• United States




Making the most of your time at the RSA 2018 conference

Mar 08, 20185 mins
IT LeadershipSecurity

Going to RSA 2018? Failing to plan is planning to fail.

Last year, I wrote about how to plan your trip to the RSA 2017 conference. While it’s normally in February or March, this year’s conference is April 16-20, a little more than 5 weeks away.

Attending the conference requires a significant time and monetary investment. With a little more time to prepare, here are some tips for 2018 to consider ensuring your time and money are well spent.

Book your hotel ASAP

San Francisco is a small city and for large conferences, there’s often a dearth of hotel rooms. If you didn’t book yet, do that now at the conference hotel page. The number of available hotels rooms in San Francisco has not increased, but the number of RSA attendees has. To which I have noticed that hotel prices are significantly more expensive this year. Many rooms in the immediate area are 2-3 times above their normal price, given the amount of RSA attendees.

Alternatively, sites like may have other and possibly cheaper options. But be aware though that some listings are so low as they have shared bathrooms and lack other basic amenities that many business travelers may expect.

Create a schedule

Most people go to the conference to learn as much as they can. Others go for the famous RSA parties. For those that want the learning experience, here’s a complete listing of all sessions where you can create a personalized schedule. There’s a huge amount of sessions to choose from, so take the time to peruse and create your customized schedule.

When I say huge, I mean it. Having just created my own schedule, there were at least 2-3 interesting sessions at every slot I wanted to attend.

There is a colossal amount of sessions, which are broken up according the following tracks:

  1. Analytics, Intelligence & Response
  2. Application Security
  3. Association Special Topics
  4. C-Suite View
  5. Cloud Security & Virtualization
  6. Cryptography
  7. DevOps
  8. Governance, Risk & Compliance
  9. Hackers & Threats
  10. Human Element
  11. Identity
  12. Industry Experts
  13. Law
  14. Machine Learning
  15. Mobile & IoT Security
  16. Policy & Government
  17. Privacy
  18. Professional Development
  19. Protecting Data & Applied Crypto
  20. Security Mashup
  21. Security Strategy
  22. Sponsor Special Topics
  23. Technology Infrastructure & Operations

In the past, some attendees got enraged arriving (most often late) and finding the session they wanted to attend was full. Somehow, a few hundred other people managed to get there on time. You can reserve a seat prior to the conference, which helps ensure that you will be able to attend your preferred sessions.

Know which vendors you want to meet

2017 saw over 700 vendors in attendance. As of this writing, the vendor list has close to 600 vendors listed.

The expo halls are massive, overwhelming and loud. Spend some time looking at the exhibitor list and getting a feel for the vendors you want to meet with.

Once there, think twice about spending half an hour sitting through a vendor pitch to enter a drawing for a drone or similar prize. For me, my time is better spent speaking with the technical staff at the booths. You can get valuable insights how their products work and potentially solve your security issues. This is especially true if you are already a customer. Don’t squander your limited time just to bring home a USB power pack or t-shirt.

For those that have an interest in Israeli security vendors, over 50 companies will be at the Israel pavilion at booths 635 & 735.

Wear comfortable shoes

You’ll be doing lots of walking at RSA. With events in the south, north and west Moscone Center buildings and now at the Marriott Marquis, combined with the long expo floor aisles; you don’t need a podiatrist to tell you comfortable shoes are a must.

Chat with a legend

There are many illustrious industry personalities at the conference. The good news is that they are approachable and often happy to share quick advice. Be it Adi Shamir, Bruce Schenier, Whit Diffie, Steven Bellovin, Ronald Rivest, Paul Kocher and many more. RSA may be a huge show, but you can also pick the brain of and meet some of the best minds in the business.

Then there is the Security Scholar program, which connects the brightest up-and-coming cybersecurity students to leading experts, peers and conference attendees.

If you would rather chat with a legend over extremely loud music in a crowded club, the many RSA parties afford such opportunities. Dave Lewis was kind enough to create a RSA parties 2018 list.

Don’t use the 2018 conference bag

RSA gives out great bags, often high quality backpacks. Since thousands of people will be using the identical 2018 conference bags, often without nametags, many of them get switched, and lost forever from their rightful owners. If you don’t want to be a victim of a RSA conference bag switch, bring a different backpack.

As for me, I’ll be at the conference and giving a talk on Ransomware: How Not to Be a Victim, and What to Do When You Become One and leading a Peer2Peer session on 35 Days to GDPR‎. Even if you prepared, is your firm truly ready?. I hope to see you there, in your comfortable shoes with an old backpack.


Ben Rothke, CISSP, CISM, CISA is a senior information security specialist at Tapad and has over 16 years of industry experience in information systems security and privacy.

His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design and implementation of systems security, encryption, cryptography and security policy development.

Ben is the author of Computer Security - 20 Things Every Employee Should Know (McGraw-Hill). He writes security and privacy book reviews for Slashdot and Security Management and is a former columnist for Information Security, Unix Review and Solutions Integrator magazines.

He is a frequent speaker at industry conferences, such as RSA and MISTI, holds numerous industry certifications and is a member of ASIS, Society of Payment Security Professionals and InfraGard.

He holds the following certifications: CISM, CISA, CGEIT, CRISC, CISM, CISSP, SMSP, PCI QSA.

The opinions expressed in this blog are those of Ben Rothke and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.