Observations from RSA Conference, 2019

Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

Last week, the 2019 RSA Conference was held with typical energy and exuberance in San Francisco. One of the largest cybersecurity industry conferences, it had over 700 exhibiting vendors (not including another 50 in their Early Stage Expo area) and over 500 sessions covering a wide range of current topics in the cybersecurity field. Keynote speakers included industry leaders and government officials such as Christopher Wray, Director of the FBI, and General Paul Nakasone, Commander of US Cyber Command and Director of the NSA.

Just prior to the official start of the Conference, the Cloud Security Alliance Summit took place on March 4th. Celebrating its tenth anniversary, the CSA Summit held a wide range of presentations and panel discussions reflecting upon the progress that has taken place since its inaugural show – including multiple success stories dealing with cloud migrations – and the challenges that still remain. Privacy issues and their ramifications, such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act, were discussed by speakers and attendees. Coalfire’s Kurt Hagerman (CxO Advisor) participated in a panel discussion called “Ten Years in Cloud: An Observation of Success” in the morning sessions. The panel discussed the advantages cloud services provide and some initiatives that are shaping the future of cloud computing.

A key component of the RSA Conference was the track sessions. Organized into 25 tracks covering broad topics such as Cloud Security & Virtualization, Governance, Risk & Compliance, Blockchain & Applied Crypto, Machine Learning & Artificial Intelligence, Mobile & IoT Security, and more, the track sessions provided attendees with the opportunity to explore the cutting edge of cybersecurity. Complementing the track sessions was the RSAC Sandbox, which gives attendees hands-on experiences with and live demonstrations of tools and techniques to secure Industrial Control Systems, the Internet of Things, and wireless technologies.

Cloud services received a lot of attention throughout the conference. In addition to the CSA Summit and the Cloud Security & Virtualization track, there were several live-streaming events. Tom McAndrew, CEO of Coalfire, participated in a live-streamed webinar called “Managing Security for the Multi-Cloud” on March 6. The webinar participants represented decades of IT and cloud experience—it was chaired by Dave Klein, director of Architecture and Engineering, Guardicore, and included co-panelists Praveen Jain, Chief Technology Officer, Cavirin, and Tim Woods, VP of Technology Alliances, FireMon. The panel discussed the drivers behind the multi-cloud trend, mistakes companies make when moving to the cloud, and challenges to properly securing multi-cloud deployments. While more customers are finding efficiency, availability, and cost advantages in the cloud, security is challenged by a number of factors. These include an increasingly complex shared responsibility model (which is compounded when enterprises have multiple provider environments); taking a “lift and shift” approach—moving their current non-cloud-based approaches “as is” into a cloud environment, which is likely to fail; managing access to data; and even understanding what data they have and its criticality so it can be properly protected. The panel agreed it’s essential for organizations to understand the skills of their technical teams before choosing platforms and assuring that all appropriate parties are in the development process early, including DevOps, Security, and Compliance staff.

RSA continues to be one of the most informative and expansive cybersecurity shows in the industry. In addition to our thought leadership at the show, Coalfire appreciated the opportunity to act as co-host in the Cloud Security Alliance booth for a day (as we value our relationship with this top-notch organization!) and host an exclusive customer luncheon for C-suite leaders at top enterprises, focused on 5G and emerging technology. We are already looking forward to RSA 2020!

Bob Post


Bob Post — Senior Practice Director, Cyber Risk Advisory, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS