Security inKnowledgeMastering data. Securing the world.

2013

Save $400

on your Delegate Pass!

Discount ends January 25!

RegiSteR Now!www.rsaconference.com/join2013

Harness information.

Find Connections.

Secure Your Data.

Register Now!www.rsaconference.com/join2013

In 1440, the creation of Johannes Gutenberg’s printing press ignited a new age of enlightenment where words and ideas were expressed and shared en masse. The transformative power of this invention brought forth a new era of information.

Today, we find ourselves on the brink of another information evolution which will ultimately change the way we interpret,

manage, and protect the abundance of data that constantly accumulates. But along with the insights hidden within the massive amounts of data there are also vulnerabilities that can be exposed to attacks and threats. Are your organization’s security strategies strong enough to protect your information as it multiplies? Do you have the tools needed to respond to and effectively defend against attacks? RSA® Conference 2013 is the premier security forum that provides information security professionals with the resources and insights to address this challenge head on.

This year, RSA® Conference continues to confront the most pressing issues of the information security community. Uncover the keystones of solutions to the biggest threats in the Breaking Research track. Acquire fresh new perspectives each day with enlightening sessions in both 20- and 60-minute formats. Discover more companies bringing resourceful remedies to your organization’s problems in the expanded Expo. Finish your week with a stimulating closing keynote address by Condoleezza Rice, the 66th Secretary of State of the United States.

By collaborating with our community, you take one step closer to unlocking the insights of information and safeguarding the future of your organization’s data.

Sincerely,

Sandra Toms LaPedis AVP & General Manager, RSA® Conference

Unlock the Strength of information

Find out why Delegates just like you return to RSA Conference year after year. Visit www.rsaconference.com/iamRSAC.

I am RSA Conference…

Are You?

RSA® Conference is the leading forum that assembles information security experts and visionaries to exchange information and share insights on the latest trends with you. Over five full days, you will learn and connect with peers from around the globe and have access to:

> 22 informative tracks including new ones like Human Element, CISO Viewpoints and Enterprise Defense

> Over 275 sessions

> 20- and 60-minute session lengths

> More than 350 exhibitors and sponsors in an expanded Expo

> All-day Monday Seminars and Professional Development sessions

> Daily social events and networking opportunities

Plus, if you register by January 25 you can take advantage of savings of $400! Groups of five or more and government agency employees can save even more (see www.rsaconference.com/join2013).

HARnESS InFORMATIOn The constant evolution of cyberattacks and other threats to

sensitive information has forced the industry to shift perspective.

FInD COnnECTIOnS Participate in numerous opportunities to expand your network

throughout the week.

SECURE YOUR DATA Innovations and cutting-edge technologies abound in our

newly expanded Expo area.

Agenda At-A-Glance

† SANS Tutorials are offered for an additional fee * Open to Delegate registrants only ** Open to Delegate and Expo Plus registrants only

Schedule subject to change. Visit www.rsaconference.com/join2013 for latest updates.

9:00 AM

10:00 AM

11:00 AM

12:00 PM

1:00 PM

2:00 PM

3:00 PM

4:00 PM

5:00 PM

6:00 PM

7:00 PM

8:00 PM

9:00 PM

10:00 PM

8:00 AM

9:00 AM

10:00 AM

11:00 AM

12:00 PM

1:00 PM

2:00 PM

3:00 PM

4:00 PM

5:00 PM

6:00 PM

7:00 PM

8:00 PM

9:00 PM

10:00 PM

8:00 AM

SUNDAY,FEBRUARY 24 MONDAY, FEBRUARY 25 TUESDAY, FEBRUARY 26 WEDNESDAY, FEBRUARY 27 THURSDAY, FEBRUARY 28 FRIDAY,

MARCH 1

SANSTutorials†

SANSTutorials†

Seminars*

Expo

TrackSessions*

TrackSessions*

EncoreSessions*

EncoreSessions*

TrackSessions*

EncoreSessions*

Peer2PeerSessions*

Peer2PeerSessions*

Peer2PeerSessions*

TrackSessions*

Peer2PeerSessions*

TrackSessions*

TrackSessions*

Peer2PeerSessions*

SpecialEvents

SpecialEvents

Keynotes**

Keynotes Keynotes

Keynotes

Expo

ExpoAssociation

Events

Prof. Devel.Track

Sessions*

SpecialEvents

SpecialEvents

Click on the bars to get more information about each event.

Keynote Speakers

In his role as group president, Francis deSouza drives the company’s vision and delivery for Symantec’s market-leading security, backup and availability solutions. He previously served as Senior Vice President of Symantec’s Enterprise Security Group. deSouza joined Symantec in 2006 when the company acquired IMlogic, the instant messaging security provider he founded and led. deSouza’s earlier roles include Product Unit Manager at Microsoft, Founder and CEO of Flash Communications, and Computer Science researcher at IBM’s TJ Watson Research Labs.

He holds a number of patents in computer security and graduated from the Massachusetts Institute of Technology with MS and BS degrees in Electrical Engineering and Computer Science.

Francis desouzaGroup President, Enterprise Products and services, symantec

Arthur Coviello, Jr. is responsible for RSA’s strategy and overall operations as it delivers EMC’s global vision of information-centric security. Coviello was Chief Executive Officer of RSA Security, Inc. prior to its acquisition by EMC in 2006. He joined the company in 1995 and has been a driving force in its rapid growth since that time. Coviello’s expertise and influence have made him a recognized leader in the industry, where he plays a key role in several national cyber-security initiatives. Coviello has spoken at numerous conferences and forums around the world. Coviello has more than 30 years of strategic, operating and financial management experience in high-technology companies. In addition, he currently serves on the Board of Directors at EnerNOC, a leader in demand response systems for energy conservation, and AtHoc, a leading provider of enterprise-class network-based mass notification systems for the security, life safety and defense sectors. Coviello graduated magna cum laude from the University of Massachusetts.

arthur coviEllo, Jr.Executive vice President, EMc corporation; Executive chairman, rsa, the security Division of EMc

Scott Charney, Corporate Vice President, Microsoft Trustworthy Computing Group is responsible for improving security, privacy, and reliability of Microsoft’s products and services. Charney was previously the Chief of Computer Crime at the U.S. Department of Justice and also served as a Principal at PricewaterhouseCoopers leading the Digital Risk Management and Forensics Practice. Charney has received numerous awards, including the Justice Department’s John Marshall Award and Attorney General’s Award. He serves on the President’s National Security and Telecommunications Advisory Committee; was a co-chair of the CSIS Commission on Cybersecurity for the 44th Presidency; and served three years as Chair of the G8 Subgroup on High-Tech Crime. Charney received his degrees from the State University of New York and the Syracuse University College of Law.

scott charnEycorporate vice President trustworthy computing (twc), Microsoft corporation

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has repeatedly built innovative companies into industry leaders. As CEO of Qualys, Courtot has worked with thousands of companies to improve their IT security and compliance postures. He received the SC Magazine Editor’s Award in 2004 for bringing on demand technology to the network security industry and for co-founding the CSO Interchange to provide a forum for sharing information in the security industry. He was also named the 2011 CEO of the Year by SC Magazine Awards Europe. Courtot is a member of the board of directors for StopBadware.org, and in 2012, he launched the Trustworthy Internet Movement, a nonprofit, vendor-neutral organization committed to resolving the problems of Internet security, privacy and reliability.

PhiliPPE courtotchairman and cEo, Qualys

Michael Fey is worldwide chief technology officer for McAfee, responsible for overseeing the Office of the CTO including the management of McAfee’s team of regional and sector CTOs and go-to-market teams, as well as ensuring the success of global sales engineers and advanced technology groups. Prior to his current role, Fey was senior vice president of field sales engineering and advanced technology at McAfee, responsible for collaborating with global customers and prospects to define, design, and implement strategic security solutions. Before McAfee, he held multiple technical management positions at Opsware and Mercury Interactive. Fey is a co-author of “Security Battleground: an Executive Field Manual,” which provides guidance to executives who find themselves shouldering oversight responsibility for information security.

