RSA provides great opportunities for the CISO to learn in a compressed and diverse way to help further the implementation and management of their IT Security Programs.
My goal this year was to look for guidance that didn’t focus on the old view of aligning the IT Security Program with the business.
Mostly this message had the IT Security Program engaging in technical security with a goal of not upsetting business leaders. I was looking for sessions that focused on the IT Security Program as a true part of the business.
By this I mean that the IT Security Program is part of delivering on the goals of the company. In this way, the IT Security Program would provide enterprise services that support and enhance the company’s ability to meet its mission and remain profitable.
Two great examples where the below tracks:
These two sessions consumed most of the day on Monday and were worth the time. The presenters provided real world and highly actionable security program guidance. They had knowledge to impart about technical security; however, that was not their focus.
Most of the instruction given had to do with understanding your company’s goals, making sure that your IT Security Program is delivering on these goals, and ensuring that the listener had examples of accurately articulating the IT Security Programs success to the business.
My advice to CISOs attending in the future:
Take advantage of one-on-one meeting opportunities with vendors that align with your mission. Vendors send large portions of their management and technical leadership to RSA. This allows you to have the people you really need in the room to get questions answered. Also, if a vendor wants you to meet their CISO or CIO take advantage of it. This gives you an opportunity to ask the — what worked for you questions.
Take advantage of the CISO roundtable sessions when they become available. I participated in two separate after-hour sessions: one covered endpoint protection and the other addressed third party risk management.
Both sessions where delivered in a very professional manner and the content came from the interaction with other CISO’s rather than speakers at the front of a room. This was valuable due to the diversity of the industry’s that were in attendance.
It is also valuable to hit the expo floor and visit the vendors. RSA gives a great opportunity to visit vendor booths and hear about new technologies. You could easily spend all week on the expo floor if you are not careful.
Make sure you have a plan and know where the vendors you want to visit are located. This will enable you to make the most of your vendor engagement while still taking advantage of the rest of the conference.