Register Now! www.rsaconference.com/change2015

FOLLOW US ON: #RSAC

DISCOVERnew ways

to innovate

ACCESSthe latest security

technology

BUILDyour professional

network

Save $400on your Full Conference Pass! Discount ends March 20!

We invite you to join us at the foremost security industry Conference—RSA® Conference 2015. With so many IT professionals coming together under one roof, we’ll get the chance to challenge today’s security thinking together and explore innovative ways to respond to cyber incidents.

RSA® Conference is the world’s largest global security event, offering a comprehensive platform for sharing intelligence, sparking innovation and encouraging collaboration.

Join us for engaging track sessions and tutorials. Vote for your favorite submission to be presented in our newly offered Crowdsourced track and experience the new Learning Labs. Gain valuable insights from our impressive lineup of keynote speakers. Attend the RSA®C Innovation Sandbox Contest which recognizes the most innovative information security company and participate in experiential learning opportunities in The Sandbox. Learn from security experts in the RSA®C Studio sessions streamed live over RSA®C TV. See the challenges kids face online and volunteer to make a difference at the RSA®C Cyber Safety: Kids exhibit in Moscone West, presented in partnership with the Tech Museum of Innovation. And so much more…

Let’s challenge today’s security thinking together and discover new ways to secure our digital future.

Sincerely,

Linda Gray General Manager RSA Conference

The theme for RSA Conference 2015—CHANGE—is a timely reminder that your success is based on your ability to keep up with a dynamic cyber security environment. Join a diverse range of security professionals from around the world and expand your perspective in the information security realm.

Experience five energizing, empowering and enjoyable days with the best and the brightest in the field:

> Energizing• The Sandbox featuring the Innovation Sandbox Contest

• RSAC TV

• Peer2Peer Sessions

23 tracksincluding 3 new ones!

350+ sessionsincluding 12 sessions

“crowdsourced” by Conference attendees

400+ exhibitorsin two

Expo halls

Plus, all the great social and networking opportunities like the Welcome Reception, Dinner for 6, and #RSAC Social Lounge!

> Empowering• SANS NetWars Learning Scenarios• (ISC)2® Half Day CBK® Training Seminars for CSSLP® & CISSP-ISSMP®• RSAC Cyber Safety: Kids and Cyber Safety Village exhibit, presented in partnership with the Tech Museum of Innovation• I’m in, R U? Join the RSAC Cyber Safety: Kids campaign

> Enjoyable• The Viewing Point• South Expo Hall Pub Crawl• Codebreakers Bash

Be sure to register by March 20 to take advantage of $400 in savings on a Full Conference Pass!

Register Now!

This year’s Conference offers:

Be sure to register by March 20 to take advantage of $400 in savings on a Full Conference Pass!

† Tutorials & Trainings are offered for an additional fee * Open to Full Conference Registrants only ** Open to Full Conference, Explorer Expo Plus and Explorer Expo Registrants only *** On Tuesday morning, RSAC TV is restricted to Full Conference and Explorer Expo Plus Pass holders only. Access for Explorer Expo Pass holders starts after 12:10 PM.

Agenda At A Glance8:00 AM 9:00 AM 10:00 AM 11:00 AM 12:00 PM 1:00 PM 2:00 PM 3:00 PM 4:00 PM 5:00 PM 6:00 PM 7:00 PM 8:00 PM 9:00 PM

8:00 AM 9:00 AM 10:00 AM 11:00 AM 12:00 PM 1:00 PM 2:00 PM 3:00 PM 4:00 PM 5:00 PM 6:00 PM 7:00 PM 8:00 PM 9:00 PM

SUNDAYApril 19

MONDAYApril 20

TUESDAYApril 21

WEDNESDAYApril 22

THURSDAYApril 23

FRIDAYApril 24

Tutorials & Trainings†

Tutorials & Trainings†

RSAC TV***

The Sandbox Beer Camp

NetWars

NetWarsRSAC TV

The Sandbox

RSAC TV

The Sandbox

Seminars* (Full Conference attendees only)

(ISC)2 Seminars

Peer2Peer Sessions*

Crowdsourced Sessions

Learning Labs*

Expo

Peer2Peer Sessions*

Crowdsourced Sessions

Peer2Peer Sessions*

Crowdsourced Sessions

Learning Labs*

Codebreakers Bash

Innovation Sandbox**

Welcome Reception

Track Sessions*Keynotes**

Dinner for 6

Dinner for 6

KeynotesTrack Sessions*

KeynotesTrack Sessions*

KeynotesTrack Sessions*

Tutorials/trainings/seminarsKeynotesSessionsExpoSpecial Events

LEGEND:

Expo

Expo

South ExpoPub Crawl

Track Sessions* Track Sessions*

Seminars (all badge types)

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates. 3#RSAC

#RSAC

SCOTT CHARNEYCorporate Vice President, Trustworthy Computing, Microsoft

Scott Charney is Corporate Vice President for Microsoft’s Trustworthy Computing Group, where he helps ensure the company’s products and services comply with security and privacy standards. Charney also leads Microsoft’s engagements with governments, partners and customers on security and privacy issues. Before joining Microsoft in 2002, he led PricewaterhouseCoopers’ Cybercrime Prevention and Response Practice and served as Chief of the Computer Crime and Intellectual Property Section at the U.S. Department of Justice. He serves on the U.S. President’s National Security and Telecommunications Advisory Committee and was a Co-chair of the Center for Strategic and International Studies nonpartisan Commission on Cybersecurity. Charney holds degrees in history, English and law.

AMIT CHATTERJEEExecutive Vice President, Enterprise Solutions and Technology Group, CA Technologies

Amit Chatterjee joined CA Technologies as Executive Vice President, Enterprise Solutions and Technology Group in May 2014. He is responsible for strategy and execution across the full portfolio of enterprise businesses, from development to commercialization. His mandate is to drive growth in the DevOps, Management Cloud and Security portfolios by fueling competitive innovation and relentless execution, building and bringing to market differentiated solutions and strengthening the overall CA portfolio to serve customers worldwide. Chatterjee is an innovator, business builder and executive who has founded, built and matured a number of successful start-ups in high growth markets, including one from bootstrap to public company. Chatterjee attended UC Berkeley and Stanford University.

ZAK EBRAHIMAuthor, The Terrorist’s Son: A Story of Choice; Nonviolence Advocate and Lecturer

Zak Ebrahim was born in Pittsburgh, Pennsylvania, on March 24, 1983, the son of an Egyptian industrial engineer and an American school teacher. When Ebrahim was seven, his father shot and killed the founder of the Jewish Defense League, Rabbi Meir Kahane. From behind bars, his father, El-Sayyid Nosair, co-masterminded the 1993 bombing of the World Trade Center. Ebrahim spent the rest of his childhood moving from city to city, hiding his identity from those who knew of his father. He now dedicates his life to speaking out against terrorism and spreading his message of peace and nonviolence.

Keynote SpeakersART GILLILANDSenior Vice President & General Manager of Software Enterprise Security Products, Hewlett-Packard

Art Gilliland is Senior Vice President of Hewlett-Packard Software Enterprise Security Products. In this role, he leads Hewlett-Packard’s software security solutions and services teams to help enterprise customers manage risk and compliance. A 15-year veteran of the enterprise security industry, Gilliland joined Hewlett-Packard from Symantec where he served as a Senior Vice President of the Information Security Group. Prior to Symantec, he held executive roles at IMlogic, Exchange Solutions, Inc., and Gemini Consulting. Gilliland earned a bachelor’s degree in economics from Carleton College and an MBA from the Harvard Business School. Recognized as an information security expert, he holds several patents in security and is a Certified Information Systems Security Professional (CISSP). He is based in Sunnyvale, California.