MikE FEyWorldwide chief technology officer, Mcafee

Andy Ellis is Akamai’s Chief Security Officer, responsible for overseeing the security architecture and compliance of the company’s massive, globally distributed network. Ellis is the designer and patent holder of Akamai’s SSL acceleration network, as well as several of the critical technologies underpinning the company’s Kona Security Solutions. He is at the forefront of Internet policy; as a speaker, blogger, member of the FCC CSRIC, supporting Akamai’s CEOs on the NIAC and NSTAC, and an advisory board member of HacKid. He is a graduate of MIT and a former US Air Force officer, the recipient of the CSO Magazine Compass Award, the Air Force Meritorious Service Medal, The Wine Spectator’s Award of Excellence, and the Spirit of Disneyland Award. Ellis can be found on Twitter as @csoandy.

anDy Ellischief security officer, akamai technologies

With more than 15 years of information security experience, Nicholas Percoco leads the global SpiderLabs organization that has performed more than 1,500 computer incident response and forensic investigations globally, run thousands of ethical hacking and application security tests for clients and conducted security research to improve Trustwave’s products. As a speaker, Percoco has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public (Black Hat, DEF CON, OWASP) and private audiences (Including DHS, US-CERT, Interpol, United States Secret Service) throughout the world. His research has been featured by many news organizations including: Wired, Fox News, USA Today, Forbes, CNN, NPR, and The Wall Street Journal.

nicholas PErcocosenior vice President, spiderlabs, trustwave

Jane McGonigal is today’s leading speaker on gamification—the application of game-design principles to real-life challenges. McGonigal has created games for the World Bank, the Olympic Games, the American Heart Association, the New York Public Library and many more. Her book is the definitive modern work on gamification, “Reality is Broken: How Games Make Us Better and How They Can Change The World.”

She is currently an advisor and affiliate researcher with the Institute For The Future in Palo Alto, California, where she served for four years as the Director of Game Research and Development. Her recent projects include a Games for Healthcare initiative with IFTF and the White House as well as Paths Out Of Poverty, a crowdsourcing game by IFTF for the Rockefeller Foundation.

JanE McGoniGalWorld-renowned Game Designer, inventor of superBetter and author of the New York Times bestseller, Reality Is Broken

Art Gilliland, Senior Vice President of HP Software Enterprise Security Products (ESP), oversees security solutions and services across HP’s vast product portfolio and helps enterprise customers manage risk and compliance requirements. A 15-year veteran of the enterprise security industry, Gilliland joins HP from Symantec, where he served as a Senior Vice President of the Information Security Group. As part of the original IMlogic team, he served as Vice President of products and marketing and helped grow that company into an industry leader before it was acquired by Symantec. He also served as a Senior Consultant for Gemini Consulting, which specialized in innovation and technology strategies. Gilliland holds several key patents and is a CISSP.

art GillilanDsenior vice President, hP software Enterprise security Products, hewlett-Packard company

Dr. Herbert (Hugh) Thompson is Program Chair for RSA Conferences and a world-renowned expert on IT security. He has co-authored several books on the topic and has written more than 80 academic and industrial publications on security. In 2006, Thompson was named one of the “Top 5 Most Influential Thinkers in IT Security” by SC Magazine and has been interviewed by top news organizations including the BBC, CNN, MSNBC, Financial Times, Washington Post and others. He has been an adjunct professor at Columbia University in New York for the past few years where he taught courses on computer security.

hErBErt ‘huGh’ thoMPson, Ph.D.Program committee chairman, rsa® conference

As Senior Vice President of the Security and Government Group at Cisco, Christopher Young is responsible for Cisco’s overall security vision, security product development, and cross-portfolio security strategy and architecture management. Young joined Cisco from VMware, where he served as Senior Vice President and General Manager, responsible for strategy, products, engineering, and delivery across all of VMware’s end-user computing solutions. Previously, he served as Senior Vice President, Products at RSA; as Vice President of safety and security premium services for AOL; and as founder and president of Cyveillance. Young holds a bachelor of arts degree, cum laude, from Princeton University and a master’s degree in business administration, with distinction, from the Harvard Business School.

christoPhEr younGsenior vice President, cisco security and Government Group, cisco

Ranked by Forbes Magazine as a “Web Celeb”, Jimmy Donal Wales is a U.S. Internet entrepreneur, wiki pioneer and technology visionary. Wales is best known as the Founder of Wikipedia and Wikimedia and Co-founder of Wikia. He is a Fellow of the Berkman Center for Internet & Society at Harvard Law School, serves on the Board of Directors of Creative Commons, has an honorary doctorate from Knox College of Illinois and a Pioneer Award from the Electronic Frontier Foundation. He received his B.A. from Auburn University and an M.S. from the University of Alabama. He took courses offered in the Ph.D. Finance program at Indiana University. He also worked as research director at Chicago Options Associates.

JiMMy Donal WalEsinternet Entrepreneur, Founder of Wikipedia

Remarks by Condoleezza RiceIn this inspiring presentation, Condoleezza Rice provides a sweeping look at global affairs discussing how recent events have changed the way we view political, economic, and social issues. She highlights the importance of democracy and why the United States must lead from the front now more than ever. She shares compelling stories of her experiences, which illuminate the interrelationship of global events and leaders.

Condoleezza RiCe is currently a professor of Political Economy in the Graduate School of Business, the Thomas and Barbara Stephenson Senior Fellow on Public Policy at the Hoover Institution and a professor of Political Science at Stanford University. She is also a founding partner of RiceHadleyGates LLC.

From January 2005-2009, Rice served as the 66th Secretary of State of the United States, the second woman and first African American woman to hold the post. Rice also served as President George W. Bush’s Assistant to the President for National Security Affairs (National Security Advisor) from January 2001-2005, the first woman to hold the position.

conDolEEzza ricE66th secretary of state of the united states

Closing Keynote

Join the founders and leaders of the field for an engaging discussion about the latest advances in cryptography, research areas to watch in 2013 and practical insights that continue to be drawn from lessons learned over the last three decades.

thE cryPtoGraPhErs’ PanElModerated by Dr. ari Juels, chief scientist, rsa, the security Division of EMc, and Director, rsa laboratories

Sunday/Monday SANS Tutorials*

Enhance your expertise in engaging 2-day classes led by respected authorities from the SAnS Institute. These classes are held from 9:00 AM – 5:00 PM on Sunday, February 24 and Monday, February 25 at San Francisco State University’s downtown campus, within walking distance of the Moscone Center.

TuT-S21 20 Critical Security Controls: Planning, implementing and Auditing

James Tarla, SANS Senior Instructor

This course helps you master specific, proven techniques and tools needed to implement and audit the Top Twenty Most Critical Security Controls. For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the Top 20 controls are effectively implemented.

TuT-S22 Cloud Security Fundamentals Dave Shackleford, SANS Senior Instructor

This course starts out with a detailed introduction to the various delivery models of cloud computing ranging from Software as a Service (SaaS) to Infrastructure as a Service (IaaS) and everything in between. Each of these delivery models represents an entirely separate set of security conditions to consider, especially when doing business with Cloud Service Providers (CSPs).

* SANS Tutorials are offered at an additional fee. Each of the SANS tutorials qualifies you for 12 CE credits. To see a full course description and register for the SANS tutorials go to: www.rsaconference.com/join2013 and click on SANS Tutorials under Agenda & Sessions.

TuT-S23 lethal Digital Forensic techniques and Memory Analysis

Rob Lee, SANS Fellow

Every action that adversaries make leaves a trace; you merely need to know where to look. Lethal Digital Forensic Techniques and Memory Analysis will give you the tools and techniques necessary to master advanced incident response, investigate data breach intrusions, find tech-savvy rogue employees, counter the Advanced Persistent Threat, and conduct complex digital forensic cases.

TuT-S24 Mobile Device Security Kevin Johnson, SANS Senior Instructor

Students will examine the threats and vulnerabilities affecting mobile device deployments, understand legal issues and constraints facing organizations, and develop policies and controls to guide mobile device use. Focusing on Apple iOS, Android, BlackBerry and Windows Phone devices, students will learn about the architectural strengths and weaknesses of each platform, identifying countermeasures and risk mitigation tactics to protect against common threats.

