Well it is the end of February, and like instinct drawing birds to migrate, information security people are drawn to San Francisco for the RSA Conference. In some ways, RSA represents the security state of the union. This will be my 11th or so RSA Conference. It seems like every year the show seems bigger, the exhibits more grand, the sessions more interesting, and the parties more extravagant. This year's RSA is going to be the biggest and perhaps the best yet.
First of all, the RSA Conference folks have now taken over the North, South and West concourses of the Moscone Center. This has resulted in a lot more exhibit space for vendors. This should alleviate the problem over the last few years where there were just more security vendors than there was exhibit space. With larger exhibit halls, there will be more vendors hawking their wares. I am always amazed at the size and expense of the exhibit booths at RSA. I have a feeling that this year will be the biggest yet.
But RSA is not just an exhibit hall. There is literally a session for everyone. The keynotes from leading thinkers and vendors in security all the way to Stephen Colbert, are usually standing room-only events. This year they will webcast the keynotes into other parts of the Moscone Center so everyone can listen and watch.
Beyond keynotes there is a full (and I do mean full) schedule of multi-track sessions dealing with just about every aspect of information security, risk management, and the business of security. There are also peer-to-peer sessions, which are small intimate gatherings that are more interactive than presentation.
Just about every security organization you can think of has a meeting, press gathering or reception. Trusted Computing Group, ISC2, ISSA are all represented. Some of the organization's meetings have risen to the level of being conferences on their own. The Cloud Security Alliance, for instance, has a full conference on the Monday of RSA week.
In fact, there is an entire ecosystem of satellite conferences around RSA. Bsides San Francisco is perhaps the largest or at worst second largest of the popular Bsides that pop up around the world. Amercia's Growth Capital holds its annual investment conference in the security industry the Monday of RSA week every year over at the Westin Hotel. Usually up to 100 security industry CEOs present to an audience of VCs, bankers, and other security industry executives at the AGC conference. Additionally, the panels at AGC are chock full of industry luminaries discussing the leading challenges in information security.
This year there is the anti-RSA conference, Trustycon, which came in response to RSA allegedly giving the NSA a backdoor into their products. While the organizers of Trustycon vow that this is more than just a one-year knee-jerk reaction, time will tell if it becomes just a footnote in history around the whole NSA affair.
I would be remiss not to mention the parties and receptions. Every year, the parties seem more extravagant, bigger, brighter and unfortunately more crowded. Barracuda Network's parties are legendary. Rapid 7's party at Ruby Skye is also a good one. My favorite, of course, is the Security Bloggers Meetup and awards of which I am one of the hosts/organizers. It is open only to people who write or podcast about security and draws about 300 of the leading bloggers/writers in security. This is the seventh or eighth year of the Bloggers Meetup, and it is going to be our biggest ever.
I think that is going to be a theme this year at RSA. The security industry is bigger than ever. There are new companies, large companies, small companies all vying for attention, trying to make us more secure. Making your mark at RSA is part of all of their blueprint.
The PR agencies have been on a mission trying to line up press briefings for their clients. Most writers I know are just simply overbooked and can't make another briefing this week.
One new thing I notice is that many vendors are sponsoring breakfasts, lunches and dinners this year. Figuring taking select invitees to a good meal while discussing issues near and dear is a good way to reach them.
I, of course, am crazy this week. I am hosting a panel at the AGC conference on Security Automation at 8:15 Monday. I am also chairing another panel on Security Metrics on Wednesday morning. Between that and about 20 interviews and the other activities filling up my calendar, I will be running from early morning to late at night every day there. But, hey, that is RSA.
So will I see you in San Francisco? If you are one of the 25,000 or so people attending RSA, I just might.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.