, It’s Not All Fun and Games: Cyber Threats to Professional Sports (1:15 – 2:05 p.m.). They say the best offense is a good defense. Join the FBI and the CISOs from the NBA, NFL, and NHL as they discuss the intersection of professional sports, cybersecurity, and coordination with law enforcement. 

Finally, round out your Tuesday with what might be the most highly anticipated session of the conference, Hacking the Cloud: Play-by-Play Attack on GitHub, Okta, and Salesforce (2:25 – 3:15 p.m.). Varonis’ own Brian Vecci will walk you through how an attacker uses off-the-shelf security tools, API calls, and scripting to discover secrets in a public repository, leading to user impersonation in Okta, privilege escalation and sensitive data discovery in Salesforce, and ultimately data exfiltration from AWS. You won’t want to miss this one! 

 

Wednesday, April 26 

Get hump day started off right withHow Your Brain Responds to Stories (10:45 a.m.; as of publication date, no end time was given). Successful cybersecurity professionals, global leaders, and visionaries don’t just present datathey also tell great stories that earn trust and create impact. Leadership consultant and CEO Karen Eber demystifies effective storytelling and explains how to harness it to create empathy and inspire action. 

For a summary of the rollercoaster that was 2022, make sure to check out The State of Cybersecurity – Year in Review (11:10 – 11:30 a.m.). In this keynote, Kevin Mandia, CEO of Mandiant at Google Cloud, will share stories from responding to hundreds of cyber intrusions in the last year. You'll learn about attacker techniques, cyber defense tips for security operators, and how cyber security is impacting board and executive decision-making.  

Wrap up your RSAC with one of the most popular sessions, Stranger Together: Becoming Monty Python (11:30 – 11:55 a.m.) This not-to-be-missed keynote promises both laughter and tears. Get up-close-and-personal as legend and co-creator of Monty Python Eric Idle shares his insights of how teamwork helped five British writers and an American cartoonist conquer the world of comedy, and how “Always Look on the Bright Side of Life” became a philosophy and a hit song which helped Eric survive show business, COVID, and cancer.  

For technical engineers, system admins, and incident response teams 

Monday, April 24 

Kick-start your RSAC with Effective and Impactful Infrastructure Defense (8:30 – 9:20 a.m.). Organizations face a constant bombardment around addressing cybersecurity “fires.” How do you identify and mitigate the most critical issues? How do you address resource-constrained environments? Come share what’s worked for your organization in the past and learn from other's experiences! Note: to encourage open and honest feedback, media participants are not allowed to attend this session.  

Moving right along, take a seat at this session and find out how We (Could Have) Cracked Open the Network for Under $100 (9:40 – 10:30 a.m.). Presenters will test the hypothesis that decommissioning processes for using secondhand software may not wipe a device clean, leaving critical data from the previous owner accessible and open to abuse.  

Tuesday, April 25

Start your Tuesday off by learning how defenders can adopt and use AI chatbot technology during Not Just for Writing Malware - How Defenders Can Use ChatGPT (8:30 – 9:20 a.m.). Etay Maor will talk about how, although we often hear about all the bad things threat actors can do with ChatGPT, through his research, he found several ways defenders can use this tech for good. Note: to encourage open and honest feedback, media participants are not allowed to attend this session. 

Next up on your agenda should be Anatomy of the Attack: The Rise and Fall of MFA (9:40 – 10:30 a.m.) With hybrid work now the norm, multifactor authentication is more prevalent than ever. So why are successful, high-profile attacks on the rise? Has MFA failed or is our identity paradigm flawed? Presenters will take a behind-the-scenes look at the three most significant attacks of 2022, break down what happened, and provide essential know-how to avoid becoming the next newsworthy breach of 2023. 

Take a break to peruse the expo hall, grab lunch, and network with your fellow RSAC pals before heading back to attend Stories from the SOC Front Lines (1:15 – 2:05 p.m.). This panel of security ops women representing three different industries will share career journeys, incident response and security ops war stories, and discuss how companies can expand talent and development opportunities to increase the number of women in cyber ops roles. 

Finish off your Tuesday strong with the fan-favorite Hacking the Cloud: Play-by-Play Attack on GitHub, Okta, and Salesforce (2:25 – 3:15 p.m.) Varonis’ own Brian Vecci will walk you through how an attacker uses off-the-shelf security tools, API calls, and scripting to discover secrets in a public repository, leading to user impersonation in Okta, privilege escalation and sensitive data discovery in Salesforce, and ultimately data exfiltration from AWS. You won’t want to miss this one! 

Wednesday, April 26 

To improve cyber resilience, it’s time to accept compromise and prepare accordingly. Assume Compromise: Think Like a Hacker to Build Resilience (8:30 – 9:20 a.m.) will teach you how. As cybersecurity breaches continue to happen, hear firsthand from a hacker with decades of experience on why we continue to see single security incidents become cyber disasters, and why it’s essential to adopt an attacker’s mindset when planning our defenses.  

Nothing is more exciting than hearing Real World Stories of Incident Response and Threat Intelligence (9:40 – 10:30 a.m.)! In this session, figures in the incident response and threat intelligence industry from WIRED Magazine, Palo Alto Networks, Red Canary, and Dragos, Inc. share their experiences from responding to incidents in the past 12 months.  

For fans of fun and entertainment

In addition to fantastic and knowledgeable sessions, RSAC always delivers some awesome water cooler moments, so make sure you save room in your schedule for these festivities! 

In addition to all these great sessions, make sure you stop by the Varonis booth for live demonstrations, giveaways, and games! 

Monday, April 24  

Feel the flow at Pentera’s booth (#1835) with live cyber rap battles taking place every hour, on the hour. Our palms are sweaty, knees weak, just thinking about it. 

Tuesday, April 25

Ain’t no party like an Optiv after-hours party, so make sure to register for your spot today. Join the Optiv crew from 6 – 10 p.m. at the historic August Hall downtown and say hi to the Varonis team sponsoring the event. 

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

speed-data:-the-(non)malicious-insider-with-rachel-beard
Speed Data: The (Non)Malicious Insider With Rachel Beard
Salesforce's Rachel Beard discusses why insider threats may not always have ill intentions and why security in the CRM is crucial.
speed-data:-security-leaders,-salesforce,-and-social-consciousness-with-doug-merrett
Speed Data: Security Leaders, Salesforce, and Social Consciousness With Doug Merrett
Doug Merrett of Platinum7 shares his thoughts on the importance of education, philanthropy, and realistic expectations in the tech world.
how-to-deal-with-sensitive-data-in-salesforce:-a-guide-to-data-classification
How to Deal With Sensitive Data in Salesforce: A Guide to Data Classification
Salesforce Ben and the Varonis team up to discuss Salesforce data classification best practices.
speed-data:-the-basics-of-cybersecurity-with-mark-wigham
Speed Data: The Basics of Cybersecurity With Mark Wigham
The Salesforce leader shares insights on DLP, supporting security teams, and essential cybersecurity principles