Initial Thoughts on the RSA 2015 Conference
One again I have submitted myself to a week of talks, exhibits, walking, meetings, drinking, meetings, and more with 40,000 close associates (with one more day of it tomorrow). It’s the annual RSA conference in San Francisco. I’ve been to about 8, including the last 5.
Prior to starting this entry, I reread my blog post from after the 2014 RSA Conference. Not a lot has changed, at least as far as talks and exhibits. Pretty much everything I wrote last year is still accurate, so you can read that first. There were a few differences, and I’ll describe the prominent ones below.
Once again, I got pulled into meetings and conversations, so I didn’t attend as many of the talks as I really wanted. I caught portions of several, and I was impressed with more this year than last — I sensed less marketing. Thus, kudos to the program committee (and speakers). I am sorry I didn’t get to hear more of the talks. I hope they were recorded for us to view later.
Foremost differences from last year occurred outside the Moscone Center and on the exhibit floor — there was no boycott against RSA about alleged NSA collaboration, and the conference organizers adopted a policy against “booth babes” — yay! I don’t think I need to write about things that weren’t there this year, but I will say a big “thank you” to the RSA Conference team for the latter — it was a very welcome change.
- Last year’s big buzz phrase was “threat intelligence” with “big data” coming in second. This year, it was “IoT” with maybe “cloud” as second. i didn’t see much mention of “big data” in the materials or on the booths. There was some use of the term in presentations, however.
- Out of 400 booths I really only saw 2 or 3 totally new concepts. All the other products and services on display were either holdovers from prior years, of variations on older ideas.
- Many of the booth personnel were more cynical than last year about the conference, the field, their products, etc. This marks an interesting change: in prior years I barely detected cynicism.
- There seemed to be a little more international representation than last year — companies originating in other countries (Germany, Japan, China, Sweden, Korea, Taiwan, and Israel are ones I can recall).
I still did not speak in a session (even as a fill-in), it still costs quite a bit to attend, I still didn’t see many academics I knew,
I saw only 3 products that were devoted to building secure systems — everything else was patching, monitoring, remediation, and training. That continues to be depressing.
Still the case there was limited emphasis on or solutions for privacy.
Andy Ellis provided me shielding for my badge so I could avoid being scanned onto mailing lists. I told people at most booths, but they tried anyhow. Some would try repeatedly, then tell me they couldn’t scan my badge. Duh! I just told you that! However, in every case, they still gave me a T-shirt or other swag.
Speaking of swag, this year, the top 3 raffle items were drones, Go-Pro cameras, and iWatches.
A few booths were very aggressive in trying to scan people. It almost felt like desperation. I had to duck and weave (not easy with a cracked rib) to avoid a few of those people and get past their booths. It felt like being in a video game.
This year, more vendors seemed willing to talk about donating their products to our (CERIAS) teaching and research labs. That is really promising, and helps our students a lot. (And, hint — it provides great visibility for the products, so you vendors can still do it!)
So, if I find the conference a little depressing, why do I still go? As I noted last year, besides hearing about trends and getting a stock of T-shirts, it is a great opportunity to see friends and acquaintances I don’t get to see that often otherwise because I have limited time and funds for travel. (And yes, Indiana is at the center of the known universe, but few flights stop here.) I have had some great conversations with these people — thought leaders and deep thinkers across the spectrum of infosec/cyber/etc.
Actually, it occurred to me over drinks that if I wanted to cause maximum disruption, I could have infected these highly-connected people with some awful disease, and within 72 hours they would have infected almost everyone in the field who have some level of clue. Luckily for the world, they only had to put up with my presence for a few minutes or so, each, and that isn’t contagious.
Here’s a partial list of the people I was happy to see (there were more, but this is who I can remember right now — my apologies for anyone I missed; plus, I may see more in the closing session tomorrow): Candy Alexander, Becky Bace, Robert Bigman, Bob Blakely, Josh Corman, Sam Curry, Jack Daniel, Michelle Dennedy, Matt Devost, Whit Diffie, Andy Ellis, Karen Evans, Dickie George, Greg Hogland, Brian Honan, Alex Hutton, Andrew Jacquith, Toney Jennings, John Johsnson, Gene Kim, Brian Krebs, Penny Leavy, Martin Libicki, Rich Marshall, Gary McGraw, Martin McKeay, Carey Nachenberg, Wendy Nather, Davi Ottenheimer, Andy Ozment, Kevin Poulsin, Paul Rosenzweig, Scott Rotondo, Marc Sachs, Howard Schmidt, Bruce Schneier, Corey Schou, Winn Schwartau, Chenxi Wang, Mark Weatherford, Bob West, Ira Winkler, and Amit Yoran.
Yes, I do know a rather eclectic set of people. Their karma must be bad, because they also know me.
Speaking of karma, I’m already planning to go to RSA 2016.