RSA 2019: RS-YAY or RS-MEH?

It’s that time of year to read countless reviews of the RSA conference. To read the view of someone who has attended many years in a row and is greatly respected for his contributions to the cybersecurity industry, you can read spaf’s post. If you want to know what an RSA first-timer thought of it, you can keep reading (or browse my twitter feed).

Let me start by saying the opening keynote on Tuesday was a spectacle of trolling proportions. A surprise opening speech by the great, no connection to cybersecurity to speak of, Helen Mirren, was followed by a cybersecurity-themed choir song (I wish I was joking). And when one later keynote panelist suggested that developers putting in backdoors should be put into prison (15:30 minutes in on this panel), it was somewhat cringeworthy for, um, well, reasons, but still resulted in a round of applause.

But things got better as I attended other sessions and had the opportunity to hear from legendary cybersecurity contributors and experts. It was an absolute treat to hear Bruce Schneier, cybersecurity royalty and Harvard Kennedy School Lecturer, talk about the role of security technologists in public policy. His keynote was thought-provoking and engaging.

I had the opportunity to attend a two hour incident response (IR) tabletop workshop and I quickly volunteered to facilitate the experience for our table of eight, under the guidance and leadership of the session organizers. Our team of “experts” did some great things along our virtual incident, but in the end we did not apologize enough upfront and paid the hard price of our ‘choose your own adventure’ cyber incident and our CEO was force to resign after a hard hitting television interview (well, he was kind of happy to do so, actually). It was challenging as a facilitator not to jump in with my own advice and opinions, but perhaps the most important lesson I learned was the difference between facilitating and participating in an IR tabletop exercise.

There were many others I got to rub shoulders with, meet and learn from throughout the week. RSA was attended by many industry thought leaders, including the likes of Ed Skoudis, Larry Poneman, Johannes Ulrich, Ron Rivest, John Strand, Alan Paller, Stephen Sims, James Lyne and Paul Asadoorian. I have to plug Strand’s awesome, free threat hunting tool here, named after his awesome, late mother who ensured it will be free forever, RITA. Did I mention that it was awesome and free?

The smaller sessions were truly the gems in my opinion, aside from the always noteworthy 5 Most Dangerous New Attack Techniques Keynote. My advice is to spend a couple hours before you attend and create a schedule, pre-register for the sessions you don’t want to miss, but stay flexible throughout the week. One of my favorite sessions was a “fireside” chat between a CISO and published author focused on communicating with the board, which I had no intention of attending. I followed along a fellow CISO colleague (Hi Okey!) and I’m glad I did because some of the unfiltered conversation that ensued during that session resulted in nuggets of wisdom possessed only by extremely experienced professionals (and those who were eavesdropping in on the conversation)! This resulted in my most controversial tweet of the week…

There was also plenty of sessions that discussed the importance of a diverse and growing workforce within cybersecurity. I had the chance to reflect on how I can personally make an impact in this area, and was able to hear from and meet many others trying to do the same thing on a much larger scale, like 16 year old Kyla Guru.

In summary, San Francisco was a good experience. RSA was a good experience, but I’m sure the excitement of rubbing shoulders with the who’s who of cybersecurity will be gone the second time I go. And the vendors? Noticed I haven’t mentioned them? They weren’t there. SIKE. They were everywhere and working HARD to be noticed. Surprisingly, though, you can spend as much or as little time as you wanted with them because they had over 40,000 targets and droves of folks that were lining up to talk to them. So, I spent some time talking to the vendors I cared about at this moment in time, spent an hour or two learning about new vendors, and now I’m all set to ignore their phone calls for at least another 6 months.

RS-YAY or RS-MEH? I would say…RS-OKAY. I will be back. But not next year. Once every 2-3 years would be perfect in my book.

Thanks for reading and don’t forget to subscribe.

10 thoughts on “RSA 2019: RS-YAY or RS-MEH?

  1. The industry needs more women like those mentioned. What do you think it will take to get younger women interested in pursuing an education like this?

    • Hi Lindsay. There is no silver bullet. It will take a concerted effort and continued exposure to cybersecurity concepts from elementary school through their professional employment. We need to make them feel welcome and supported, and highlight the reasons why a career in cybersecurity could be appealing for them. There are many barriers along the way, and removing just one won’t do the trick. For example, introducing young girls to cybersecurity or coding at 7 and 8 years old is good, but if they find themselves to be a single female looking to compete in a technical competition in high school, they may not pursue it and look for a field with less obstacles. Those of us in the field need to roll our sleeves up and take the initiative to invite these underrepresented groups and make sure they are getting the recognition and support they need along the way.

  2. Hi Matt.

    Thanks for the review. RSAC sounds like it’s still an okay mix of networking and learning…, so let’s be grateful for that.

    Keep the fire for knowledge burning, and stay safe and secure.

  3. orologi lusso rolex SA è una società svizzera (con sede a Ginevra) importante nella produzione di orologi di pregio e una delle più grandi aziende nel settore dell’orologeria.

  4. probabilmente, più della metà di tutti gli orologi panerai replica certificati COSC (Contr?le Officiel Suisse des Chronomètres) prodotti nel 2005 appartenevano al gruppo e nel 2022 sarà molto di più.

  5. The history of Rolex is inextricably linked to the pioneering spirit of its founder, Hans Wilsdorf. In 1905, at the age of 24, Wilsdorf created a company in London specializing in the marketing of Replica Watches. He thus began to imagine a timepiece that could be worn on the wrist. While not guaranteeing wristwatches a very accurate precision, Hans Wilsdorf managed to make them not only elegant, but also reliable.watches replicas

  6. Che si tratti di un’occasione di lavoro o di un evento sociale, possono mostrare gusto eccellente e fascino personale.Gli orologi replica rolex lusso sono un piacere di lusso.Chi li indossa non solo può senti la sua squisita fattura e l’elevato comfort, ma mostra anche il loro gusto unico e il loro atteggiamento di successo.

Leave a Reply

Your email address will not be published. Required fields are marked *