Schedule subject to change. Visit www.rsaconference.com/join2013 for up-to-date information.

Special EventsTuESDAy, FEbRuARy 26

5:00 PM – 6:00 PM expo Pub CrawlLearn about our sponsoring companies’ latest innovations and services over your choice of beer or wine at bars located within their booths during this 1-hour Pub Crawl!

Open to all registrant types.

5:30 PM – 6:00 PM executive women’s Forum (ewF) Meet & greet and Cyber Security School Challenge

This year’s EWF Meet & Greet combines the opportunity for all women attending RSA Conference 2013 to get to know each other at a peer exchange with the ability to participate in a Cyber Security School Challenge. The Challenge is a collaborative outreach program to educate students on the topics of online security, privacy, and safety. The EWF will provide access to lesson plans from leading industry & academic authorities enabling you to teach age appropriate lessons. Join The Challenge and let’s see how many kids we can educate! Feel free to bring an executive male peer who’d like to participate in the challenge! RSVP at http://www.ewf-usa.com/rsa-meet-greet.

Open to all registrant types.

6:00 PM – 7:30 PM (iSC)2 Member Reception

(ISC)2 is pleased to host a members-only reception in conjunction with the RSA 2013 Conference. This is a great opportunity for you to meet with fellow (ISC)2 members and discuss the latest cyber security trends, while you enjoy complimentary refreshments. You will also receive member updates from (ISC)2 and have a chance to ask questions and share your ideas. To attend, please RSVP by sending an email to receptions@isc2.org.

6:30 PM – 7:30 PM Reservation Times

Dinner For 6

On Tuesday and Wednesday, sign up for a pre-reserved, non-hosted dinner at a number of restaurants throughout the city, as a single diner or with a group of friends. Reservation slots are open to all registrants; however, space is limited and you must sign up on-site at the Conference Concierge desk in advance and obtain a confirmation slip to attend.

ThuRSDAy, FEbRuARy 28

5:30 PM – 6:50 PM Flash talks Poweredby PechaKucha

Pechakucha (Pk) events were devised in Tokyo in 2003. Drawing its name from the Japanese term for the sound of “chit chat”, Pk rests on a presentation format that is based on a simple idea: 20 images x 20 seconds (total presentation length – 6 minutes, 40 seconds). Pk events are fast-paced to keep interest levels high. Witness high-energy presentations, like you’ve never seen before, from some of the biggest names in the industry.

Open to all registrant types.

7:00 PM – 11:00 PM RSA® ConferenceCodebreakers Bash

Indulge yourself with decadent food, drinks and live entertainment at this not to be missed party, held at San Francisco City Hall. Be prepared to hit the dance floor for a night you are not soon to forget!

Delegate and Thursday Delegate One-Day registrants only. Guest tickets available for purchase.

6:30 PM – 7:30 PM Reservation Times

Dinner For 6

See description under Wednesday special events.

Open to all registrant types.

WEDnESDAy, FEbRuARy 27

5:00 PM – 6:00 PM (iSC)2 Safe & Secureonline Program volunteer orientation

Are you interested in volunteering to educate children in your community about how to protect themselves online? (ISC)2 members can join us at our Safe and Secure Online Program Volunteer Orientation where they’ll receive an overview of the Safe and Secure Online presentation materials and advice about how to present to children. You can attend this in-person orientation in lieu of the online preparation video, plus you’ll earn 1 CE credit.

To attend, please RSVP by sending an email to safeandsecure@isc2.org with your name and member ID number. Please indicate that you would like to attend the Safe and Secure Online Volunteer Orientation at RSA Conference 2013.

Monday EventsSEMInARS

Delegate registrants only.

8:30 AM – 4:30 PM SEM-001

Security BasicsThe Security Basics Seminar explains some of the most important security principles and technologies designed for practitioners with three years or less of information security experience or those new to the field. It is engineered to lay a foundation of essential concepts that will enhance your understanding of the more advanced security issues that will be discussed during the week. The seminar will feature some of the giants of the security industry today.

Topics include:• SecurityIndustryandTrends• Crypto101/EncryptionBasics,SSL&Certificates• AuthenticationTechnologies• ApplicationSecurity• Viruses,MalwareandThreats• MobileandNetworkSecurity• Governance,RiskandCompliance• FirewallsandPerimeterProtection

8:30 AM – 11:30 AM SEM-003

information Security leadership Development: Surviving as a Security leader In conventional security training, there are few opportunities to learn how to develop and direct a successful information security program. Experienced security leaders deliver a morning seminar focused on bridging this gap.

Topics include: • MaturityLifecycleofaSecurityProgram• BuildingYourTeam• RoleoftheCISO:Influence&DecisionSupport• AreYouFightingtheWrongBattles?• CISORoundtable:SecurityIntelligenceGathering

for Leaders

SPECIAl EvEnTS

1:00 PM – 6:00 PM innovation Sandbox

Innovation is critical to furthering the information security industry and helping practitioners solve current problems and better anticipate future threats. Held each year at RSA® Conference, Innovation Sandbox embodies the commitment of RSA Conference to remain on the leading edge of what’s next.

This one day program promotes new technology thinking; provides advice and counsel for would-be and current entrepreneurs; and exposes RSA Conference delegates to senior level business practitioners; venture capital professionals; industry experts and thought leaders.

Innovation Sandbox will also feature:• Demonstrationsfrominformationsecurity’snew

rising stars• The“MostInnovativeCompanyatRSAConference

2013” contest, judged by a panel of industry experts and thought leaders

• Meetandgreetswithyourcolleaguesandindustryexperts

• Andmore...

Delegate and Expo Plus registrants only.

5:30 PM – 6:00 PM orientation

All new and returning Delegates are invited to discover what’s new at RSA Conference 2013. Connect with peers and uncover tips on how to maximize your experience during the Conference.

Delegate registrants only.

6:00 PM – 8:00 PM welcome Reception

Start RSA Conference 2013 with a bang at the Welcome Reception in the Expo Halls. Partake in drinks and hors d’oeuvres while enjoying exclusive pre-event access to more than 350 leading information security companies.

Delegate and Expo Plus registrants only. Guest tickets available for purchase.

1:00 PM – 4:30 PM SEM-004

Advancing information Risk PracticesMany challenges face today’s Risk Management programs, including how to risk rank security gaps, handling business interactions, and building a qualified resource pool. This half day seminar will be packed with practical information from a series of respected industry leaders who have set out to challenge conventional ideas and pursue cutting edge tactics, discussing successes and pitfalls.

Topics include:• RiskyBusiness:QuantifyingRiskintheAbsenceof

Statistical Data• RiskManagement:ThePerspectiveoftheBusiness

Stakeholder• EducatingtheNextGenerationofInformation

Security Risk Managers• AutomationandRiskManagement,DoTheyMix?

ASSOCIATIOn EvEnTSOpen to all registrant types.

8:30 AM – 12:30 PM (iSC)2 CSSlP® Credential Clinic

This CSSLP Credential session will provide in-depth teaching of 2 of the toughest domains of the CSSLP. In this clinic, we will cover two of the seven domains needed to write secure code (secure software development domain) and perform appropriate validation and verification of controls (secure software testing domain). The secure software development domain will cover the OWASP Top 10 threats with applicable demos to show these threats in action. The Certified Secure Software Lifecycle Professional (CSSLP) is an (ISC)2 certification with 7 domains focusing on the topics needed to develop hacker resilient software.

9:00 AM – 1:00 PM CSA Summit—the Nextgeneration

CSA’s fourth summit will once again feature industry luminary keynotes and top experts debating key cloud security issues. Expanded research includes provider certification, mobile, Big Data, threats, software-defined networking and more. The next generation of the Infosec industry is here.

10:00 AM – 2:00 PM trusted Computinggroup

The Trusted Computing category is now widespread with support from governments, developers and users across the globe. As the technology’s flagship security advocate and the creator of industry security standards, the Trusted Computing Group (TCG) approaches its 10th anniversary at RSA® Conference 2013 with a look at current and emerging applications for trusted systems.

Opening with a provocative keynote focused on the day-to-day security challenges in a complex, many-user, sprawling enterprise environment, with some insight into the role of trusted systems.

