If I remember correctly, this is my sixteenth year on the Program Committee, and I’ve been co-chair of five tracks to date. This year was my first on the Technology, Infrastructure & Operations Track, and it was a delight to serve with my cohorts Jennifer Minella and Chuck Kesler. As you might imagine, some of the process is like the Bon Jovi lyrics, “the more things change, the more they stay the same.” Each year, the committee spends months mining for gold among the thousands of abstracts submitted in a process that has been perfected over decades in order to yield great content. Still, every year, the content changes and delights us.
Quest for a Top 13
Wow, what a great collection of truly stellar and innovative sessions! The sessions we reviewed this year were exceptionally difficult to narrow down to the 13 finalists and a dozen alternates. We agonized over the top 13. There were many papers that were very good but were on the same topic as other papers (which were likewise compelling). The decision of which ones got edged out was difficult because we had several really great talks. However, as Highlander taught us, “there can be only one!”
Also, as you might imagine, many of the abstracts get chopped for various quality issues. Perhaps they had uninspired abstracts, boring topics, stale talks past their prime, or the authors tried so hard to be cute that they forgot to make a point, or had grievous spelling, grammatical and technical errors in the descriptions that gave us stark doubts of quality and diligence.
The Great Big Themes
I don’t want to give away too much, but I was glad to see so many excellent talks addressing key challenges we’re facing in the industry. Trending themes across this year’s submissions included Secure Supply Chain, O365 & AD Security, Operational Technology and some excellent talks about Quantum Computing with surprising applicability. While we’re talking about trends, there were some topics the RSAC 2022 submissions told us were super important—Zero Trust All the Things, IoT, Quantum and DevSecOps—but these were also completely saturated. You’ll see some of these topics in this track and some in tracks devoted to DevSecOps and Zero Trust, in particular.
We also loved a few solid talks that worked the human side of technology and focused on how to get the important work done in this space through influence, relationships and strategic engagement. After all, what good is an awesome infrastructure security plan that nobody will accept because they’re in the hospital from the 12,000-page vulnerability report someone dropped on their head? While technology talks get the buzz, your votes have consistently told us that a limited set of well-executed papers on soft skills belongs in the program.
What Inspired Us
My cohorts and I found it inspiring to see so many practitioner papers with use cases of real-world experiences at the bleeding edge or a large organization taking the deep plunge and sharing their experience. “Not to discount the great expertise that vendors and consultants can bring to the table, but vendors look at Conference submissions as part of their job and ongoing marketing efforts, whereas it takes a good amount of passion, courage and personal time commitment for practitioners to submit to RSAC or any other conference for that matter,” Kesler said. “They may not feel like they can stack up against the big industry names that they often see on the RSAC agenda, so as a practitioner myself, I’m glad that we’re able to give them the opportunity and encouragement.”
Likewise, as a practitioner, I love these talks, where colleagues can tell us of their journey, highlighting where the bear traps and pitfalls lie in the journey ahead so we can cheer their execution and grit.
“It’s always refreshing to see content that addresses real-world issues organizations are tackling. So many submissions focus on the razzle-dazzle of a super niche topic, while others offer abstracts stuffed with the buzzword du jour,” said Minella.
“The truth is, the lay topics—the things impacting us daily; the often mundane but requisite skills—bring tremendous value to organizations of all sizes and across all industries. So for 2023, a message to interested speakers: come to RSAC and share how you solved a problem. There are thousands of professionals that would rather hear about that than how quantum crypto may be combined with blockchain to reimagine railway logistics in Western Europe,” she said.
A Final Note
While it’s impossible to cover the entire space with 13 talks, I’m proud of what we were able to prepare for you, and I think you will be enriched by the diverse, interesting and compelling presentations in this track. But our work on the Program Committee is not done!Much road lies ahead in the run-up to the best InfoSec conference in the western hemisphere, but wow, what a great start! I can’t wait to see the slides and hear these speakers, ask them questions and dig deeper into their presentations. My hotel room is booked, my comfortable shoes are ready, and I am looking forward to engaging and learning from the best collections of papers I’ve seen at conferences anywhere. I hope you are as well. Join us. It’s going to be great!