by Ericka Chickowski

I'm scurrying around Moscone Center at RSA, looking to meet with vendors and end users while still making time to squeeze in some track sessions and to get a pulse on the biggest security issues IT executives face today. I've always found these sessions to be hit-or-miss affairs, and like many convention-goers I try to be judicious about my selections.

Here's a look at some of the sessions I'll definitely make time for this year:

Is SaaS the Future of Enterprise Security?
Time: Tuesday, 1:30
Location: Purple 309
Speakers: Michael Skaff CIO, San Francisco Symphony
Mike Rothman, Chief Blogger, Security Incite
Gerhard Eschelbeck CTO & SVP of Engineering, Webroot
Eric Greenberg VP Security & Risk Solutions, Integralis
Christian Christiansen VP, Security Products/Services
IDC

While there is likely to be a lot of vendor spin coming out of this one, I hope to hear about how customers are responding to the maturing security service model and maybe, just maybe hear a little bit about the challenges that crop up from shifting SaaS.

Virtualization, Collaboration and Cloud computing: A New Focus on Security
Time: Tuesday, 3:00
Location: Blue 103
Speakers: John Stewart VP, CSO, Cisco Systems, Inc.
Bob Gleichauf, VP and Chief Technology Officer, Enterprise Services and Security
Cisco Systems, Inc.

The in pre-show briefings, the analysts stated that the big three of virtualization, cloud computing and collaborative technology are posing the biggest disruption to security practices today. I look forward to hearing what panelists have to say.

Lessons Learned: Conensus Security Metrics & Benchmarking
Time: Tuesday, 4:10
Location: Purple 309
Speakers: Andrew Sudbury, Senior Analyst, Sudbury & Sudbury Partners
Rodney Caudle, Chief Security Architect, Northrop Grumman Corporation
Andrew Jaquith, Senior Analyst, Forrester Research
Caroline Wong, Global Information Security Chief of Staff
eBay
Steven Piliero, Chief Security Officer, The Center for Internet Security

The measurement of security ROI and effectiveness is a perennial headache for security practitioners and CIOs. I'm not overly optimistic, but still hopeful to hear a new perspective on the topic.

Professionalizing the security of Software Development
Time: Thursday, 8:00
Location: Purple 305
Speakers: Steven Lipner, Senior Director of Security Engineering Strategy
Microsoft Corporation
Hart Rossman, Vice President, CTO Cyber Programs & Chief Security Technologist
SAIC
Alan Paller, Director of Research, SANS Institute
Hord Tipton Executive Director, (ISC)2

This is a pet topic of mine, as I believe the root of most security problems stem from poor development practices. I've interviewed several of the panelists in the past and I know they'll have some good material prepared.

Effectively Presenting to the Board of Directors
Time: Thursday, 10:40
Location: Purple 305
Speakers: Renee Guttmann Vice President, Information Security and Privacy Officer
Time Warner Inc.
Denise Hucke Director, Risk & Policy Management, Merck
Suzanne Hall, CISO, Red Cross
Michelle Dennedy, Chief Privacy Officer, Sun Microsystems
Joyce Brocaglia, CEO, Alta Associates

I'd like to glean some tips and tricks to pass along to readers, who are often challenged to effectively communicate with the board and C-suite.