DORIS KEARNS GOODWINWorld-renowned Presidential Historian and Pulitzer Prize-winning Author

Doris Kearns Goodwin is a Pulitzer Prize-winning author. Goodwin is the author of six New York Times best-selling books, including her most recent, The Bully Pulpit: Theodore Roosevelt, William Howard Taft, and the Golden Age of Journalism. Goodwin has served as a consultant and has been interviewed extensively for PBS and the History Channel’s documentaries on LBJ, the Kennedy family, Franklin Roosevelt, Abraham and Mary Lincoln and Ken Burns’ The History of Baseball and The Civil War. Goodwin earned a Ph.D. in government from Harvard University, where she taught government, including a course on the American presidency. She served as an assistant to President Lyndon Johnson in his last year in the White House and later assisted President Johnson in the preparation of his memoirs.

CHRISTOFER HOFFVice President and Security Chief Technology Officer, Juniper Networks

Christofer Hoff has more than 20 years experience in high-profile global roles in network and information security architecture, engineering, operations and management. In previous roles, Hoff has served as Vice President of Strategic Planning and the Technical Marketing Engineering team and as Global Chief Security Architect of the Advanced Technology Team at Juniper Networks. As Director of Cloud & Virtualization Solutions at Cisco Systems, he focused on virtualization and cloud computing security, spending most of his time interacting with global enterprises and service providers, governments, and the defense and intelligence communities. Hoff is a founding member of and technical advisor to the Cloud Security Alliance, as well as founder of the CloudAudit project and the HacKid conference and blogs at www.rationalsurvivability.com/blog.

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates.4

THE CRYPTOGRAPHERS’ PANELModerated by Paul Kocher, President and Chief Scientist, Cryptography Research, Inc.

Join the founders and leaders of the field for an engaging discussion about the latest advances and revelations in cryptography, including research areas to watch in 2015 and insights drawn from lessons learned over the last three decades.

AMIT MITALExecutive Vice President, Emerging Endpoints and Chief Technology Officer, Symantec

As Chief Technology Officer and Emerging Products Leader, Amit Mital drives the company’s technology strategy with a focus on accelerating innovation, product development and research and development, as well as leading Symantec’s strategy and product development for Emerging Endpoints. Mital joined Symantec after 20 years with Microsoft, most recently as the Corporate Vice President for the Startup Business Group, where he was responsible for managing strategic product development along with identifying and executing new innovation opportunities. He holds 43 patents and is an innovator in several technologies that align with Symantec’s business, including machine learning, big data and high-scale web and cloud services. Mital holds an M.S. in engineering from the Thayer School of Engineering at Dartmouth College.

DIANA NYADWorld Record Holder and Legendary Swimmer

At the age of 64, in her fifth attempt, Diana Nyad fulfilled her lifelong dream of swimming the 110 miles from Cuba to Florida on September 2, 2013. Upon completing her grueling 53-hour journey, Nyad had three messages for the world: “One is we should never ever give up. Two is you are never too old to chase your dreams. And three is it looks like a solitary sport but it takes a team.”

In the 1970s, Nyad was the greatest long-distance swimmer in the world. Her world records include circling Manhattan Island and crossing the 102.5 miles between the Bahamas and Florida, and have led to inductions to many halls of fame, such as the International Women’s Sports Hall of Fame.

As a prominent sports broadcaster, Nyad filed reports for NPR, ABC Sports, Fox Sports and the New York Times.

MARTIN ROESCHVice President and Chief Architect, Cisco Security Business Group

Martin Roesch is Vice President and Chief Architect for Cisco’s Security Business Group. Roesch is responsible for shaping the technology strategy and design of the company’s security portfolio. He joined Cisco through the acquisition of Sourcefire, which he founded in 2001. A respected authority on intrusion prevention and detection technology and forensics, Roesch is the

author and lead developer of the Snort® Intrusion Prevention and Detection System (www.snort.org) that forms the foundation for Next-Generation IPS. He has received many awards for his innovation and vision. Most recently, Roesch was selected as one of the Top 25 Disrupters of 2013 by CRN Magazine and one of eWeek’s Top 100 Most Influential People in IT.

HUGH THOMPSONProgram Committee Chairman, RSA Conference

Dr. Herbert (Hugh) Thompson is Program Chair for RSA Conference and a world-renowned expert on IT security. Thompson has co-authored several books on the topic and has written more than 80 academic and industrial publications on security. In 2006, he was named one of the “Top 5 Most Influential Thinkers in IT Security” by SC Magazine and has been interviewed by top news organizations including the BBC, CNN, MSNBC, Financial Times, Washington Post and others. He has been an adjunct professor at Columbia University in New York and is Senior Vice President and Chief Security Strategist at Blue Coat Systems, Inc.

AMIT YORANPresident, RSA

As President, Amit Yoran is responsible for developing RSA’s strategic vision and operational execution across the business. Prior to his appointment as President, he served as Senior Vice President of Products at RSA, where he provided leadership for RSA’s product development and product management organizations.

Yoran founded and served as the CEO of NetWitness, the market-leading network forensic product provider, which was acquired by RSA in 2011. In 2003 and 2004, he served as founding director of the US-CERT program. Prior to that role, Yoran was co-founder and CEO of market-leading managed security services provider Riptech, which was acquired by Symantec in 2002, and where he subsequently served as Vice President of Worldwide Managed Security Services. Yoran is a graduate of the United States Military Academy at West Point and George Washington University.

CHRISTOPHER D. YOUNG Senior Vice President and General Manager, Intel Security Group

Christopher Young is General Manager of the Intel Security Group at Intel Corporation. Young leads Intel’s security business across hardware and software platforms, including McAfee and Intel’s other security assets, generating revenue exceeding $3 billion. Young previously served as Senior Vice President at Cisco’s Security Business Group, where he was responsible for strategy, engineering and product development for the company’s global security business. Before that, Young served as Senior Vice President and General Manager at VMware, where he led engineering, product development and marketing for desktop virtualization, consumer and end-user offerings. Young holds a bachelor’s degree, cum laude, from Princeton University and an MBA with distinction from the Harvard Business School.

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates. 5#RSAC

1:00 PM – 4:30 PM SEM-M03

Advancing Information Risk PracticesMany challenges face today’s Risk Management programs, including how to risk rank security gaps, handling business interactions, and building a qualified resource pool. This half-day seminar will be packed with practical information from a series of respected industry leaders who have set out to challenge conventional ideas and pursue cutting edge tactics, discussing successes and pitfalls.

Full Conference Registrants only.

9:00 AM – 12:00 PM

CSA Summit 2015: Enterprise Cloud Adoption and Security Lessons LearnedCloud computing is a mission-critical part of the enterprise. Join us for CSA Summit 2015 to discover lessons learned from enterprise experts in securing their clouds and achieving compliance objectives. A global list of industry experts will share their experiences and discuss the key security challenges of tomorrow. Get the big picture view of the future of IT and our mandate to revolutionize security.

Open to all registrant types.

9:00 AM – 1:00 PM

TCG: Should We Trust Mobile Computing, IoT and the Cloud? No, But There Are SolutionsSensitive data flies through a variety of networks—unencrypted and vulnerable to loss, theft and attack. This session will address the issues this raises, as well as take a look at the state of security and trust in traditional enterprise computing. Attendees will also be able to experience new demos on mobile, embedded, IoT and enterprise security.Open to all registrant types.

† SANS Tutorials and (ISC)2 trainings are offered at an additional fee. Earn up to 12 CPE credits for participating in one of the SANS Tutorials. To see a full course description and register for these programs go to: www.rsaconference.com/change2015.

Sunday/Monday Trainings & Tutorials Monday Seminars

SANS TUTORIALS

TUT-S21

SANS: Critical Security Controls: Planning, Implementing and AuditingJames Tarala, SANS Senior InstructorThis course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls. For security professionals, the course enables you to see how to put the controls in place in your existing network through effective and widespread use of cost-effective automation. For auditors, CIOs and risk officers, the course is the best way to understand how you will measure whether the controls are effectively implemented.

TUT-S22

SANS: Lethal Network ForensicsRandy Marchany, SANS Certified Instructor

This course provides you with the skill set necessary to investigate a compromised network environment or design solutions for an existing environment that will minimize the time and cost necessary to investigate a potential compromise in the future. We use hands-on exercises derived from real-world attacks to ensure you are prepared to address the threats that every Internet-facing network faces daily. The material covers low-level packet capture approaches and techniques to use high-level data for scoping a compromise, identifying attack traffic, and routing out network-based data theft. Laptop required.