1:00 PM – 5:00 PM the open webApplication Security Project

Regardless of your chosen/mandated framework for building web applications: Spring, Struts, Rails, PHP, Python, etc., you want to make your life easier, and potentially less embarrassing. Don’t be the one who left the door open for hackers. Learn handy tips from one of the world’s leading AppSec experts.

Recommended for: Developers (dev managers welcome, assign people from your team to attend). Bring yourself, no materials required.

1:30 PM – 5:30 PM (iSC)2 CiSSP® Credential Clinic

The CISSP is a globally recognized objective measure of excellence and is considered the gold standard in information security. The vast breadth of knowledge and the experience it takes to pass the exam is what sets the CISSP apart. For those information security professionals that are considering becoming a CISSP, (ISC)² is offering a FREE half-day credential clinic that will tackle two of the most intense domains of the CISSP. The clinic is taught by an authorized (ISC)² Instructor and is taught in the same manner as our Official Review Seminars, utilizing the course materials. Space is limited. Register today.

Track DescriptionsApplicAtion Security[ASEC] Given the increasing use of applications outside the enterprise via the web and cloud computing infrastructures, Application Security focuses on topics such as secure design, development, implementation and operation of packaged and custom-developed applications. this track will cover current threats and preventive measures.

ASSociAtion SpeciAl topicS[AST] navigate the association landscape and learn about opportunities in training, best practices, credentialing, special programs and career development from leaders in the field.

BreAkinG reSeArch – [BR] you won’t find slides for this session online. We don’t even know what topics it will cover. this half track is dedicated to the hottest research and most pressing threats from the top researchers in the field.

ciSo VieWpoint – [CISO] come hear the opinions of ciSos in a variety of panels featuring the latest trends and issues in information security.

cloud Security & VirtuAlizAtion[CSV] cloud Security includes security architecture in the cloud, cloud security governance, risks, migration issues, vendor Service level Agreements (SlAs), and case studies. this half track also includes sessions on the security aspects of virtualization such as deployment models, VM integrity, and virtualization security architecture.

cryptoGrAphy[CRYP] cryptography is ever-changing and this academically focused and refereed track for mathematicians and computer scientists offers presentations of the very latest papers about the science of cryptography.

dAtA Security & priVAcy[DSP] data Security covers strategies, practices, and technologies to classify, track and protect data. Sessions include data leakage prevention (dlp), database security, data classification, and new threats to sensitive data. privacy issues, big data trends, regulations and strategies are key to this track. related sessions include applied cryptography.

enterpriSe defenSe – [END] enterprise defense covers the policy, planning, and emerging areas of enterprise security architecture and strategy. this track includes advanced sessions on ways to protect corporate assets from unwanted intrusion, vulnerability research, forensics, security policies, security assessment, and bridges the disciplines of data security, network security, access control and threat management.

GoVernAnce, riSk & coMpliAnce[GRC] this track includes enterprise risk management, compliance and governance. Grc covers the creation and implementation of risk management frameworks as well as the quantification and management of risk. Sessions on governance cover communication and enforcement of policies and standards. compliance-related sessions will include standards such as pci, Sarbanes oxley, hipAA, GlBA and others.

hAckerS & threAtS[HT] & [HTA] hackers and threats sessions include discussions about the underground economy, advanced threats, new classes of vulnerabilities, exploitation techniques, reverse engineering and how to combat these problems. Sessions will include information sharing, threat intelligence and intelligence-driven security. the second track is technically advanced and will include live demos and code dissection.

huMAn eleMent – [HUM] the human element is a new frontier for security. this half track will cover insider threats, social networking, social engineering and security awareness programs. Sessions will explore how people make trust choices with technology, innovative ways to secure the human, and how classic attacks are being re-architected to include a human element.

identity & AcceSS MAnAGeMent – [IAM] this half track will cover the processes, technologies and policies for managing digital identities, their authentication, authorization, roles, and privileges/permissions within or across system and enterprise boundaries and controlling how identities can be used to access resources.

induStry expertS sponsored by

[EXP] listen to leading information security professionals talk about today’s most pressing matters.

lAW[LAW] Security and the battle for justice go hand-in-hand. topics in law range from unintended consequences due to legislation and legal rulings, to liability from negligence claims by private litigants.

MoBile Security[MBS] this track tackles the security of mobile devices in the enterprise. Sessions focus on managing employee-owned devices, smartphone/tablet security and mobile security policies. in this track you’ll find information on mobile malware, handling ediscovery on employee-owned devices, mobile application threats, managing consumerization, and emerging mobile threats to devices and workers.

policy & GoVernMent[PNG] cyber security is a major national and economic security issue. Governments worldwide are implementing strategies, policies and risk management processes that affect security professionals in the public/private sectors. this track includes legislation, military and law enforcement initiatives/coordination, Apts, active defense, critical infrastructure protection and the role of government.

profeSSionAl deVelopMent[PROF] professional development covers individuals’ technical and business/management training and career development, as well as staff and personnel management. This track is scheduled for Monday afternoon.

rSA conference Studio [STU] Become part of our studio audience for encore track sessions and exclusive content from some of our top speakers—see it live! note—no late arrivals or early departures permitted for these 20 minute sessions.

Security MAShup – [MASH] interesting speakers and sessions on a wide range of topics not found anywhere else during the week.

Security trendS & innoVAtion – [SECT] Security trends covers emerging technology/business trends with an emphasis on new developments and business environment impact. this half track includes non-implementation security issues, such as strategic trends and financing. it also contains forward-looking sessions that help organizations prepare for changes in the it security ecosystem.

SponSor SpeciAl topicS[SPO] listen to a spectrum of experts and security issues delivered and discussed by leading edge companies.

technoloGy infrAStructure[TECH] technology infrastructure covers network and endpoint security, idS/ipS and physical security. this track focuses on the core elements of security architecture. Many sessions are highly technical and dive deep into a particular area. these sessions will cover the latest trends and experiences in building systems that are resilient to attack.

Track Sessions – uncover a wealth of knowledge from varying perspectives and take away lessons during speaker and panel hosted sessions offered in both 20-minute and 60-minute formats.

Peer2Peer Sessions – interested in up-to-the minute information from your colleagues? p2p sessions enable groups of no more than 25 people that share a common interest to come together and productively explore a specific security topic.

Briefing Center – Get tactical help with the pressing challenges you face each day. technical experts present 30-minute demonstrations to help you make strategic plans and purchase decisions for your organization.

Encore Sessions – Missed that session earlier in the day? highly attended sessions will be repeated for those unable to attend the initial presentation.

Session Formats

–

MOnDAy, FEbRuARy 25

12:30 PM – 1:30 PM[PRoF] The Threat Horizon: The 2013 Global Information Security Workforce Study

1:40 PM – 2:40 PM[PRoF] Will They EVER ‘’Get’’ Security?

2:50 PM – 3:50 PM[PRoF] Information Security Certifications: Do They Still Provide Industry Value?

4:00 PM – 5:00 PM[PRoF] Security Leadership—Your Secret Weapon

TuESDAy, FEbRuARy 26

1:10 PM – 1:30 PM[StU] So You Want to be a Cyber Spook

1:10 PM – 2:10 PM[ASeC] Writing Applications that are Easier to Defend than Attack

[CiSo] I Was Blind, but now I See: CISOs Discuss Visibility with Big Data Security

[CRYP] Invited Talk I

[CSv] Cloudy with a Chance of Sploits

[DSP] 20 in 2013: The Top Privacy Issues to Watch

[eND] Are the 20 Critical Controls a new Standard of Due Care for Cybersecurity?

