Your RSA, BSidesSF survival guide for 2012

Last year I wrote a column on how to get the most out of RSA and Security B-Sides without getting eaten alive by all the flash around you.I updated it later in the year, and now I’m doing it again. It’s appropriate to do so, because all the action is two weeks from now. It’s easy to get overwhelmed by all the flash, hype and noise that oozes through downtown San Francisco like lava this time of year. So here’s what I’ve learned after eight years of covering this.1. The vendor keynotes are not what they used to beNo disrespect toward the vendor keynoters, but I’ve found their talks less noteworthy in recent years. Sure, it’s good to hear their take on the latest industry trends, but if you’re an IT practitioner with years of experience you already know what they’re going to tell you.The mob has moved its criminal operations online? You knew that. A data breach awaits the company who fails to take security seriously? You knew that, too. You also already knew that a data breach can happen if you DO take security seriously. And yes, you are well aware that cloud and mobile security are the big challenges of the day, and that hacktivism from the likes of Anonymous is here to stay.The high-level government speakers are a bit more interesting. In 2009, the main Wednesday talk was from Melissa Hathaway, then-acting senior director for cyberspace for the National Security and Homeland Security Councils. Last year we got a visit from Bill Clinton. RSA foolishly banned press from that talk, but attendees tweeted out all the details and took photos on their cell phones anyway.

This year, we get visits from FBI Director Robert Mueller and former British Prime Minister Tony Blair. 

The problem with RSA keynotes is that the size of the stage and auditorium and the rapid succession of keynotes doesn’t allow for the give and take between speaker and attendees that would make these more valuable. But sometimes you have to take what you can get.

2. Don’t let the exhibit floor get to youThe exhibit floor is loud. It’s packed. The people working the booths will hound you aggressively to stay a few minutes and see their slide deck or hear the pitch. That’s OK. They’re doing their job. But if you’re not careful you could easily get sucked into things that aren’t going to help you. And you’ll miss other booths that may have something more important to your particular security challenges. My advice: Look over the floor plan before you go in and pinpoint the vendor booths you actually need to get to. Walk right past everything else.3. Spend quality time at BSidesSFOne of the best things about RSA is that a ton of neighboring events take place in the neighborhood around the Moscone Center to coincide with the main attraction. One event that’s of particular interest to me is Security B-Sides. It’s billed as an anti-conference of sorts; a place where practitioners can go for an alternate, stripped-down view of the industry. The goal is to expand the spectrum of conversation “beyond the traditional confines of space and time,” giving people the chance to “both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos and interaction from participants.”4. It’s more about the networkingTo me, the most important part of RSA is the networking. The last two were great because I got to finally meet a bunch of people I had only met up to that point through Twitter. I also made many new contacts who have offered me a variety of helpful feedback ever since.If there’s an opportunity to have coffee with a fellow security practitioner at the same time a keynote is going on, go for the coffee.The keynotes may entertain, but it’s the relationships you forge over coffee or a meal that will likely lead to useful collaborations and lines of support in the years to come.Safe travels, everyone!