TUT-S23

SANS: ICS Cybersecurity Overview with Hands-on Lab Graham Speake, SANS Certified InstructorThis course is designed to introduce students to the unique requirements of real-time systems and provide a model for defending industrial control systems in a manner that keeps the operational environment safe, secure and resilient against current and emerging cyber threats. Laptop required.

TUT-S24

SANS: Metasploit Kung Fu for Enterprise Pen TestingBryce Galbraith, SANS Principal Instructor

This class will show students how to apply the incredible capabilities of the Metasploit Framework. This course will provide an in-depth understanding of the Metasploit Framework and cover exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, as well as the rich feature set of the Meterpreter. Laptop required.

(ISC)2 TRAININGS

TRN-I01

(ISC)² CISSP® CBK® TrainingKevin Stoffell, (ISC)2 Authorized Instructor

Led by (ISC)2 authorized instructor Kevin Stoffell, the official (ISC)2 CISSP CBK® Training Seminar is the most comprehensive review of information security concepts and industry best practices, and covers the latest eight domains of the CISSP CBK (Common Body of Knowledge). This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CISSP exam.

TRN-I02

(ISC)² SSCP® CBK® TrainingBuzz Murphy, (ISC)2 Authorized Instructor

Led by (ISC)2 authorized instructor Buzz Murphy, the official (ISC)2 SSCP CBK® Training Seminar is the most comprehensive review of information security concepts and industry best practices, and covers the latest seven domains of the SSCP CBK (Common Body of Knowledge). This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the SSCP exam.

Immerse yourself in intensive, skill-building two-day sessions led by respected authorities from SANS and (ISC)². Four SANS Tutorials and two (ISC)2 CBK® Trainings for the CISSP® & SSCP® will be held on Sunday, April 19 and Monday, April 20.†

6 #RSAC

8:30 AM – 4:30 PM SEM-M01

Security BasicsThe Security Basics Seminar explains some of the most important security principles and is designed for practitioners with three years or less of information security experience. It lays a foundation of essential concepts that will enhance understanding of the current advanced security issues that will be discussed during the week. The seminar will feature some of the giants of the security industry offering up-to-date perspectives on fundamental security topics.

Full Conference Registrants only.

8:30 AM – 11:30 AM SEM-M02

Information Security Leadership Development: Surviving as a Security Leader In conventional security training, there are few opportunities to learn how to develop and direct a successful information security program. Experienced security leaders deliver a morning seminar focused on bridging this gap.

Full Conference Registrants only.

9:00 AM – 5:00 PM

DevOps Connect: DevOpsSec DevOps.com presents DevOps Connect: DevOpsSec: a full day of learning and networking focused on DevOps and security’s role in the software development lifecycle. Gene Kim, Joshua Corman, Mark Miller and Alan Shimel cohost the day’s events, which include panel discussions, industry case studies for DevOps and how security has become an essential part of the DevOps transformation. You will hear real-world stories from industry professionals on how they are integrating DevOps and security in companies just like yours. Open to all registrant types.

1:00 PM – 5:00 PM

IAPP: Engineering Privacy: Why Security Isn’t Enough Businesses increasingly understand that even robust security measures cannot protect an organization from the reputational damage of a privacy violation. Privacy is not about locking information down. It’s about respecting consumer expectations. In this session, privacy leaders explain how to engineer privacy into product design, software applications and organizational architecture. Open to all registrant types.

1:00 PM – 3:00 PM

The Software Defined Data Center and Network Virtualization: An Inherently Better Security Model The Software Defined Data Center offers improved agility and decreased time-to-value. In addition, by extending the operational model of compute virtualization to the network, it provides better data security. This approach delivers on micro-segmentation, as well as an automated way of ensuring security policies are tied to the workloads that require protection. Attend to learn how network virtualization not only forms the underpinnings of an SDDC, but also provides a safer platform for the data center overall. Open to all registrant types.

TUESDAY, APRIL 21

6:30 PM – 7:30 PM Reservation Times

Dinner For 6 On Tuesday and Wednesday, sign up for a non-hosted dinner at select restaurants, as a single diner or with a group of friends. Space is limited so be sure to sign up on-site at the Conference Concierge desk in advance and obtain a confirmation slip to attend.

Open to all registrant types.

WEDNESDAY, APRIL 22

5:00 PM – 6:00 PM

South Expo Pub CrawlEnjoy complimentary beer, wine and non-alcoholic beverages as you visit sponsoring companies’ booths to learn about their latest innovations.

Open to all registrant types.

5:00 PM – 6:00 PM

(ISC)2 Foundation Safe & Secure Online Program Volunteer OrientationAre you interested in volunteering to educate children, parents, teachers and seniors in your community about how to protect themselves online? (ISC)2 members can join us at our

MONDAY, APRIL 20

5:30 PM – 6:00 PM

OrientationCalling all new Full Conference attendees! Join us for an overview of the Conference including details of how to make the most of your week.

Full Conference Registrants only.

1:00 PM – 5:30 PM

RSA®C Innovation Sandbox ContestThe RSAC Innovation Sandbox will crown the Most Innovative Company 2015! Come listen to the Top 10 finalists pitch to a captive audience and prestigious judging panel! In addition, audience members will hear from experts sharing their go-to-market strategy, how to identify funding channels, and whether to build or buy security solutions.

5:00 PM – 7:00 PM

Welcome ReceptionKick off RSA Conference 2015 with drinks and hors d’oeuvres as you preview the 400+ leading information security vendors in both North and South Expos.

Full Conference and Explorer Expo Plus Registrants only. Guest tickets available for purchase.

Special EventsSafe and Secure Online Program Volunteer Orientation where they’ll receive an overview of the Safe and Secure Online presentation materials and advice about how to present to children. You can attend this in-person orientation in lieu of the online preparation video, plus you’ll earn one CPE credit.

To register, please send an email with your name and member ID number to Foundation@isc2.org.

6:00 PM – 8:00 PM

(ISC)2 Member Reception(ISC)2 is pleased to host a members-only reception in conjunction with RSA Conference 2015. This is a great opportunity for you to meet with fellow (ISC)2 members and discuss the latest cyber security trends, while you enjoy complimentary refreshments. You will also receive member updates from (ISC)2 and have a chance to ask questions and share your ideas. To attend, please RSVP at http://bit.ly/1CuVhbF.

6:30 PM – 7:30 PM Reservation Times

Dinner For 6 On Tuesday and Wednesday, sign up for a non-hosted dinner at select restaurants, as a single diner or with a group of friends. Space is limited so be sure to sign up on-site at the Conference Concierge desk in advance and obtain a confirmation slip to attend.

Open to all registrant types.

THURSDAY, APRIL 23

6:30 PM – 10:30 PM

RSA® Conference Codebreakers BashIndulge yourself with decadent food, drinks and live entertainment at this not-to-be-missed party, held at the Masonic. Be prepared to hit the dance floor for a night you are not soon to forget!

Full Conference and Thursday Full Conference One-Day Registrants only. Guest tickets available for purchase.

Check out the completely expanded

Sandbox!Tuesday through Thursday, The Sandbox will host a slew of hands-on challenges for InfoSec professionals:

• SANS NetWars: Enhance your skills and experience in network security.

• Live Industrial Control Systems (ICS) Display: Interact with commonly found hardware and software used by most water plants and industrial equipment stations.

• JTAGulator—On-chip Debug (OCD) Demonstration: Test out an open-source tool that assists in identifying OCD connections from test points / component pads on a target device.

• Additional Activities: Try out your sleuthing skills in the CSI Digital Crime Lab, learn more about how electronic command units (ECUs) control today’s vehicles with Reverse Car Engineering, plus view live attack maps and network at the Cybrew Coffee Bar.

Open to all registrant types.

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates. 7#RSAC

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates.8 #RSAC

MOBILE SECURITY [MBS] This track will provide focused discussion on policies, processes and technologies for managing employee-owned devices / BYOD programs, smartphone / tablet security and consumerization trends. This track has sessions on mobile malware, application threats, device management and emerging threats to mobile platforms.

