Jennifer offers great insight on what session is a must-attend and where to go to do the best networking.
As a first-time speaker, Mark shares some info on his session and how he’s getting ready for his presentation, plus his thoughts on the must-attend program on the agenda.
Q: Which session are you most excited to attend and why?
A: “This is a super easy question to answer. I’m the biggest Neil DeGrasse Tyson fanboy (err, fangirl?) ever, anywhere, in all the cosmos. (You see what I did there?) I mean, I LOVE this guy, and RSAC will be my first time seeing him live. I’m going to be worse than a 15-year old Bieber fan with a backstage pass. Yes, Neil was voted Sexiest Astrophysicist Alive by People Magazine, but he’s not just a pretty face of physics. His intelligence is matched only by his humor, and if you haven’t picked up his book “Death by Black Hole: And Other Cosmic Quandaries” then you’re totally missing out. The trick will be getting from my session Thursday afternoon to his keynote, which immediately follows mine. Don’t worry though- I wouldn’t miss his session for the world.”
Q: Who is the best speaker you’ve heard at RSAC?
A: “Oh, c’mon! That’s an entirely unfair question to ask. There are fancy schmancy high profile keynotes every year, and several of my friends also speak, so you’re really putting me in a tight spot, my friends. I could say “me” but that’s silly. Next year, I’ll tell you it was Neil DeGrasse Tyson when you ask. For now, I’ll say Michio Kaku because even though it was six years ago, his 2011 keynote at RSAC got (and kept) me thinking about our collective future.”
Q: Where should attendees go to do the best networking during RSAC?
A: “RSAC really is THE networking event of the year for the information security industry. I always find a myriad of partners, colleagues, and clients throughout the week. It’s an amazing opportunity to catch up with friends, and make a few new ones along the way. While there are a ton of parties during RSAC week, I find they’re really better for having a drink with friends, and less conducive to true business networking. Something about the parties’ free-flowing alcohol, lack of seating, and a common propensity for ear-splitting tunes means networking opportunities are best found in breakout sessions, most notably Peer2Peer sessions and Birds of a Feather. These formats effectively filter attendees from tens of thousands to the dozen or so that share your pain points and could lead to good collaboration.”
Q: Outside of sessions and the expo, which program is a must-attend for you?
A: “The RSAC 2017 Ransomware Summit promises to be interesting. There’s a great line up of speakers to fill the day and I’ve known the host, Andrew Hay, long enough to know that he’ll keep the discussion lively and won’t shy away from challenging some common assumptions.
A close second (and thankfully not conflicting on the schedule) is a visit to the RSAC CyberSafety Village and the (ISC)² Safe and Secure Online Program Orientation. Both of these initiatives are trying to help parents, families, and communities tackle the issues around our kids growing up connected. It’s an issue that’s near and dear to me.”
Q: What is the topic of your session?
A: “My session addresses the security challenges with “serverless” applications. Serverless is the latest iteration of service-based architectures but finally done right. Essentially your code runs on a Function-as-a-Service platform (like AWS Lambda, Azure Functions, Google Functions) and it glues together third party APIs and SaaS services to create a low overheard, highly scalable and efficient application.
Of course, that brings a whole new set of security concerns that we—teams of defenders—aren’t used to dealing with. My session dives into these challenges and gives you a roadmap to help understand and deal with the security issues in these designs.”
Q: How are you preparing for your session?
A: “The current concept of serverless is still very new. There’s active development on all fronts: from core services to basic architectural patterns. In order to prep for my session, I’m making sure that I’m up to speed on all of the latest activity in the community so that I can analyze any security impacts from these developments.
That’s on top of my usual talk prep which I would sum up as “practice, practice, practice”!”
Q: What skills/info will those who attend your session walk away with?
A: “If you attend my session, you’re going to come away with a good, practical understanding of “serverless” as a concept (I can’t stand the hype. The approach has positives and negatives, I’ll talk to both), the security challenges inherent in these designs, and a few next steps you need to help you feel confident in rolling these types of designs into production.
You’ll also start re-thinking your relationship with your development teams which—if done correctly—can give you an advantage when it comes to any type of cloud deployment…not just a serverless one.”
We hope you enjoyed hearing from Jennifer and Mark! RSA Conference 2017 USA will be here before we know it. See you all soon in San Francisco!