Back in Atlanta after a week in San Francisco for RSA’s annual conference on security. This being my first year in attendance I have no comparison from prior years, but have heard that the crowds were a bit lighter than usual. I spent a great deal of time enjoying the sessions, speaking privately with the incredible roster of speakers in the “speakers lounge”, and engaging the vendors in the expo. Overall I would definitely say it was worth the time and expense. Anyone looking at shortlisting their conference list should include RSA next year. Of course, you make your own conference – I actively sought and engaged experts in areas, and methodically evaluated each solution offered by the vendors. As in any good project I attended with several objectives and action items that proved extremely valuable:
- First, I vetted the speakers and the sessions prior to arriving. This is key to determine the type of presenter and their prior experience (i.e. I prefer to avoid “sales” people giving presentations on areas where their product “happens” to address). I prefer to seek out either the founders (engineers) of companies who play in a space, in-field practitioners, or those who have such a broad range of experience they can speak on a specific topic.
- Second, I set three objectives for attending – any more and you are stretching yourself to thin and won’t enjoy the experience. Mine for RSA this year were to:
- Identify and map each vendor solution into a solutions matrix based on architecture and core controls for the top 50 regulation / standards.
- Seek out practitioners who have successfully established frameworks or governance structures in global corporations
- Identify trends from the strategic perspective.
My takeaways from the conference were a disproportionate focus of vendors on DLP, a lack of comfort in practitioners dealing with multiple regulations, and a steady and unexpected level of confusion in addressing PCI.
This year RSA is posting the recordings of the sessions online for post-conference viewing. Now other conferences in the past year have made these available for the public and hopefully they will follow suit. In any case, be sure to watch for detailed postings on research and notes from the speakers (if you could not attend or are unable to view the archived recordings), and personal / company recaps.
Bottom line – I enjoyed tremendously being an invited speaker on a topic that engaged a capacity room and required the organizers to drag us out of our room to continue it in the halls. My post takeaway is that I have not sufficiently communicated my research, and I hope over the coming months I can provide greater value to the industry at large.