POLICY & GOVERNMENT[PNG] This track features sessions on current and proposed government strategies, policies, legislation and standards that could shape the direction of cloud computing, critical infrastructure protection, public-private partnerships, big data initiatives, cyber threat intelligence sharing, industry standards and security compliance requirements.

PEER2PEER SESSIONS[P2P] The Peer2Peer sessions enable groups of no more than 25 people that share a common interest to come together and productively explore a specific security topic, facilitated by an experienced practitioner. No Press is allowed in Peer2Peer sessions.

PROFESSIONAL DEVELOPMENT[PROF] Professional Development covers individuals’ technical and business/management training, credentialing and career development, as well as staff and personnel management. This track is scheduled on Monday.

RSA®C TV[STU] Become part of our studio audience for a range of information security topics—including short topical presentations and interviews with an array of speakers. Note —no late arrivals or early departures permitted for these recorded sessions scheduled Tuesday through Friday.

SECURITY MASHUP[MASH] Interesting speakers and sessions on a wide range of topics not found anywhere else during the week.

Sessions and Tracks at RSA Conference 2015ANALYTICS & FORENSICS [ANF] Analytics & Forensics is the security operations view, covering investigation and analysis techniques that help organizations reduce time to containment and incident response, as well as discover and communicate patterns to provide insight and future prevention.

APPLICATION SECURITY & DEVOPS[ASD] Given the increasing use of web and cloud computing applications and DevOps principles to increase predictability, efficiency and security, this track focuses on automation, agile operations, secure design, development, implementation and operation of packaged and custom-developed applications.

ASSOCIATION SPECIAL TOPICS [AST] Navigate the association landscape and learn about opportunities in training, best practices, credentialing, special programs and career development from leaders in the field.

BREAKING RESEARCH[BR] This half-track is dedicated to the latest research and most pressing threats from top global researchers in the field.

BRIEFING CENTER[BC] Get tactical help with the pressing challenges you face each day. Technical experts present 15- and 30-minute demonstrations to help you make strategic plans and purchase decisions for your organization.

C-SUITE VIEW – [CXO] Security has become a board level concern. How do you translate security speak to board speak? Listen to the experiences of CXOs, featuring the latest trends in information security as we explore the intersection of business and security issues.

CLOUD SECURITY & VIRTUALIZATION[CSV] Cloud Security includes security architecture in the cloud, governance, risks, migration issues, compliance concerns, vendor Service Level Agreements (SLAs) and case studies. This track includes sessions on security aspects of virtualization such as deployment models, VM integrity and virtualization architecture.

CROWDSOURCED – [CRWD] Crowdsourced content is selected as the “best of the best” by popular vote and expert judge curation in the weeks leading up to RSA Conference. A wide range of topics will be explored, and presenters are encouraged to “create dialogue, not monologue” and actively involve the audience. All badge types are invited to participate in these sessions.

CRYPTOGRAPHY[CRYP] Cryptography is ever-changing and this academically focused and refereed track for mathematicians and computer scientists offers presentations of the very latest papers about the science of cryptography.

DATA SECURITY & PRIVACY[DSP] Sessions include database security, data classification, regulation, encryption/tokenization, DLP and new threats to sensitive data. The privacy portion of this track will cover an intro to the field, operational considerations, emerging trends and the critical dialogue between privacy and security pros.

GOVERNANCE, RISK & COMPLIANCE[GRC] This track covers the creation and implementation of risk management frameworks, standards compliance, effective executive and board presentations, as well as the quantification and management of risk. Sessions will also cover successful communication and enforcement of policies.

HACKERS & THREATS[HT] & [HTA] These sessions include discussions about the growing underground economy, advanced threats, APTs, new classes of vulnerabilities, exploitation techniques, reverse engineering and how to combat these problems. The second track is technically advanced and will include live demos and code dissection.

HUMAN ELEMENT [HUM] This track covers people-related issues like social networking/engineering, insider threats and security awareness programs. Sessions will explore how people make trust choices, innovative ways to secure the human and how classic attacks now include a human element.

IDENTITY – [IDY] This half-track will cover the processes, technologies and policies for managing digital identities, their authentication, authorization, roles, and privileges/permissions within or across system and enterprise boundaries, as well as controlling how identities can be used to access resources.

INDUSTRY EXPERTS [EXP] With speakers drawn from top rated RSAC presenters, listen to leading information security professionals talk about today’s most pressing matters.

LAW [LAW] The relationship between law and security is growing in importance globally. The Law track will explore topics ranging from unintended consequences due to legislation and legal rulings to liability from negligence claims by private litigants.

LEARNING LABS – [LAB] Learning Labs offer in-depth learning and high interactivity before, during and after the Conference. The two-hour Labs target senior security information practitioners (10+ years). Develop your skills while engaging with your peers and learning from the experts. Enrollment is limited to 40 attendees.

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates. 9#RSAC

SECURITY STRATEGY[STR] Security Strategy covers the policy, planning and emerging areas of enterprise security architecture and the management issues of implementing successful security programs. Sessions will include the structures and tools needed to build a security program that enables and enhances business processes.

SECURING THE ECOSYSTEM – [ECO] These sessions explore the security impact of emerging technologies in ecosystems such as the healthcare, automotive, and telecommunications industries, and mobile application marketplaces. We’ll also review case studies of organizations who have implemented third party risk management and secured their supply chains.

SPONSOR SPECIAL TOPICS[SPO] Listen to a spectrum of experts and security issues delivered and discussed by leading edge companies.

TECHNOLOGY INFRASTRUCTURE & OPERATIONS[TECH] This track focuses on elements of current security architecture. The track provides content on architecture, strategic planning, security monitoring and vulnerability perspectives for security of networks, endpoints and systems including rights management, mobile systems, devices and ethical hacking.

Sessions Schedule

MONDAY, APRIL 20

10:10 AM – 11:00 AM[PROF-M02] Across the Desk: Opposing Perspectives on InfoSec Hiring and Interviewing

2:20 PM – 3:10 PM[PROF-M05] The 50-Minute MBA for Information Security Professionals

TUESDAY, APRIL 21

1:10 PM – 2:00 PM[ANF-T07R] Security Data Science: From Theory to Reality

[ANF-W02R] Building a Next Generation Security Architecture

[ASD-T07R] Continuous Security: 5 Ways DevOps Improves Security

[CRYP-T07] Timing Attacks

[CXO-T07R] The Evolution of the Cybersecurity Executive Trifecta: The CSO/CIO/CISO

[DSP-T07R] Technologies That Will Shape the Future Privacy Debate

[ECO-T07R] Endpoints in the New Age: Apps, Mobility, and the Internet of Things

[EXP-T07] Hacking Exposed: Next Generation AttacksStuart McClure, CEO, Cylance

[GRC-T07] No More Snake Oil: 6 Reasons Why InfoSec Needs Guarantees

[MBS-T07R] Android Security: Data from the Front Lines

[STR-T07R] News Flash: Some Things Actually Do Work in Security!!!

[TECH-T07R] Network Security and Operations When the Network Is Already Compromised

1:50 PM – 2:10 PM[STU-T5] Hack The Planet: Some Men Just Want to Watch the World Burn

2:20 PM – 2:40 PM[STU-T6] How Much Does Your Ox Weigh?: Crowdsource Your Way to Data Protection

2:20 PM – 3:10 PM[ANF-T08] Finally We’ve Got Game: Real Government Info Sharing After 15 Years of Talk

[ASD-T08] Enterprise Cloud Security via DevSecOps

[CSV-T08] Six Degrees of Kevin Bacon: Securing the Data Security Supply Chain

[CXO-T08] Threat Intelligence Is Like Three-Day Potty Training

[DSP-T07R] Technologies That Will Shape The Future Privacy Debate

[DSP-T08] A Privacy Primer for Security Officers

[ECO-T08] Majority Report: Making Security Data Actionable (and Fun!)