[exP] Replacing Security with TrustBruce Schneier, Chief Technology Security Officer, BT

[gRC] Extreme Cyber Scenario Planning & Fault Tree Analysis

[Ht] Combating the Insider Threat at the FBI: Real World Lessons Learned

[HtA] Malware Hunting with the Sysinternals Tools

[HUM] 7 Highly Effective Habits of a Security Awareness Program

[lAw] Hot Topics in Information Security Law 2013

[MBS] Mobile Risk Management: Enabling Enterprises to Use Consumer Devices & BYOD

[PNg] Cyber Battlefield: The Future of Conflict

[teCH] The Future of Endpoint Security

1:50 PM – 2:10 PM[StU] State of the Hack: M-Trends® 2012

2:30 PM – 2:50 PM[MASH] Exploding the Phone: The Story of the Teenagers & Outlaws Who Hacked Ma Bell

[MBS] Secure Mobile Solutions…The Handset and Beyond…

[PNg] Brain Drain: Solving the Cyber Talent Deficit Threatening Federal networks

[StU] Link by Link: Crafting the Attribution Chain

2:30 PM – 3:30 PM[ASeC] Application Security Response: When Hackers Come A-knockin

[CiSo] Mega-Trends in Information Risk Management for 2013 and Beyond: CISO Views

[CRYP] Side Channel Attacks I

[CSv] Virtualization and Private Cloud Risk Modeling

[DSP] The killer next Door—Devastating Impacts of Third Party Breaches

[eND] The Cyber Threat Landscape: new Themes in Prevention, Detection and Response

[gRC] Data Analysis and Visualization for Security Professionals

[Ht] Black Hat Budgeting: Raising the Cost of Compromise

[HtA] From the Drone Butcher’s Cookbook: Live Demo of a P2P Botnet Takeover

[HUM] How to Prevent End Users from Being Fooled by Social Engineering Attacks

[lAw] Do We Have the Authority? Legal Issues in Protecting Government networks

[teCH] Alternatives to Certification Authorities for a Secure Web

3:10 PM – 3:30 PM[MBS] Mobile Security Smackdown: How Government “Pwned” the Private Sector

[PNg] The Internet Health Model for Cyber Security

3:50 PM – 4:10 PM[MASH] Patching Stupidity

3:50 PM – 4:50 PM[ASeC] Making Rugged DevOps and Infosec Work

[CiSo] Getting to the Board Level: Evolving Security and Risk Management in FSIs

[CRYP] Digital Signatures I

[CSv] keys in the Clouds: key Management Strategies for the Hybrid Cloud

[DSP] Privacy Perspectives: Leveraging Data to Protect Data

[eND] Advancing the SOC: Agile, Intelligent and Context Aware

[exP] The Cyber Security Industry: Survival in the Age of Cyber Warfareeugene Kaspersky, CEO, kaspersky Lab

[gRC] Combatting next Generation Cyber Crimes: An ROI Paradigm Shift

[Ht] Cyber kill Chain: Applying IED Tradecraft to Counter APT

[HtA] Blackberry Pwnage—The Bluejay Strikes

[HUM] nonverbal Human Hacking

[MBS] BYOD: Here Today, Here to Stay?

[PNg] Relationship Issues: Privacy and Security—Can This Marriage Last?

[teCH] SCADA Protection for Critical Infrastructure— A Collaborative Approach

WEDnESDAy, FEbRuARy 27

8:00 AM – 8:20 AM[StU] Application Security Response: When Hackers Come A-knockin

8:00 AM – 9:00 AM[ASeC] Application Security Everywhere: Getting Over the Old and Making the new

[CiSo] Too Big to Fail: CISO Panel on Scaling Security in the Era of Big Data

[CRYP] Public-key Encryption I

[CSv] Cloud Assurance Frameworks—Which One’s Really Relevant?

[DSP] Less is More—PCI DSS Scoping Demystified

[eND] “Artificial Intelligence:” The Myth Surrounding Perimeter Defense

[exP] Hacking Exposed—EmbeddedStuart McClure, CEO/President, Cylance

[gRC] The Probability of Exploit: Predictive Analytics & Security Management

[Ht] We Were Hacked: Here’s What You Should know

[HtA] APTs by the Dozen—Dissecting Advanced Attacks from China

[HUM] Awareness Doesn’t Matter: A Behavior Design Approach to Securing Users

[lAw] Your Honor, it Was Self-Defense—a Mock Trial

[MBS] Mobile Digital Wallets: Lessons Learned, Risks and Opportunities

[PNg] nSTIC Report–Path from Cyber-Identity Puzzle to Interoperable ID Ecosystem

[teCH] Incident Response—How to Give the Advantage to the Hackers!

8:40 AM – 9:00 AM[StU] nonverbal Human Hacking

9:20 AM – 9:40 AM[StU] Virtualization and Private Cloud Risk Modeling

9:20 AM – 10:20 AM[ASeC] Software Security: A Waste of Time

[CiSo] Psychographics of the CISO

[CRYP] Cryptographic Protocols I

[CSv] How the Software Defined Datacenter is Turning Security on it Head

[DSP] nSA Suite B Crypto, keys, and Side Channel Attacks

[eND] Managing Daily Security Operations with Lean and kanban

[exP] The Five Most Dangerous new Attack Techniques and What’s Coming nextMODERATOR: Alan Paller, Director of Research, SAnS Institute; PAnELISTS: ed Skoudis, CEO, Counterhack; Johannes Ullrich, Chief Research Officer, SAnS Technology Institute

[gRC] Risk Management: How to Put Theory into Practice

[Ht] Highway to the Danger zone…Going Offensive…Legally

[HtA] Memory Forensics: Defeating Disk Encryption, Skilled Attackers and Malware

[HUM] Strange Bedfellows: Security & Marketing need to Combat Phishing Together

[lAw] Your Honor, it Was Self-Defense—a Panel Discussion

[MBS] Anatomy of iOS Apps

[PNg] Cyber Security & the American States: Threats, Challenges & the Way Forward

[teCH] IPv6 Vulnerability Management: From Theory to Reality

Track Sessions

Schedule subject to change. Visit www.rsaconference.com/join2013 for up-to-date information.

Access session details at www.rsaconference.com/navigator

10

Track Sessions – continued Access session details at www.rsaconference.com/navigator

Wednesday 10:00 AM – 10:20 AM[StU] The Cyber Threat Landscape: new Themes in Prevention, Detection and Response

10:40 AM – 11:00 AM[StU] Bringing Cyber Policy in Line with the new Economic and Technical Realities

10:40 AM – 11:40 AM[ASeC] libinjection: new Directions in SQLi Detection

[CiSo] Where the Streets Have no name: CISOs Paving the Path to a new C-Suite

[CRYP] Invited Talk II

[CSv] Get Off My Cloud: A Panel Discussion on Cloud Security from Cloud Providers

[DSP] Data Breach Law Update—Global Trends, Legal Complexities

[eND] The First 48: The Early Hours of Incident Response

[exP] Privacy: A Conversation with Facebook, Google, Microsoft & MozillaMODERATOR: trevor Hughes, President & CEO, International Association of Privacy Professionals; PAnELISTS: erin egan, Chief Privacy Officer, Facebook; Keith enright, Senior Privacy Counsel, Google; Alex Fowler, Chief Privacy Officer, Mozilla; Brendon lynch, Chief Privacy Officer, Microsoft

[gRC] Managing Enterprise Risk: Y U nO HAz METRICS?

[Ht] Shining Some Light into the Evolution of BlackHole

[HtA] Ransomware Attacks!

[HUM] Solving the Cyber Security Hiring Crisis—Hiring the Un-Hireable

[lAw] Tracking Employees via Mobile Devices—Legal... or not?

[MBS] Android Malware Exposed—An In-Depth Look at its Evolution

[PNg] Certification of Products or Accreditation of Organizations: Which to Do?

[teCH] Tactical Secops: A Guide to Precision Security Operations

1:00 PM – 1:20 PM[DSP] Sharing Indicators of Compromise: An Overview of Standards and Formats

[gRC] Why Companies Fail with Compliance Initiatives

[MBS] How to Safely Cross Borders with Computing Devices

[PNg] Chopping Up the Cloud: How Patchwork Data Rules Undercut the Global Market

[StU] Sorry? Who Did You Say You Were?—Exploiting Identity for Fun and Profit

1:00 PM – 2:00 PM[ASeC] SAST, DAST and Vulnerability Assessments, 1+1+1 = 4

[CiSo] Managing Security Risk: The CSO Panel

[CRYP] Secure Implementation Methods

[CSv] Legal and Technical Issues of Forensics in the Cloud: How to Prepare

[eND] Offensive Security: Hope or Hype?

