RSA Conference (RSAC) is right around the corner and it’s not too late to join the fun. With the session topics, keynote lineup and speakers posted, it’s a reminder that the Conference plays a unique role in the cyber and information security calendar. To understand that unique role, I’d like to share some thoughts from my 30 years in the industry and my attendance at almost all of the Conferences, missing only a handful during that span.
Before I was even in security, NIST started the National Information Systems Security Conference back in 1977 with an audience focused mostly on government organizations and activities. Today, there are specialized conferences for almost every facet of security and in locations all over the world. RSAC started in the 1990’s with a unique proposition as government and commercial interests were debating the role of cryptography, security and privacy on the Internet as it emerged into public awareness.
Today, RSAC is easily three conferences in one. First, with the competitive Call for Papers process, large number of keynotes and interesting external speakers, RSAC is a security symposium with a twist. As a security symposium, the conference tracks continue to see an overall increase in scores as the speakers, topics and actual talks are improving year over year in my opinion. The most advanced sessions cover graduate and post-doc level details and insights, while many sessions are approachable to the majority of attendees who average over 10 years of cybersecurity experience. Other sessions appeal to a broader audience including topics on policy, law and managing a cybersecurity program.
Each session is designed to impart new insights and actionable next steps for attendees to take back to their organizations. Then there’s the twist. The Conference team has invited interesting speakers from a variety of fields – some with little connection to information security, but who offer an interesting or inspiring story. Over the years, I’ve heard:
- John Cleese discuss post 9/11 bomb sniffing dogs;
- Malcom Gladwell talk about one of his recent books;
- Colin Powell talk about diplomatic negotiations during his grandson’s birthday party (my personal favorite);
- How to be innovative, the history of cryptography, insights on the Bombe and Enigma, and the MIT Blackjack team;
- President Clinton, Prime Minister John Major, and other political leaders talk about the growing impacts of cybersecurity in national and international affairs;
- Steven Colbert talk about his new company CloudFog;
- And many more.
Second, RSAC is a technology and innovation event covering new products, services and approaches to securing information and organizations. From the Innovation Sandbox Contest (startup companies squaring off in competition) to the Conference show floor, RSAC is a great place to hear about new products, new processes and innovation in the field of cyber defense and analysis. The show floor at RSAC lets you literally talk with the developers and teams responsible for the vast majority of security products. I’ve found myself talking with the developer of a specific feature, or the product manager who determined which features were included in the latest version. Talking with the women and men who are developing and deploying their ideas to improve security issues, one can listen and be inspired by their enthusiasm. Many new products, partnerships and other concepts are introduced at RSAC and being at the Conference gives you a great opportunity to catch up on the security product space and get a preview of the latest and greatest.
Third, RSAC is a networking event. The density of expertise – from CISOs to CEOs to hardcore hackers to technology thought leaders – ensures that you can and will meet interesting people. Some people easily spend a long and exhausting week going from meeting to meeting with vendors, peers, researchers, job candidates and hiring managers as they network their way through the Conference. Some people find interesting conversations while waiting in line or over a drink at one of the many evening parties. I’ve run into congressional aides, talked with Adi Shamir while standing in line and met young people excited to be at their first show. Several years ago, I talked with one of the developers of a little tool called Back Orifice. There’s a CISO-only session with an agenda set by the CISOs for the CISOs that brings together people challenging conventional wisdom, sharing experiences and give and receive advice about threats, technology, process and the training and effort to build the right organization and team to drive success. In other words, it’s a microcosm of RSAC which is available for all of us.
With three very different events all happening at the same time, RSAC is different every year. You can further customize your time at RSAC with Learning Labs, Peer to Peer sessions, a Birds of a Feather session and many other activities. Most importantly, how you utilize your time at RSAC determines what you get out of it. You can truly make RSAC your conference and adjust it every year to meet your changing needs.