[EXP-T08R] The Six Most Dangerous New Attack Techniques, and What’s Coming NextMichael Assante, Director of ICS, SANS Institute; Ed Skoudis, CEO, CounterHack Challenges; Johannes Ullrich, Dean of Research, SANS Technology Institute

[HTA-T08] How We Discovered Thousands of Vulnerable Android Apps in One Day

[HUM-T08] Cisco’s Security Dojo: Raising the Technical Security Awareness of 20,000+

[TECH-T08] Getting a Jump on Hackers

3:30 PM – 3:50 PM

[STU-T8] When IT Threats Meet OT Innocence

Our LoyaltyPlus Program is offered to eligible Full Conference Pass holders who have attended a total of five or more RSA Conferences.

As a LoyaltyPlus member, you will enjoy many benefits, including:

• Reserved check-in counter at registration

• “Red Carpet” access to Keynotes throughout the week

• Exclusive access to the LoyaltyPlus lounges (with Wi-Fi, White Boards, Snacks & Drinks, Recharge Stations and live concierge to assist with dinner reservations).

Additional sessions to be announced. Access full and up-to-date session details at www.rsaconference.com/change2015.

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates.10 #RSAC

[GRC-T10] A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

[HTA-T10] Hacking Smart Cities

[MBS-T10] Wanted: Innovation in Security Research

WEDNESDAY, APRIL 22

8:00 AM – 8:50 AM[ASD-W01] Countering Development Environment Attacks

[CRYP-W01] Secure and Efficient Implementation of AES Based Cryptosystems

[CXO-T07R] The Evolution of the Cybersecurity Executive Trifecta: The CSO/CIO/CISO

[CXO-W01] IANS Research—The Seven Factors of CISO Impact

[DSP-W01] More Apt than You Think: Data Protection at Massive Scale

[EXP-W01] Assume Breach: An Inside Look at Cloud Service Provider SecurityMark Russinovich, Chief Technology Officer, Azure, Microsoft

[GRC-W01] Balancing Compliance and Operational Security Demands

[HT-W01] How Secure Are Contact-less Payment Systems?

[HUM-W01] Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

[STR-W01] Implementing the U.S. Cybersecurity Framework at Intel—A Case Study

9:10 AM – 10:00 AM[ANF-W02R] Building a Next Generation Security Architecture

[ASD-W02] Is DevOps Breaking Your Company?

[CSV-W02] Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

[CXO-W02] Security Metrics That Your Board Actually Cares About!

[DSP-W02] Security and Privacy: Let’s Stay Together, Baby.

[ECO-W02] Addressing the Global Supply Chain Threat Challenge: Huawei, A Case Study

[GRC-W02] Creating an User-Friendly Information Security Policy

[HT-W02] Protecting Critical Infrastructure Is Critical

[HTA-W02] That Point of Sale Is a PoS

[STR-W02] Cyber Battlefield: The Future of Conflict

[TECH-W02] The Mother of All Pen Tests

10:20 AM – 10:40 AM[STU-W1] Amazing True Crimes and the Lessons They Can Teach Us

10:20 AM – 11:10 AM

[ANF-W03] Orchestrating Software Defined Networks (SDN) to Disrupt the APT Kill Chain

[CSV-W03] Defending the Cloud from the Full Stack Hack

[CXO-W03] Can Cyber Insurance Be Linked to Assurance?

[DSP-W03] The Kelvin Mantra: Implementing Data-Driven Security Practices

[EXP-W03] Hot Topics in Privacy: A Conversation with Facebook, Google and MicrosoftKeith Enright, Director, Global Privacy Legal Team, Google; Trevor Hughes, President & CEO, IAPP; Brendon Lynch, Chief Privacy Officer, Microsoft

[GRC-W03] Pragmatic Metrics for Building Security Dashboards

[HUM-W03] The Insider Threat in the Cloud: The Harsh Reality in Today’s World

[MBS-W03] Your VISA Has Been DEACTlVATED: How Cybercriminals Cash In Via SMS Attacks

[STR-W03] Layer 8 and Beyond! Mapping Threat Data above (and below) the Keyboard

Sessions Schedule, continued Access full session details at www.rsaconference.com/change2015

New for 2015!

Crowdsourced SessionsOur new Crowdsourced sessions are 12 sessions selected as the “best of the best” by popular vote and expert judge curation in the weeks leading up to RSA Conference.

A wide range of topics will be explored, and presenters are encouraged to “create dialogue, not monologue” and actively involve the audience.

Voting closes on April 2, so be sure to check the RSA Conference website at www.rsaconference.com/crowdsourced to get all the details and place your vote.

All badge types are invited to participate in these sessions.

3:30 PM – 4:20 PM[ASD-T09] How to Avoid the Top Ten Software Security Flaws

[CXO-T09] From the Battlefield: Managing Customer Perceptions in a Security Crisis

[DSP-T09] Cooking Up Metrics with Alex and David: A Recipe For Success

[EXP-T09R] Security in an Age of Catastrophic RiskBruce Schneier, CTO, Co3 Systems, Inc.

[HT-T09] Home Sweet Owned?—A Look at the Security of IoT Devices in Our Homes

[HUM-T09] Security: Changing the Game

[MBS-T09] Network Attacks on Mobile: From Data Theft to Complete Device Shutdown

[PNG-T09] The Future of ICANN and the IANA Transition

[TECH-T09] Penetration Testing with Live Malware

4:40 PM – 5:30 PM[ASD-T07R] Continuous Security: Five Ways DevOps Improves Security

[ASD-T10] The Internet of Things & the OWASP Gold Standard

[CRYP-T10] Membership

[CXO-T10] The CISO Reporting Project

[EXP-T10] Hacking Exposed: Beyond the MalwareDmitri Alperovitch, Co-Founder & CTO, CrowdStrike; George Kurtz, CEO, CrowdStrike

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates. 11#RSAC

11:30 AM – 11:50 AM[STU-W2] A Short History of Attacks on Finance

11:30 AM – 12:20 PM[ANF-W04] Hunting the Undefined Threat: Advanced Analytics & Visualization

[CXO-W04] Don’t Get Left in the Dust: How to Evolve from CISO to CIRO

[GRC-W04] 70% of U.S. Business Will Be Impacted by the CSF: Are You Ready?

[HTA-W04] Tools of the Hardware Hacking Trade

[PNG-W04] Preventing and Disrupting National Security Cyber Threats

[TECH-W04] SSLammed, SSLayed and SSLapped Around—Why Hackers Love SSL

12:50 PM – 1:10 PM[STU-W4] Sun Tzu Meets the Cloud: Everything Is Different, Nothing Has Changed

1:30 PM – 1:50 PM[STU-W5] Fail-safe the Human Pysche to Advance Security and Privacy

3:30 PM – 3:50 PM[STU-W8] The Day My Kids Brought Home Malware

THURSDAY, APRIL 23

8:00 AM – 8:50 AM[CRYP-R01] Algorithms for Solving Hard Problems

[CXO-R01] Compliance by Design: Using Innovation to Beat the Compliance Rat-Race

[DSP-R01] Seven Grades of Perfect Forward Secrecy

[ECO-R01] On the Care and Feeding of Human and Device Relationships

[GRC-R01] Managing the Unmanageable: A Risk Model for the Internet of Things

[HT-R01] Bug Hunting on the Dark Side

[HTA-R01] Chained Database Attack: From No Access to a Complete Control of SAP ASE

[HUM-R01] Terror Gone Social: The Islamic State and Social Media

[LAW-R01] Drones: All Abuzz with Privacy & Security Issues

[MASH-R01] More Books You Should Have Read by Now: The Cybersecurity Canon Project

9:10 AM – 10:00 AM[ANF-R02] The Newest Piece of Defense-in-Depth: Social Media & DNS

[ANF-T07R] Security Data Science: From Theory to Reality

[ASD-R02] A Case Study in Building an AppSec Program: 0 –60 in 12 months

[CRYP-R02] Constructions of Hash Functions and Message Authentication Codes

[CSV-R02] Enterprise Acquisition of Cloud Computing Services

[CXO-R02] The Truth About Cyber Risk Metrics: Connecting Vulnerabilities to Economics

[GRC-R02] Misinforming Management

[HT-R02] The Little JPEG That Could (Hack Your Organization)

[HTA-R02] Domain Name Abuse: How Cheap New Domain Names Fuel the eCrime Economy

[IDY-R02] Identity Proofing—Blinding the Eye of Sauron

[STR-R02] Threat Intelligence Is Dead. Long Live Threat Intelligence!