[exP] Security Culture: Figuring Out How Bad Your Company Really Isira winkler, Chief Security Strategist, Codenomicon

[Ht] Getting Under the OS: How Real are Firmware Threats and What Can be Done?

[HtA] Global Vulnerability Analysis: One Year of Internet Scanning

[HUM] Mitigating the Top Human Risks

[lAw] Techno-Ethics for Lawyers—How Technology Complicates Ethical Compliance

[teCH] 50 Minutes Into the Future: Tomorrow’s Malware Threats

1:40 PM – 2:00 PM[DSP] Deployment Strategies for Effective Encryption

[gRC] Implicit Risk Management—When is “Good Enough” Sufficient?

[MBS] Why Your Organization needs a Travel Security Program and How to Build One

[PNg] Updating the Rules for Government Access to Your Cloud Data

[StU] nation-State Attacks on PkI

2:20 PM – 2:40 PM[MASH] Cyberpunk & Hacker Culture—From Fiction to Reality

[StU] Hacking Exposed—Embedded

3:00 PM – 3:20 PM[StU] Application Security Everywhere: Getting Over the Old and Making the new

3:40 PM – 4:00 PM[MASH] Cracking Cyber Stress: How to Stay Healthy at Work

[StU] We Were Hacked: Here’s What You Should know

ThuRSDAy, FEbRuARy 28

8:00 AM – 8:20 AM[iAM] Everything We’re Doing with Passwords is Wrong

[StU] 20 in 2013: The Top Privacy Issues to Watch

8:00 AM – 9:00 AM[ASeC] Who, What, Where and How: Five Big Questions in Mobile Security

[CRYP] Symmetric key Primitives I

[DSP] The Secret to Effective Cyber Threat Intelligence and Information Sharing

[eND] Hunting for Indicators of Compromise

[exP] Hacking Exposed: PLA EditionDmitri Alperovitch, Co-Founder & CTO, CrowdStrike; george Kurtz, President & CEO, CrowdStrike

[gRC] Evolving Security of Electronic Patient Data

[Ht] The Crossbill SpyEye Malware Investigation

[HtA] In the Hot Seat—Microsoft’s Response to the Flame Malware

[lAw] E-Discovery: Exploring the Rising Star on Your Risk Horizon

[MBS] Competing Visions: “Begun, the Mobile Security War Has”

[PNg] The Loophole: Federal Crimes not Being Addressed

[SeCt] Big Brother’s Greek Tragedy: State-Deployed Malware & Trojans

[teCH] Is a VDI Desktop More Secure Than a Standard Desktop?

8:40 AM – 9:00 AM[iAM] Crunching the Top 10,000 Websites’ Password Policies and Controls

[StU] Why Companies Fail with Compliance Initiatives

9:20 AM – 9:40 AM[PNg] Securing the Power Grid: Using A Cyber Security Capability Maturity Model

[StU] Implicit Risk Management—When is “Good Enough” Sufficient?

9:20 AM – 10:20 AM[ASeC] To the Cloud! Software Security Evolution at Adobe

[CRYP] Side Channel Attacks II

[DSP] SIEM and the Missing Part of the Jigsaw: Databases

[eND] Actionable Intelligence for the Enterprise

[exP] Software Defined (In)Security—Virtualization, Cloud & MobilityChris Hoff, Senior Director, Juniper networks; Rich Mogull, Analyst & Chief Executive Officer, Securosis

[gRC] Everything You Wanted to know About Cyber Insurance but Were Afraid to Ask

[Ht] Intriguing Insider Threat Cases—Make Sure This Doesn’t Happen to You!

[HtA] Embedded Systems Under Fire—Fault Injection on Secure Boot

[iAM] Emerging Conflicts in Identity Space

[lAw] Banking Fraud: Where is the Liability—With the Customer, Bank or Vendor?

[MBS] Mobile Security Battle Royale

[SeCt] The Future of Cyber Security: A Top Investor’s View

[teCH] DMARC One Year Later

10:00 AM – 10:20 AM[PNg] Fifteen Years of Being nervous: Securing U.S. Critical Infrastructure

10:40 AM – 11:00 AM[MBS] Who Owns the Data in Mobile Payments and Why that Matters

[StU] Life as a Target

10:40 AM – 11:40 AM[ASeC] Bug Parades, zombies and the BSIMM: A Decade of Software Security

[CRYP] Cryptographic Protocols II

[DSP] Microsoft Security Intelligence Report

[eND] Just In Time Security: Difficulty of Being Proactive in Cyber Environments

Schedule subject to change. Visit www.rsaconference.com/join2013 for up-to-date information.

Track Sessions – continued Access session details at www.rsaconference.com/navigator

Thursday 10:40 AM – 11:40 AM continued[gRC] Privacy Compliance and Oversight in the national Security Context

[Ht] Stock Exchanges in the Line of Fire—Morphology of Cyber Attacks

[iAM] Think a Password is Going to Protect You? Think Again.

[lAw] Cyber Attacks; The Call for Retaliation and the Legal Ramifications

[PNg] Cyber Security, Technology and Social networking in Crisis Management

[SeCt] Roadmap Toward a More Secure and Resilient Cyber Ecosystem

[teCH] The Cloud Ate My network! Security for Virtual networks

11:20 AM – 11:40 AM[MBS] Mobile Encryption: The Good, the Bad and the Broken

[StU] Everything We’re Doing with Passwords is Wrong

1:00 PM – 1:20 PM[ASeC] Github and Rails—Lessons to Learn from a Significant Exploit

[DSP] OASIS Privacy Management Reference Model (PMRM)

[eND] Special Operations Tactics Applied to BYOD Defense

[gRC] The Art of... Partnership?—Global Security Org Meets Local Business Unit

[Ht] GPU Assisted Password Attacks

[iAM] Rugged Identity Management—Avoiding Single Points of Failure

[MBS] Mobile Applications—The Vulnerability Tsunami is Coming

[PNg] FPkIMA: The Dial-Tone for FPkI

[SeCt] Infosec Intelligence and Regulatory Filings: Has It Made a Difference?

[StU] Who, What, Where and How: Five Big Questions in Mobile Security

1:00 PM – 2:00 PM[CRYP] Public-key Encryption II

[exP] Trojan Horse: The Widespread Use of International Cyber-Espionage as a WeaponMark Russinovich, Technical Fellow, Microsoft Windows Azure Group

[HtA] The Evolution of the zeroAccess Botnet

[lAw] Practical Advice for Cloud Forensics

[teCH] Upgrade to a Machine Gun—Automate Your Defenses

1:40 PM – 2:00 PM[ASeC] Is Your Design Leaking keys? Efficient Testing for Side-Channel Leakage

[DSP] Is a Privacy Compliant Public Cloud Solution an Oxymoron?

[eND] Advanced Malware Sinkholing

[gRC] Public vs. Private Sector: Funding a Successful Security Program

[Ht] The Security Threat to Smart Grid is Worse Than We Think

[iAM] When I need You to know Who I Am

[MASH] Life as Eminem’s Bodyguard.....

[MBS] Legal Aspects of Bring Your Own Devices

[PNg] Public Sector Identity: The Evolution of an Idea

[SeCt] Stateless Architecture for Smaller IT and Risk Footprint

[StU] SIEM and the Missing Part of the Jigsaw: Databases

2:20 PM – 2:40 PM[MASH] Privacy is not Dead, You Just need to Try Harder

[StU] Hacking Exposed: PLA Edition

3:00 PM – 3:20 PM[StU] To the Cloud! Software Security Evolution at Adobe

3:40 PM – 4:00 PM[StU] Intriguing Insider Threat Cases—Make Sure This Doesn’t Happen to You!

4:20 PM – 4:40 PM[StU] Bug Parades, zombies and the BSIMM: A Decade of Software Security

FRIDAy, MARCh 1

9:00 AM – 9:20 AM[MASH] Thin Slicing a Black Swan

[MBS] Mobile Devices as Attack Platforms

9:00 AM – 10:00 AM[ASeC] Using HTML5 WebSockets Securely

[CRYP] Identity-Based Encryption

[DSP] Big Data Calls for Big Security!

[eND] Corporate Espionage Via Mobile Compromise

[gRC] Control Quotient: Adaptive Strategies for Gracefully Losing Control

[Ht] Exploitation of Attackers’ PHP Systems

[HtA] The Lessons Learned from Cyber War Malware

[iAM] Trust Frameworks: Alternative Approaches to Achieve the Panacea

[lAw] Lawyers, Regs and Money: The Breach Has Hit the Fan

[PNg] Administration Cyber Security Priorities for Federal Information Systems

[SeCt] Living Below the Security Poverty Line: Coping Mechanisms

[teCH] Cracked SSL?

9:40 AM – 10:00 AM[MASH] Indian Airlines Flight 814—Hijack Mission Failed

[MBS] Mobile APT—How Rogue Base Stations Can Root Your Devices

10:20 AM – 10:40 AM[iAM] Adapting OAuth to the Enterprise

[PNg] Incident Scene Authorization using a Mobile Handheld Device

10:20 AM – 11:20 AM[ASeC] Why Haven’t We Stamped Out SQL Injection and xSS Yet?

[CRYP] Symmetric key Primitives II

[DSP] Data Breach Intelligence: Does History Always Repeat Itself?

[eND] Building Your Own Central Intelligence System in the Real World

[gRC] Cybersecurity SLAs: Managing Requirements at Arm’s Length

[Ht] Cyber Conflict & The People’s Republic of China

[HtA] Advanced Techniques for Registry Forensics: A Study of Three Scenarios

[lAw] How the Constitution Protects your Cell Phone and Laptop Encryption key

[MASH] Life as a Target

[MBS] BYOD: Productivity vs. Privacy—and at What Cost?

[SeCt] Is it Whack to Hack Back a Persistent Attack?

[teCH] The Layer-2 Insecurities of IPv6 and the Mitigation Techniques

11:00 AM – 11:20 AM[iAM] Standards-Based Secure Single Sign-On for native Mobile Applications

[PNg] 2012—The Year of Geolocation Privacy: Where are Law and Policy Headed?

11:40 AM – 12:00 PM[ASeC] Do Your Business Partners’ Web Sites Put You At Risk?

[DSP] What? Me, Worry? I’ve Already Been Hacked. Haven’t You?

[eND] Winchester House Security: Why Enterprise Security Architecture Matters

[gRC] Resolving The Security Risks Between Consumer Shadow IT And Enterprise IT

[Ht] Taking Down The World’s Largest Botnets

[HtA] Hacking Oauth 2.0 : Avoiding Security Pitfalls In Your Deployment

[iAM] Integrating OpenStack’s keystone Service with an Access Management System

[lAw] Computer Crime Law: Recent Developments

[MBS] Mobile Virtualization: The Cure for BYOD or a Pipe Dream

[PNg] Waiter, There’s a Fly in My Code

[MASH] I, (Mr. Techie) got the CISO Job!: Should I prepare 3 envelopes?

[SeCt] Riot Control…The Art of Managing Risk and the Internet Of Things (RIOT)

[teCH] Why is SCADA Security an Uphill Battle?

SPOnSOR SPECIAl TOPICSnCircle: How Organization Embedded Risk Scoring Improves Corporate Security DnA

Sophos: Will you ever be able to trust social networks?

teletrust – it Security Association germany: new German BYOD Security and Infrastructure Solutions

websense inc.: The Future of Mass Mobile Threats—Coming to a Phone near You?

Schedule subject to change. Visit www.rsaconference.com/join2013 for up-to-date information.

Expo

3M6WInDAccellion, Inc.AccelOpsAccolade TechnologyAccuvantAdvantechAgency for Science, Technology and Research (A*STAR)AgilianceAhnLabAirWatchAkamai technologies, inc.Alert LogicAlgoSecAlienVaultAllegro Software Development CorporationAlta Associates Inc.AMAx Information TechnologiesAmerican national Standards Institute (AnSI)American Portwell Technology, Inc.Anonymizer, Inc.APCOn, Inc.Application Security, Inc.AppRiverAppthorityArbor networksArmorize Technologies Inc.Arxan TechnologiesAT&TAttachmateAUCOnET, Inc. AuthentiDate International AGAuthentify, Inc.

Authernative, Inc.AveksaAxiomtekAxwayBarracuda networksBear Data SolutionsBeCryptBehaviosecBeijing Antiy Labs Beijing Heshengda Information Security Technology Co., Ltd. Beijing Leadsec Technology Co., Ltd. Beijing QIHU Technology Co., Ltd. Beijing Topsec Science & Technology Co., Ltd Beijing Venustech-Cybervision Co., Ltd Beijing zhongguancun Overseas Science ParkBeyondTrust SoftwareBit9, Inc.BitdefenderBlue Coat SystemsBluePoint SecurityBradford networksBrinqaBroadweb C4ISR JournalCA technologiesCelestix networksCenterTools Software GmbHCentrify CorporationCheck Point Software technologiesCheckmarxCHERRYCigitalCisco

Clearswift CorporationClick Security Cloud Security AllianceCloudLockCollective Software, LLCCommtouchComodo Group Inc.Core Security TechnologiesCoreTrace CorporationCORISECIO GmbHCOSEInCCounterTackCoverity, Inc.Covisint, a Compuware CompanyCritical WatchCryptography Research, Inc.Cryptomathic, Inc.cv cryptovision gmbHCyberaCyber-Ark Software, Inc.CyberMarylandCYBEROAMCyberSponse, Inc. Cybertap LLCCypherbridge Systems LLCDamballaDaoliCloud Information Technology (Beijing) Co., LTD. DB networksDBAPP Security Ltd.Dell SecureworksDevice LockDHS/national Cyber Security DivisionDiebold, Inc.Digital Defense, Inc.DriveSavers Data RecoveryEasy Solutions, Inceco e.V. Verband der deutschen Internetwirtschafteleven GmbHEndgame SystemsEnforciveEnterprise IrelandEnTERSEkT (Pty) Ltd.entrustEquifaxeSet, llCF5 networksFaronics Technologies, Inc.Fasoo.com

Federal Bureau of InvestigationFederal Reserve Bank of San FranciscoFEITIAn Technologies Co., Ltd. Fireeye, inc.FireHost Inc.FireMonForeScout Technologies, Inc.FortinetFox Technologies, Inc.Freescale Semiconductor Inc.FuturexGarner ProductsGerman Pavilion GFI SoftwareGigamon LLCGlimmerglass Optical Cyber SolutionsGlobal knowledge TrainingGlobalSCAPEGlobalSignGood TechnologyGreenSQL Ltd.Guardian AnalyticsGuidance Software, Inc.Gurucul SolutionsGWAVA TechnologiesHBGary, Inc.HID GlobalHitachi ID Systems, IncHOB GmbH CoHPHuawei Digital Technologies (Hong kong) Co., Ltd.HyTrustIBM CorporationiBoss SecurityIdentity Finder, LLCIEEE Computer SocietyImationImperva Inc.Infineon Technologies AGInfobloxInfoExpress, Inc.InfoGardInformatica CorporationInformation networking Institute – Carnegie MellonInformation Systems Security Association (ISSA) InfoSecurity MagazineIntel

Interface Masters TechnologiesInternational Association of Privacy Professionals (IAPP) IOActive, IncIpswitch File TransferIronkey, Inc.it-sa – The IT-Security Expo ITACitWatch GmbHIxIAJiransoft Inc.Juniper Networkskaspersky Labkey Source Internationalkeypasco ABkingsoft klocworkLancopeLanner Electronics IncLegendsec Information Technology(BeiJing) Inc. Lieberman Software CorporationLinoma SoftwareLionic Inc.LJ kushner & Associates, LLCLockheed MartinLogLogicLogRhythmLumension Lynux WorksMAnDIAnTMBx SystemsMcAfee an intel CompanyMessageware, Inc.MetaforicMetricStreamMicrosoft CorporationMirageWorks Inc.MITREMobileIron, Inc.Mocana CorporationModuloMotorola SolutionsMykonos SoftwareMyricom, Inc.mySecure Delivery LLCnagraID SecuritynapatechNarus, inc.national Institute of Standards and TechnologynCircle

