Last week at the RSA Conference I had the opportunity to attend the “Mobile Security Battle Royale“, featuring a great panel of experts on mobile phone security. Moderated by Zach Lanier, the panel featured Tiago Assumpção and Collin Mulliner paired off against Charlie Miller and Dino Dai Zovi (co-authors of iOS Hacker’s Handbook).  As many great panels typically do, this panel featured no slides and no set talking points. Instead, Zach asked the panel some great questions to just get the ball rolling, and the panel started firing off great quotes left and right. I got busy live-tweeting the session and got (and re-tweeted) a few great quotes from many of the panel members which I have embedded below. One of the recurring themes was “which is[…]

At the RSA Conference today, I attended an excellent panel discussion titled Y U NO HAZ METRICS? The speakers were David Mortman, Jack Jones, Alex Hutton, and Caroline Wong, and the panel was was moderated by John Johnson. The panel discussed risk management more than they discussed specific metrics, which was slightly different than what I expected. However, the panel surpassed my expectations. A commenter towards the end of the session made an analogy which I thought was a good one. He said that risk management is like risotto. It has three basic ingredients, and you put them together and adjust the balance until it tastes good to you. In other words, no two risottos (or risk management programs) will[…]

This morning, the 2013 RSA Conference truly got kicked off. Conference attendees gathered by the thousands into the main keynote hall at the Moscone Center in San Francisco. First up was a rousing set of Queen hits by a Queen tribute band. Unlike past years where a popular song is performed using primarily security-related lyrics, this year the music stayed mostly true to form. “We Will Rock You”, “We Are The Champions”, and “This Thing Called Love” were performed, and only a few lines at the very end of the last number were changed to security-related lyrics. The lead singer of the tribute band (The Queen Extravaganza) was quite good! Art Coviello, Executive Chairman of RSA followed the band and[…]

Chances are, if you read 10 articles or blog posts about the 2010 RSA conference, you will hear the term “cloud computing” ten times. The cloud was clearly the dominant theme of most of the presentations, product demonstrations, and discussions which took place at the Moscone Center in the first week of March 2010. However, another theme was nearly equally present in presentations and discussions: Cybercrime.

As I mentioned in an earlier post, the 2010 RSA Conference Keynote addresses have been posted online and I’m linking some of my favorites from the 2010 conference. You can view an interactive webcast, view the video, or even listen/download audio-only podcasts of the keynote presentations. It is often hard to follow the keynotes in the first day, so I’m just going to mention the highlights from the rest of the week. Tuesday’s keynote by Philippe Courtot, Chairman & CEO of Qualys was a pretty good one, and should have been given prior to some of the other keynotes since it provided a bit of a primer on cloud computing. He discusses some basics around cloud computing and what it[…]

I’ll be attending the 2009 RSA Conference next week.  I will likely write one or more blog posts while there, so stay tuned. I also plan to use twitter to post interesting things I come across while there.  The following link will let you see all posts by @geminisecurity and/or @pmhesse with the RSA conference hashtag: I look forward to connecting with some of you out west. Drop me a line if you have got a few minutes to chat.