From April 15–20 2018, the city of San Francisco hosts several simultaneous security conferences. The sub-field of quant, data driven cyber / information security / technology risk and metrics is very small, so I’ve started to compile a list of talks and events that week. To make it on this list, the talk should be about the sub-field described above OR presented by/hosted by someone who is active in that sub-field.

Of course, I am sure I missed some, so comment here or DM me on Twitter and I’ll add it.

For this list, I looked at the following conferences:

• Security BSides, San Francisco: April 15 & 16

• RSA Conference: April 16–20

• OUR Security Advocates: April 17

• Peerlyst Training and Presentations: April 15 — April 18

• DevOps Connect: DevOps Days @ RSA 2018: April 16

• Various events and parties found on Google and r/hackbay

Monday, April 16th

• Bring in the $$ : Moving Security from Cost Center to Revenue Generator | Arianna Willett | BSidesSF, 2:10pm — 2:40pm

• Navigating the Vast Ocean of Browser Fingerprints | Russell Thomas | BSidesSF, 4:50pm — 5:20pm

• So you think you want to be a CISO?! | Panel, hosted by Richard Seiersen | LendingClub HQ, 5pm-7pm*

Tuesday, April 17th

• Super Forecasting: Even You Can Perform High-Precision Risk Assessments | Richard Seiersen and Rick Howard | RSA, 1:00 PM — 1:45 PM

• From “No Data” to “Drowning in Data” — It’s Time for a Reality Check | Jack Jones | RSA, 3:30 PM — 4:15 PM

Wednesday, April 18th

• Economics of Security — Incentives, Behaviors, and more | Fernando Montenegro | RSA, 7:00 AM — 7:45 AM

• FAIR Institute Breakfast | Panel, hosted by Jack Jones | Morrison & Forester LLP, 7:30–10 AM

• Implementing a Quantitative Cyber-Risk Framework: A FinSrv Case Study | Jack Freund | RSA, 8:00 AM — 8:45 AM

• Predicting Exploitability — Forecasts for Vulnerability Management | Michael Roytman | RSA, 8:00 AM — 8:45 AM

• There’s No Such Thing as a Cyber-Risk | Evan Wheeler | RSA, 8:00 AM — 8:45 AM

• Creating Order from Chaos: Metrics That Matter | James Lugabihl and Marta Palanques |RSA, 9:15 AM — 10:00 AM

• Value-At-Risk: Decision-Making in Cybersecurity Investments | Sateesh Bolloju | RSA, 1:45 PM — 2:30 PM

• Issues of Quantifying Risk around Identity and Access Management (IAM) | Steve Kruse, Jack Jones, Tony Martin-Vegue, Evan Wheeler | RSA, 3:00 PM — 3:45 PM

Thursday, April 19th

• Quantitative Information Security Risk Management | Tony Martin-Vegue | RSA, 7:00 AM — 7:45 AM

• Abstractions of Security: Mining a Decade of RSA Conference Abstracts | Wade Baker and Jay Jacobs | RSA, 8:00 AM — 8:45 AM

• Building a Data-Driven Security Strategy | Gabriel Bassett | RSA, 8:00 AM — 8:45 AM

• Inside Cyber-Balance Sheets: A Rare Window on Digital Risk in the Boardroom | Wade Baker | RSA, 3:00 PM — 3:45 PM

Friday, April 20th

• Strategic Cyber-Actions and How They Could Affect Your Company | Scott Borg | RSA, 9:00 AM — 9:45 AM