TechGuard SecurityTeleSign Corporationteletrust – it Security Association germany Tenable network Security, Inc.Thales e-SecurityThreatMetrix, Inc.Thycotic Software Ltd.Tilera CorporationtitUSTraceSecurity, Inc.trend Micro incorporatedtripwire, inc.trustwaveTufin TechnologiesTÜV Informationstechnik GmbHUnisysUniversity of DenverUniversity of Maryland University CollegeVASCO Data Securityvenafi, inc.veracode, inc.Verdasys, Inc.verizonViewfinityVineyard networksVisible StatementV-key Pte LtdVMware Voltage SecurityVormetric, Inc.VSS Monitoring, Inc.WatchGuard Technologies, Inc.Wave Systems Corp.Webroot Software, Inc.websense inc.Wombat Security Technologies, Inc.WWPass CorporationyaSSL.comzenprise, Inc.zix Corporationzscaler, Inc.

now located in two halls, the Expo is bigger and better to accommodate all of the top security technologies and innovative solutions you need for your organization! here is a sampling of the companies you can expect to see in the Expo at RSA® Conference 2013.

nEInet IQnet Optics, Inc.nETGEAR, Inc.netronomenetScoutneusoft Corporation new Horizons Computer Learning CentersnexcomniometricsnopSec, Inc.norman ASAnSAnSFOCUSnSS Labs, Inc.nuCaptchanxP SemiconductorsOASIS Interoperability DemonstrationOATHOberthur TechnologiesOkta, Inc.Onapsis S.R.LOneLogin, Inc.Ontario Canada DelegationOPSWAT, Inc.OraclePalo Alto networksPatriot TechnologiesPerimeter E-SecurityPerspecSys Inc.PhishMe, Inc.PhishnixPhoneFactorPindrop SecurityPing Identity CorporationPistolStar, Inc.PointSharp ABPortcullis Inc.Premio, Inc.PrivateCore IncProlexic TechnologiesProofPoint, Inc.Protected-networks.com GmbHPwnie ExpressQGroup GmbHQosmosQualys, inc.Quest SoftwareQuintessenceLabsRadiant Logic, Inc.Radware, Inc.

Exhibitor list current as of 11/20/12.

RSA® Conference 2013 sponsors are indicated in bold.

Rapid7RedSeal Networks, incResearch Center of Web Data Science & Engineering, Institute of Computing Technology Research in MotionRohde & Schwarz SIT GmbHRSA, the Security Division of eMCRSAMSafeNet, inc.SAICSAnS/GIAC/STISECnology, Inc.secunet Security networks AGSecuniaSecure Commerce Systems, IncSecureAuth CorporationSecurity MentorSecuronix LLCSecuTech Solutions PTY LTDSenSage Inc.Shenzhen nORCO Intelligent Technology Co., Ltd.Sims Recycling SolutionsSirrix AG security technologiesSkybox Security, Inc.SmartDisplayer TechnologySoftware Engineering InstituteSolarflareSolera networksSolutionary, Inc.SonicWALL, Inc.SophosSourcefire, Inc.SparkWeave, LLC.Splunk inc.SPYRUS, IncSSH Communications SecurityStealthbits Technologies, Inc.Stonesoft Inc.StrikeForce Technologies, Inc.StrongAuth, Inc.Symantec CorporationSymplifiedSynerCom IncSYPRIS Europe ApsSYSMATE

Sponsors We thank this year’s sponsors for their support.

global Diamond Sponsors

Platinum Sponsors

Silver Sponsors

Platinum Media Sponsors

Silver Media Sponsorsglobal Education Sponsor

Association Sponsors

Education Sponsor

global Association Sponsors

gold Media Sponsors

gold Sponsors

global Platinum Sponsors global gold Sponsors

©2013 EMC Corporation. All rights reserved. EMC, RSA, the RSA logo and the RSA Conference logo are registered trademarks of EMC Corporation in the United States and/or other countries. All other marks are trademarks of their respective companies.

FierceCIOTHE EXECUTIVE IT MANAGEMENT BRIEFING

GROUP DISCOUnTSDelegate group Discounts Available if your company purchases five (5) or more Delegate registration passes at the same time.

GOVERnMEnT DISCOUnTSgovernment Discounts Available for current full-time employees of U.S. federal, state or local government agencies and current full-time employees of international government agencies.

See the Rates & Packages page on the website for more details: www.rsaconference.com/join2013

REGISTRATIOn PACkAGES & RATESDISCOunT

By January 25, 2013 11:59 PM PST

STAnDARDJanuary 26, 2013

and after

Delegate Pass $1,895 $2,295

Delegate 1-Day Pass (Tuesday, Wednesday, Thursday or Friday) $995 $995

Delegate Academic/Student Pass $695 $695

Expo Plus Pass (Limited Quantities Available) $495 $595

Expo Pass $75 $100

SAnS Tutorials (Sunday & Monday) $2,045 $2,045

Codebreakers Bash Guest Ticket (Limited Quantities Available) $150 $150

Welcome Reception Guest Ticket (Limited Quantities Available) $90 $90

PHOTO ID WILL BE REQUIRED AT CHECk-In TO PICk UP YOUR BADGE.

Registering for RSA Conference 2013 is simple! Just go to www.rsaconference.com/join2013 and click on Register Now.

Register by January 25 to save $400 off your full Delegate Pass!

ACCESS by bADgE TyPE Delegate expo Plus expo SANS

tutorialsMoNDAY eveNtSASSOCIATIOn EVEnTS (CSA, (ISC)2, OSWAP, TCG) 3 3 3 3InnOVATIOn SAnDBOx 3 3ORIEnTATIOn 3PROFESSIOnAL DEVELOPMEnT TRACk SESSIOnS

3 u

RSA COnFEREnCE MOnDAY SEMInARS 3WELCOME RECEPTIOn 3 3KeYNoteS & SeSSioNSASSOCIATIOn SPECIAL TOPICS 3* 3 3 3EnCORE SESSIOnS 3* u

kEYnOTES: TUESDAY 3* 3kEYnOTES: WEDnESDAY – FRIDAY 3 3 3 3PEER2PEER SESSIOnS 3*SECURITY MASHUP 3* 3 3 3SPOnSOR SPECIAL TOPICS 3* 3 3 3TRACk SESSIOnS 3* uexPoExPO ACCESS: TUESDAY – THURSDAY 3* 3 3 3BRIEFInG CEnTER 3* 3 3 3ExPO PUB CRAWL 3* 3 3 3SPeCiAl eveNtS

CODEBREAkERS BASH 3*DInnER FOR 6 3 3 3 3FLASH TALkS POWERED BY PECHAkUCHA 3 3 3 3geNeRAlCOnFEREnCE MATERIALS 3COnTInEnTAL BREAkFAST 3*

SHUTTLE SERVICE 3 3 3 3WIRELESS nETWORk 3 3 3 33 Included in badge type.

* For Delegate One-Day Pass, these sessions are available for day of admittance only.

u One Conference session of choice, to be selected among all Track Sessions (including Professional Development Track and Encore Sessions)

COnTInUInG EDUCATIOn CREDITSRSA Conference 2013 has partnerships with a number of security organizations offering Continuing Education Credits to Delegates (if you attend Conference sessions) and other benefits. See the CE Credits page on the website for detailed information: www.rsaconference.com/join2013

BOOk YOUR HOTEL & SAVE!RSA Conference has secured special discount rates at participating hotels for our 2013 attendees. Please go to www.rsaconference.com/join2013 and click on Travel & Hotels to view a list of available hotels.

After registration, you can proceed to the hotel booking pages to place your hotel reservations.

FOR MORE InFORMATIOnPlease call toll-free 1-866-397-5093 (+1-801-523-6530 from outside the USA or Canada), or send an email to rsaconferencehelp@rsaconference.com.

To manage your RSA Conference mailing or email preferences, please go to www.rsaconference.com/preferences.

All information herein is subject to change. The views expressed by any Conference attendee, speaker, exhibitor or sponsor are not necessarily those of RSA. All Conference attendees, speakers, exhibitors and sponsors are solely responsible for the content of any and all individual or corporation presentations, marketing collateral, advertising and online web content.

4