[TECH-R02] Six Things Wireless Security Professionals Need to Know about Wireless

10:20 AM – 10:40 AM[STU-R1] Want to be Secure in the Cloud? Build a Casino

10:20 AM – 11:10 AM[CRYP-R03] Secure Multiparty Computation

[CXO-R03] The Third Rail: New Stakeholders Tackle Security Threats and Solutions

[DSP-R03] POSitively Under Fire: What are Retailers Facing?

[ECO-T07R] Endpoints in the New Age: Apps, Mobility and the Internet of Things

[GRC-R03] Surviving SOC2—The Why and How for Cloud Service Providers

[HT-R03] Malware Persistence on OS X Yosemite

[IDY-R03] Use Context to Improve Your User Identification Odds

[LAW-R03] Full Disclosure: What Companies Should Tell Investors About Cyber Incidents

[MASH-R03] Epidigitalogy: Surveying for Digital Diseases like an Epidemiologist

[MBS-R03] A Case Study Looking at the Included CAs on Mobile Devices.

[TECH-R03] LTE Security—How good is it?

11:30 AM – 12:20 PM[CXO-R04] When Will InfoSec Grow Up?

[ECO-R04] You’ve Been Warned: iBeacons to Bring a Tsunami of Change to Data Security

[EXP-T09R] Security in an Age of Catastrophic RiskBruce Schneier, CTO, Co3 Systems, Inc.

[HT-R04] Security Hopscotch

[HTA-R04] The Internet of TR-069 Things: One Exploit to Rule Them All

[IDY-R04] Common IAM Flaws Plaguing Systems after Years of Assessment

[MBS-R04] True Cost of Fraud & Cybercrime against Your Mobile Channel

[TECH-R04] Analogue Network Security

12:10 PM – 12:30 PM[STU-R3] The Economics of Online Identity: Six Buzzwords to Impress Your Boss

12:50 PM – 1:10 PM[STU-R4] The Sound of Metrics

1:30 PM – 1:50 PM[STU-R5] Stop Selling and Start Marketing Your Information Security Program

2:10 PM – 2:30 PM[STU-R6] Phishing for the Phoolish—Why Hackers Love Gilligan’s and Their Best Lures

FRIDAY, APRIL 24

9:00 AM – 9:50 AM[ANF-F01] Hunted to the Hunter

Sessions Schedule, continued Access full session details at www.rsaconference.com/change2015

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates.12 #RSAC

FRIDAY SEMINARS

9:00 AM – 1:00 PM

(ISC)²® CISSP-ISSMP® CBK® Training SeminarAttend this FREE half-day education session based on the (ISC)2 CBK for the Information Systems Security Management Professional (CISSP-ISSMP). Delivered by an (ISC)2 authorized instructor, the ISSMP Training Preview will provide CISSPs with an overview of the knowledge needed for this credential, including project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program. To qualify for the CISSP-ISSMP, you must maintain your CISSP credential in good standing and pass the ISSMP examination.

9:00 AM – 1:00 PM

(ISC)² ® CSSLP® CBK® Training SeminarValidate your application security competency within the software development lifecycle (SDLC). Attend this FREE half-day education session based on the (ISC)2 CBK for the Certified Secure Software Lifecycle Professional (CSSLP). Delivered by an (ISC)2 authorized instructor, the CSSLP Training Preview will provide software professionals with an understanding of this credential and its domains, career benefits and the overall exam process.

[MBS-F03] Mobile Security Shootout—Which Smartphones Are Up to the Task?

[STR-T07R] News Flash: Some Things Actually Do Work in Security!!!

1:00 PM – 1:20 PM

[STU-F2] Stuck in Patterns—How Your Mind Fools You Everyday

SPONSOR SPECIAL TOPICS

Akamai Technologies Rise of the Machines: An Internet-Wide Analysis of Web Bots in 2014

Blue Coat Systems Tracking Ghosts through the Fog

CA Technologies Security in the App Economy—How to Ride the Wave without Wiping Out

Cisco Incident Response: A Test Pilot’s Perspective

Dell Security’s Evolving Role as an Enabler to the Business

FireEye Building The Midgardian Citadel: Active Detection and Response

HP Practical Advice for Embracing RASP—A New Kind of Defense

HOB GmbH & Co. KG Secure Apache Web Server with HMTL5 and HTTP 2.0

Juniper Networks Combining Firewalls and Security Intelligence Is a Hacker’s Worst Nightmare

Microsoft Enterprise Cloud: Advancing SaaS Security and Trust

Qualys Inc Bridging the Divide between Security and Operations Teams

Sophos Defense in Depth to Coordinated Defense: Organizing against Our Common Enemy

Symantec Cyber Security: The Brink of Prediction

TeleTrusT–IT Security Association Germany

Trust in Mobile Enterprise—Have We Lost The Game?

Tripwire, Inc. Killing the Kill Chain: Disrupting the Cyber Attack Progression

[GRC-F01] Do You Know What You Don’t Know?

[HUM-F01] Securing Boomers, Gen Xers and Gen Yers: OMG We Are So Different!

[IDY-F01] The Emperor’s New Password Manager: Security Analysis of Password Managers

[MASH-F01] Cyber Security and Aviation

[MBS-F01] Side-Channels in the 21st Century: Information Leakage from Smartphones

[STR-F01] Riding the Wave of the Digital Bank: A Security Perspective

[TECH-T07R] Network Security and Operations When the Network Is Already Compromised

[ASD-F01] How Security Can Be the Next Force Multiplier in DevOps

[CRYP-F01] Detecting and Tracing Malicious Activities

[DSP-F01] Zero Knowledge Security

[ECO-F01] Next Generation Healthcare Security

[EXP-T08R] The Six Most Dangerous New Attack Techniques, and What’s Coming NextMichael Assante, Director of ICS, SANS Institute; Ed Skoudis, CEO, CounterHack Challenges; Johannes Ullrich, Dean of Research, SANS Technology Institute

10:10 AM – 11:00 AM[ANF-F02] The Physics of Security

[ASD-F02] Secure Application Development with Go

[CRYP-F02] Implementation Attacks on Exponentiation Algorithms

[CXO-F02] CSOC for Critical Infrastructure Protection

[DSP-F02] Understanding Threats Using Big Data and Contextual Analytics

[ECO-F02] Avoiding the “Creepy Factor” in Biometric and Other Technologies

[HT-F02] Inside the World of Java Applets

[IDY-F02] Secure Graphical Passwords

[MASH-F02] Website Counterintelligence: Leveraging Web Logs to Gather Intelligence

[MBS-T07R] Android Security: Data from the Front Lines

[TECH-F02] Securing Active Directory Correctly

11:20 AM – 11:40 AM[STU-F1] Security Humanitarianism: Extraordinary Examples of Tech Improving Lives

11:20 AM – 12:10 PM[ASD-F03] Game Consoles & Mobile Device Security: A Model for the Internet of Things

[CRYP-F03] Homomorphic Encryption and Its Applications to DRM

[CSV-F03] Realities of Private Cloud Security

[CXO-F03] Wargaming for the Boardroom: How to Have a Successful Tabletop Exercise

[DSP-F03] New Trends in Cryptographic Algorithm Suites Used for TLS Communications

[GRC-F03] Taking a Business Risk Portfolio (BRP) Approach to Information Security

[HT-F03] STIX in Practice for Incident Response

[HUM-F03] The Art of Thinking Security Clearly

[MASH-F03] What Cyber Security History Teaches Us about Today’s Challenges

Friday, 3:30 PM – 4:20 PM continued

Visit www.globallearningsystems.com or call us at 1-866-245-5224.

*Come visit us at RSA® Conference 2015, in the South Expo Booth #S2815

Build Your Human FirewallWith Client-Tailored Security Awareness Training

With the Global Learning Systems Security Awareness Program, build your human firewall through continuous learning. Our comprehensive program incorporates scenario-based examples of the latest attacks so your employees are equipped to protect yoursensitive information.

