So on a less serious note, had a great time at RSAC. While it’s in style to crap on the conference (and there’s copious valid reasons), here’s why my first time won’t be my last:
- While I’m a religious BlackHat/Defcon attendee, RSAC was way better for business networking than any con I’ve been to. I’ve been to a few hacker cons and the Gartner InfoSec Summit. As a risk guy, I got to see more clients and old friends on the business side than I ever would at the others. I’ll never go back to the Gartner piece. Even more vendory with even less relevant content.
- This con pulls in a lot of international folks and it was great getting to get some interesting opinions from outside of the typical US voice. Got to meet the gentleman running the EU CERT team, bunch of Finnish malware guys, Brazilian malware firm, and many others.
- The parties are great and the attendees are all great people. Saw Nickerson, Krebs, a bunch of others that you would know and got to meet some new people that I’d always wanted to meet. All folks I’d see at BlackHat, but the people I met at RSAC
There are plenty of downsides. The vendor area is cringe-worthy. I saw all sorts of crap that others have bemoaned loudly and often – booth babes, shtick, product hawking like the dude with a shamwow, etc… I tried to stay away and it’s that simple to solve the problem. That said, my employer had a great booth and one of the honestly coolest swags – a digital & print caricature done by a good artist. Most booth swag is wastebin stuff but having a picture with my co-presenter isn’t a bad take-home item. Working at a security company, I’d say the smart folks on defense are putting their time into meeting with folks they wouldn’t typically – corporate office biz dev or strategy people (if you really want to meet with vendors).
I shouldn’t go without mentioning the RSAC scandal. I didn’t feel the trust-losing ethical dilemma as some of the other folks that I know that backed out. Cheers to Josh Thomas for making the call. Since my talks were tactical and had the central theme of “I want to solve this problem in the industry and here’s my idea”, I felt like I could do more good in promoting my solutions than in boycotting it. Given the response from the industry folks I wanted was so positive, I feel vindicated on my decision. That said, I hope more information comes out on the topic. Ira Winkler had a post about how it was all foolishness but this is a guy who’s on Attrition’s Charlatans page. Despite that, his talk was pretty well attended. Strange world.
I was very disappointed that at the Speaker’s Dinner it was addressed with the following comment:
“We lose more people to snow than we did speakers associated to this news story.”
Having been my first RSAC but having spent this last winter in San Francisco, I wasn’t sure when it snows in the city. Maybe the intent was to say that other bad weather patterns hurt attendance? If anyone has any insight to snow impacting RSAC, even remotely, please let me know!
I spent the time to go to Trustycon, the so-called ‘ProtestCon’ that was held discussing the topic of trustworthy computing. Very great videos out on youtube. Thanks to all the folks who put on Trustycon, great content, shared below!