• United States



by Senior Editor

RSA Conference 2010: 4 Survival Tips

Feb 25, 20105 mins
Application SecurityComplianceCybercrime

For the newcomer, the RSA security conference can be overwhelming. Follow these four strategies to get the most from it.

The first time I attended the RSA Conference in 2005, I was overwhelmed.

The show floor is massive and once you go in it can be hard to find the right door out. Vendor salespeople swamp you. The Tuesday-morning keynotes can be an assault on the eyes, with speakers standing in front of massive uber-resolution screens.

That year, Microsoft’s Bill Gates announced the coming of Internet Explorer 7 and people were just starting to talk about spyware and a data security breach at Choicepoint.

The keynotes were all newsworthy — or so it seemed at the time.

Fast-forward to 2010. Some major players in the industry are scheduled to give talks, including Homeland Security Secretary Janet Napolitano, White House Cybersecurity Coordinator Howard Schmidt and FBI Director Robert Mueller. But with Gates no longer delivering a Tuesday-morning keynote, the news-breaking potential isn’t what it used to be. The exhibit floor is sure to be loud and crowded as always, with some vendors pulling various stunts to draw people in to their booths. Some examples are in this slideshow I made last year.

All that might sound like criticism, but it’s not meant as such. There’s still a ton of value to get out of this show. You just have to know where to look.

So let’s see if I can help you sort this out with a few tips:

1. The vendor keynotes are not what they used to be

No disrespect toward the vendor keynoters, but I’ve found their talks less noteworthy in recent years. Sure, it’s good to hear their take on the latest industry trends, but if you’re an IT practitioner with years of experience you already know what they’re going to tell you.

The mob has moved its criminal operations online? You knew that. A data breach awaits the company who fails to take security seriously? You knew that, too. You also already knew that a data breach can happen if you DO take security seriously.

The high-level government speakers are a bit more interesting. Last year, the main Wednesday talk was from Melissa Hathaway, then-acting senior director for cyberspace for the National Security and Homeland Security Councils. This year, Schmidt will speak closer to lunchtime Tuesday while Napolitano speaks Wednesday afternoon and Mueller speaks Thursday.

Cybersecurity isn’t a subject we’ve heard much about from Napolitano and Mueller, so they are worth checking out, in my view. The problem is that the size of the stage and auditorium and the rapid succession of keynotes doesn’t allow for the give and take between speaker and attendees that would make these more valuable. But sometimes you have to take what you can get.

2. Don’t let the exhibit floor get to you

The exhibit floor is loud. It’s packed. The people working the booths will hound you aggressively to stay a few minutes and see their slide deck or hear the pitch. That’s OK. They’re doing their job. But if you’re not careful you could easily get sucked into things that aren’t going to help you. And you’ll miss other booths that may have something more important to your particular security challenges. My advice: Look over the floor plan before you go in and pinpoint the vendor booths you actually need to get to. Walk right past everything else.

3. Seek out alternate events

One of the best things about RSA is that a ton of neighboring events take place in the neighborhood around the Moscone Center to coincide with the main attraction. One event that’s of particular interest to me this year is Security B-Sides. It’s billed as an anti-conference of sorts; a place where practitioners can go for an alternate, stripped-down view of the industry. The goal is to expand the spectrum of conversation “beyond the traditional confines of space and time,” giving people the chance to “both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos and interaction from participants.”

The last big event was held in Las Vegas to coincide with last summer’s Black Hat and Defcon conferences. Next week’s event will be held March 2-3 from 10 a.m. to 5 p.m. at the pariSoma Innovation loft at 1436 Howard St. (at 10th), near the Moscone Center, where RSA 2010 will be held. The event is free, though representatives from the Electronic Frontier Foundation will be accepting donations.

4. It’s more about the networkingLast year was great because I got to finally meet a bunch of people I had only met up to that point through Twitter. I also made many new contacts who have offered me a variety of helpful feedback ever since.

To me, the most important part of RSA is the networking.

If there’s an opportunity to have coffee with a fellow security practitioner at the same time a keynote is going on, go for the coffee. The keynotes may entertain, but it’s the relationships you forge over coffee or a meal that will likely lead to useful collaborations and lines of support in the years to come.

I hope this helps. Enjoy the show.