Our award-winning solutions, backed by our 25 years of experience, are completely customizable and tailored to your needs. Select from the building blocks below to produce an affordable, effective and targetedprogram that focuses on your greatestsecurity concerns.

Online, OnDemand Security Awareness Courses (20-minute and 45-minute options)

Suite of Online Best Practice Modules(5-10 minutes each)

Simulated Social Engineering Testing, Assessment,and ROI/Metrics Tracking

Annual Communication Plan(Posters, Newsletters, Short Videos, Email Templates)

Additional online courses for client-specific requirements including:OWASP, Role-based, HIPAA, PCI, Anti-Phishing & Social Media Training

DO NOT DO

$683K $162K

Average annual financial losses for companies who do not provide security training to new hires and those who do.*Source: 2014 US State of Cybercrime Survey (www.pwc.com)

C

M

Y

CM

MY

CY

CMY

K

RSA2.pdf 1 1/13/15 4:07 PM

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates.14 #RSAC

10Zig Technology21CT, Inc.6WINDA10 NetworksAbsolute SoftwareAccellionAccelOpsAccolade TechnologyAccuvantAcunetixAdallomAdaptiveMobileADLINK Technology, Inc.AdvantechAgariAgilianceAHA Products GroupAhnLabAirWatchAkamai TechnologiesAlert LogicAlertEnterpriseAlgoSecAlienVaultAllegro Software Development CorporationAlta Associates Inc.AMAX Information TechnologiesAmerican Portwell Technology, Inc.Antiy LabsAPCON, Inc.AppthorityArbor NetworksArea 1 SecurityAruba NetworksArxan TechnologiesAT&TAuthentifyBAE Systems Applied IntelligenceBarracuda NetworksBasis TechnologyBastilleBay Dynamics, Inc.BehaviosecBeijing Zhongguancun Overseas Science ParkBeyondTrustBit9 + Carbon BlackBitDefenderBitglass

Bivio NetworksBlack Duck SoftwareBlack LotusBlackBerryBlue Coat SystemsBlueboxBluelivBluink Ltd.Brainloop AGBricata LLCBrinqa LLCBromiumBTbTrade, LLCCA TechnologiesCaspidaCatbirdCavium NetworksCBTS Advanced Cyber SecurityCentrifyCentripetal Networks, Inc.Certes Networks Inc.CertiVoxCheck Point SoftwareCheckmarxCHERRYCigitalCipherCloudCiscoCitrixClear Bridge Technology GroupClearswiftClick SecurityCloud Security AllianceCloudLink CloudLockCloudpath NetworksCo3 SystemsCode 42 SoftwareCollective SoftwareComodoConjur, Inc.CORE SecurityCorero Network SecurityCoSoSysCounterTackCoverityCovertixCovisintcPacket Networks Inc.

Cryptography Research, Inc.Cryptsoft Pty Ltd.Cryptzone Inc.CSG InvotasCyberaCyberArk Software, Inc.CybereasonCyberMarylandCyberPoint InternationalCybertinelCylanceCyphort Inc.CYRENDamballaDaon IdentityXDataBlink, Inc.DataLocker Inc.DB NetworksDBAPPSecurityDeep Identity Pte Ltd.Deja vu SecurityDellDenim GroupDepartment of Homeland Security, Science & TechnologyDHS/Cybersecurity & CommunicationsDigiCertDigital Defense, Inc.Digital GuardianDispersive TechnologiesDistil Networks, IncDomain ToolsDOSarrest Internet Security LimitedDuo SecurityEasy Solutions, IncEdgeWaveElasticaEmerging ThreatsEmulex CorporationEndgame, Inc.Engage CommunicationEnigmediaENTERSEKTEntrust DatacardeSentire, Inc.ESETEventSentryExabeam

EZ Chip F5 NetworksFasooFastlyFederal Bureau of InvestigationFederal Reserve Bank of San FranciscoFeitian Technologies Co., Ltd.FileTrekFinalCode Inc.FireEyeFireMonForeground SecurityForeScout Technologies, Inc.ForgeRockFortinetFortScaleFreescaleFuturexGarner ProductsGEGeneral Dynamics Fidelis Cybersecurity SolutionsGiesecke & DevrientGigamon, Inc.Global KnowledgeGlobal Learning SystemsGlobalSignGraphite SoftwareGreen Hills SoftwareGreeNet Information Service Co., Ltd.Guardian AnalyticsGuardicoreGuidance SoftwareGuruCulHPHexaditeHexis Cyber SolutionsHID Global CorporationHillstone Networks, Inc.Hitachi ID Systems, Inc.HitmanProHOB GmbH & Co. KGHuawei Technologies Co., Ltd.Humming Heads, Inc.HyporiHytrust

IAPPIBM Corporationiboss Network SecurityIDenticardIdentity Finder, LLCIdentivIDGIZEIEEE Computer SocietyIllumioImpervaImpervio Technologies Inc.InfobloxInfobyte LLCInfoExpress, Inc.InfoGardInformaticaInfoSecurity MagazineINSIDE SecureInspired eLearning, Inc.Intel SecurityInterface Masters TechnologiesIntiGate Inc.IntralinksInvincea, Inc.Ionic SecurityIpswitchISACA(ISC)2

(ISC)2 Membership HQIsrael Export InstituteIXIAJiranSoftJuniper NetworksKey Source InternationalKeypascoKorea Trade-Investment Promotion Agency (KOTRA)KRYPTUSLancopeLANDESK SoftwareLanner Electronics Inc.Lastline, Inc.LastPassLeadman Electronics USA, Inc.Lieberman Software

The RSA® Conference 2015 Expo has 400+ exhibitors this year! We invite you to explore the latest and most innovative technological solutions to help secure your organization. Here is a sampling of the companies you can expect to see in the Expo this year.

LightCyberLinoma SoftwareLJ Kushner & Associates, LLCLockPath, Inc.LogRhythmLuxar Tech, Inc.Lynx Software TechnologiesMalcovery SecurityMalwarebytes Inc.ManageEngineManTech Cyber Solutions InternationalMarble SecurityMBX SystemsMediaPro, Inc.Messageware – Exchange SecurityMetricStreamMicrosoftMimecastminiOrange, Inc.MobileIronMocanaNallatech Inc.NapatechNarus, Inc.National Cybersecurity Institute at Excelsior CollegeNational Security AgencyNetflow Logic CorporationNetIQNetronomeNetskopeNetsparkerNetwrixNeustarNexcomNextLabs, Inc.NIARA Inc.NorseNorseman Defense TechnologiesNorthrop GrummanNovetta Solutions, LLCNowSecureNPCoreNRI Secure TechnologiesNSFOCUS Information Technology Co., Ltd.Ntrepid Corporation

RedOwl AnalyticsRedSeal NetworksRedVectorRemotium, Inc.Reservoir LabsResolution1 SecurityReturn PathRioReyRiscure North AmericaRiskIQRSARsamSafeNet, Inc.Safe-TSANS InstituteSAP AGSASSasa SoftwareSAVIYNTSECnology, Inc.SECUDRIVESeculertSecuniaSecure Islands TechnologiesSecureAuthSecureNinjaSecurity CompassSecurity MentorSecuronixSecuTech Solutions PTY LTDSendSafelySentinel OneSentrixShape SecurityShavlik TechnologiesSilverSkySimeio Solutions, LLCSims Recycling SolutionsSkybox Security, Inc.SkycureSkyhigh NetworksSmartDisplayer TechnologySoftware Engineering InstituteSolarflareSonatype, Inc.SonavationSophosSparkle PowerSpectorSoft Corporation Exhibitor list current as of 1/27/2015.

RSA® Conference 2015 sponsors are indicated in bold.

