Your RSA, BSidesSF survival guide

Last year I wrote a column on how to get the most out of RSA and Security B-Sides without getting eaten alive by all the flash around you.

I updated it later in the year, and now I’m doing it again. It’s appropriate to do so, because all the action is next week.

It’s easy to get overwhelmed by all the flash, hype and noise that oozes through downtown San Francisco like lava this time of year. So here’s what I’ve learned after seven years of covering this. I hope it helps…

1. The vendor keynotes are not what they used to be

No disrespect toward the vendor keynoters, but I’ve found their talks less noteworthy in recent years. Sure, it’s good to hear their take on the latest industry trends, but if you’re an IT practitioner with years of experience you already know what they’re going to tell you.

The mob has moved its criminal operations online? You knew that. A data breach awaits the company who fails to take security seriously? You knew that, too. You also already knew that a data breach can happen if you DO take security seriously.

The high-level government speakers are a bit more interesting. In 2009, the main Wednesday talk was from Melissa Hathaway, then-acting senior director for cyberspace for the National Security and Homeland Security Councils.This year, we get a visit from Bill Clinton.

The problem with RSA keynotes is that the size of the stage and auditorium and the rapid succession of keynotes doesn’t allow for the give and take between speaker and attendees that would make these more valuable. But sometimes you have to take what you can get.

2. Don’t let the exhibit floor get to you

The exhibit floor is loud. It’s packed. The people working the booths will hound you aggressively to stay a few minutes and see their slide deck or hear the pitch. That’s OK. They’re doing their job. But if you’re not careful you could easily get sucked into things that aren’t going to help you. And you’ll miss other booths that may have something more important to your particular security challenges. My advice: Look over the floor plan before you go in and pinpoint the vendor booths you actually need to get to. Walk right past everything else.

3. Spend quality time at BSidesSF

One of the best things about RSA is that a ton of neighboring events take place in the neighborhood around the Moscone Center to coincide with the main attraction. One event that’s of particular interest to me is Security B-Sides. It’s billed as an anti-conference of sorts; a place where practitioners can go for an alternate, stripped-down view of the industry. The goal is to expand the spectrum of conversation “beyond the traditional confines of space and time,” giving people the chance to “both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos and interaction from participants.”

The event will be larger than it was last year because the vendor community has caught on. But that’s OK.

4. It’s more about the networking

To me, the most important part of RSA is the networking. The last two were great because I got to finally meet a bunch of people I had only met up to that point through Twitter. I also made many new contacts who have offered me a variety of helpful feedback ever since.

If there’s an opportunity to have coffee with a fellow security practitioner at the same time a keynote is going on, go for the coffee.

The keynotes may entertain, but it’s the relationships you forge over coffee or a meal that will likely lead to useful collaborations and lines of support in the years to come.

Safe travels, everyone!

–Bill Brenner