Has RSA Jumped the Shark?

RSA Conference 2009 is still going on, but for me, the trip is just about over. I sit in the airport, trying to put the last few days in perspective. [Related slideshow: Scenes from RSA Conference 2009]

Slideshow: Products shown at the RSA Conference

Three things immediately come to mind:

• 1. The crowds are thinner this year, no doubt because of the recession.
• 2. I pity anyone who came here expecting that to be different.
• 3. From a journalist's perspective, there was nothing new; no big breaking news to report, though I still found plenty of things to write and podcast about.

Some would call that a bad assessment. But it's not meant to be. Here's why:

I don't come to a show like this in search of breaking news. The goal instead is to find the building blocks of future articles that'll help security pros do their jobs better, and to churn out a few quick stories and podcasts that capture the current trend. [Related audio: We're All In This Together (Now Give Us Your Money)]

Sure, Arthur Coviello, president of EMC's RSA security division, said essentially the same thing he does every year, that all the various security tools out there must be worked into a more integrated infrastructure and that this requires cooperation among vendors who otherwise fight hard to take your money before the other guy gets it. [Related story: Automation, Integration Key to Fighting Cyber Crooks]

No, nothing new came out of the cryptographer's panel with security pioneers Whitfield Diffie, Martin Hellman, Ronald Rivest, Adi Shamir and Bruce Schneier. [Related audio: Cryptography's Founding Fathers Predict Security's Future]

And I wasn't surprised when Melissa Hathaway, acting senior director for cyberspace for the National Security and Homeland Security Councils, declared the nation's digital infrastructure in peril [Related article: Why the Top U.S. Cyber Official is Losing Sleep] or when Cisco CEO John Chambers declared cloud computing a security nightmare.

But the point of these gatherings shouldn't be about getting wowed by some dramatic piece of breaking news. If the talks are reinforcing what you already know, it's not a bad thing. The more you hear people making the same points on stage that you've been making in the board room about the need for certain security tools or policies, the more ammunition you have next time you face the top brass.

Meanwhile, the best opportunity at a conference like this is to network, forging new relationships and strengthening existing ones with fellow security professionals. To that end, it was a good trip for me. I ran out of business cards while collecting a fresh pile of cards from other people who will no doubt be a source of wisdom for future CSOonline content. I also had a blast meeting people I've been communicating with online for years.

The RSA conference is not one of my favorites. I tend to prefer lower-key events like ShmooCon in Washington D.C. and SOURCE Boston. RSA is full of theatrics, loud music and uber-resolution screens flashing vendor commercials that make me want to stab myself in the neck with a pen.