Spikes SecuritySpirentSplunkSqrrl Data, Inc.SSH Communications SecuritySTEALTHbits TechnologiesStrikeForce Technologies, Inc.StrongAuth, Inc.Sumo LogicSurfWatch LabsSwivel Secure LtdSymantecSyncplicity by EMCSynerCommSypris ElectronicsTaaSeraTabulaTeachPrivacyTechGuard SecurityTeleSign CorporationGerman Pavilion / TeleTrusT–IT Security Association GermanyTemasoftTenable Network SecurityThales e-SecurityThe Media TrustThetaRayThreatConnectThreatMetrix, Inc.ThreatSimThreatStreamThreatTrack SecurityThycoticTIBCO SoftwareTitan IC Systems Ltd.Titania Ltd.TITUSToopherTraceSecurityTrapX Security, Inc.Trend Micro Inc.Trineba Technologies, Inc.Tripwire, Inc.TRUSTeTrusted KnightTrustwaveTufin Technologies

UK Trade & Investment Defence & Security OrganisationUltimateWindows Security.comUNICOM EngineeringUnisysUniversity of DenverUniversity of Maryland University CollegeUsher by MicroStrategy, Inc.Utimaco Inc.Varonis SystemsVASCO Data SecurityVeeam SoftwareVenafi, Inc.VeracodeVerintVerisignVerizonViewfinityVijilan SecurityViscount Systems Inc.Visible StatementVMwareVoltage SecurityVormetricVotiroVSS MonitoringWatchful SoftwareWatchGuardWave Systems Corp.WEBROOTWebsensewhiteCryptionWIldPacketsWinMagic Inc.wolfSSL Inc.Wombat Security Technologies, Inc.WontokWWPass CorporationYarcDataZentera Systems Inc.ZeroFOXZettasetZimperiumZix CorporationZNYX Networks, Inc.Zscaler

NTT GroupNuData SecurityNXP SemiconductorsOASIS Interop ShowcaseOATHObserveITOffice of the Comptroller of the CurrencyOkta, Inc.OnapsisOne World Labs, Inc.OneLoginOpenDNSOPSWAT, Inc.Optimal IdM, LLCOraclePalo Alto NetworksPenn State University College of Information Sciences & TechnologyPerspecsys Inc.PetaSecure, Inc.PFP CybersecurityPhantom CyberPhishMe, Inc.Phoenix TSPindrop SecurityPing Identity CorporationPivot CloudPORTCULLISPortnoxPradeo Security SystemsPrelertPrevalent, Inc.PrimeKey Solutions ABProcera NetworksProofpointProtected-networks.com GmbHProtectWise Pulse SecurePwnie ExpressQosmosQualys IncQuintessenceLabsQuotiumRadiant LogicRadware, Inc.Rapid7RaytheonRecorded FutureRed Hat, Inc.

Expo

Sponsors

©2015 EMC Corporation. All rights reserved. EMC2, EMC, RSA and their respective logos are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners.

Online Trust Alliance

Diamond Media Sponsor

eFG SponsorsGlobal Education Sponsor Education Sponsors Association Sponsors

Gold Media SponsorsPlatinum Media Sponsors Silver Media Sponsors

Bronze Sponsors

Silver Sponsors

Gold Sponsors

Platinum SponsorsDiamond Sponsors

We thank this year’s sponsors for their support.

Security. Compliance. Cloud.

The Big Data Risk CompanyFidelis Cybersecurity Solutions

®

VISION TO SECURE, INTELLIGENCE TO PROTECTTM

ESAF Sponsors

SearchSecurity

ACCESS BY BADGE TYPE

Full Conference

Explorer Expo Plus

Explorer Expo Tutorials

MONDAY EVENTS

ORIENTATION 3INNOVATION SANDBOX 3 3 3SEMINARS 3 H HSANS TUTORIALS $ $ $ 3(ISC)² CBK TRAININGS $ $ $TRACK SESSIONS 3* uKEYNOTES & SESSIONS

KEYNOTES: TUESDAY 3* 3KEYNOTES: WEDNESDAY – FRIDAY 3* 3 3 3THE VIEWING POINT 3* 3 n n

TRACK SESSIONS 3* uASSOCIATION & SPONSOR SPECIAL TOPICS TRACK SESSIONS

3* 3 3 3

PEER2PEER SESSIONS 3*CROWDSOURCED SESSIONS 3* 3 3 3LEARNING LABS 3*(ISC)² SEMINARS (FRIDAY) 3* 3 3RSAC TV 3* 3 n n

EXPOEXPO ACCESS: TUESDAY – THURSDAY 3* 3 3 3BRIEFING CENTER 3* 3 3 3SPECIAL EVENTS

WELCOME RECEPTION$ 3 3 $ $SOUTH EXPO PUB CRAWL 3* 3 3 3CODEBREAKERS BASH$ 3* $ $ $THE SANDBOX 3 3 3 3GENERAL

CONFERENCE MATERIALS 3CONTINENTAL BREAKFAST / SNACKS 3*SHUTTLE SERVICE 3 3 3 3

3 Included in badge type.

$ Available for purchase.

* For Full Conference One-Day Pass, these events are available for day of admittance only.

u One Conference session of choice, to be selected among all Track Sessions (not including Association and Sponsor Special Topics Track Sessions, which are open to all badge types).

H Explorer Expo Plus and Explorer Expo badge holders can gain access to the CSA Summit, TCG Seminar, VMware Seminar, DevOps Connect: SecOps Edition, and the IAPP Privacy Seminar.

n On Tuesday morning, RSAC TV and The Viewing Point are restricted to Full Conference and Explorer Expo Plus Pass holders only. Access for Explorer Expo Pass holders starts after 12:10 PM.

REGISTRATION PACKAGES & RATESDISCOUNT

By March 20, 2015 11:59 PM PT

STANDARDMarch 21, 2015

to April 17, 2015

ON-SITEApril 18–24, 2015

Full Conference Pass $1,895 $2,295 $2,595

Full Conference One-Day Pass (Tuesday, Wednesday, Thursday or Friday ) $995 $995 $995

Full Conference Academic/Student Pass $695 $695 $695

Explorer Expo Plus Pass (Limited Qty Available) $495 $595 $695

Explorer Expo Pass $75 $100 $125

SANS Tutorials (Sunday & Monday) (Note: Additional fees may apply for tutorial materials) $2,100 $2,100 $2,100

(ISC)2 CBK® Trainings (Sunday & Monday) $1,100 $1,100 $1,100

Codebreakers Bash Guest Ticket (Limited Qty Available) $150 $150 $150

Welcome Reception Guest Ticket (Limited Qty Available) $90 $90 $90

PHOTO ID WILL BE REQUIRED AT CHECK-IN TO PICK UP YOUR BADGE.

Register Today for RSA® Conference 2015 and SAVE $400 off your Full Conference Pass!

Just go to www.rsaconference.com/change2015 and click on Register.

16 #RSAC

GROUP DISCOUNTSFull Conference Group Discounts Available if your company purchases five (5) or more Full Conference registration passes at the same time.

GOVERNMENT DISCOUNTSGovernment Discounts Available for current full-time employees of U.S. federal, state or local government agencies and current full-time employees of international government agencies.

See the Terms and Conditions page on the website for more details: www.rsaconference.com/usterms2015 .

CONTINUING EDUCATION CREDITSRSA Conference 2015 has partnerships with a number of security organizations offering Continuing Education Credits to Full Conference attendees (if you attend

Conference sessions) and other benefits. See the CE Credits page on the website for detailed information: www.rsaconference.com/cecreditsus2015 .

BOOK YOUR HOTEL & SAVE!RSA Conference has secured special discounted rates at participating hotels for our 2015 attendees. Please go to www.rsaconference.com/change2015 and click on Hotels & Venue to view a list of available hotels.

FOR MORE INFORMATIONPlease call toll-free 1-866-397-5093 (+1-801-523-6530 from outside the USA or Canada), or send an email to rsaconferencehelp@rsaconference.com .

To manage your RSA Conference mailing or email preferences, please go to www.rsaconference.com/preferences .

All information herein is subject to change. The views expressed by any Conference attendee, speaker, exhibitor or sponsor are not necessarily those of RSA. All Conference attendees, speakers, exhibitors and sponsors are solely responsible for the content of any and all individual or corporate presentations, marketing collateral, advertising and online web content.

Printed on recycled paper, 10% post-consumer waste.

Schedule subject to change. Visit www.rsaconference.com/change2015 for latest updates.