So this year I attened my first ever RSA conference in San Francisco. As someone who's been in the security industry for over 23 years, it is actually pretty amazing that I've never attended before. The reasons I didn't go have ranged from conflicts with other events to a lack of funding to government out of state travel bans.
For years I've heard colleagues proclaim: "You must go to the RSA conference. It is the biggest security conference of them all. It is unlike anything else you'll attend. You must see to believe ....
They were right, but for different reasons than I originally expected. Here's my perspective from this year's event.
First, I attended this year as a speaker, which likely skewed my perspective a bit. My case study session was entitled: State of Michigan Secures and Saves. I wasn't too excited with the time slot that I was given - Tuesday at 5:40 PM. As I expected, I was not only competing for attendees with other technical breakout sessions but with numerous other "events" that served free alcohol. Still, I was fairly please with the 35-40 brave souls that came to hear my story.
As a speaker, I did meet many interesting people in the speaker lounge, which was also well-stocked with food and drink. The week before I left, I was asked to speak on two additional panels, one on Monday and the Cyber Storm II Panel on Weds. Both of these sessions included friends and colleagues from all over the world, so that part was outstanding. The discussions and exchange of ideas before and after these sessions provided great networking opportunities.
What surprised me the most was the number of people I knew from all over the country who attended. It was like homecoming week. Of course, everyone wanted to get together, so my schedule was quickly full of breakfasts and lunches with vendors and old friends. This also became a bit too much.
So the event is beyond huge - with tons to do. There are actually many conferences going on along side the main RSA conference. These are being held at hotels all around San Fran. I had to turn down invitations to probably a dozen events that week.
All in all, I agree that everyone needs to attend RSA at least once - no matter what capacity you're in. There were many sessions I wish I could have attended, but just didn't have the time.
The highlight for me, and the thing I will remember most, was the SC Magazine Awards banquet on Tuesday Night. I was very honored to win the "CSO of the Year" award. There were many outstanding professionals who were finalists, and it was an incredible evening and a humbling "once in a lifetime" experience. This award was a tribute to our great Michigan IT team, and I am very blessed to lead our security efforts here.
Finally, here's a few, hopefully pragmatic, pieces of advice if you attend next year's RSA show ....
Don't Miss: 1) The opening night (Monday) reception on the show floor. Tons of food, good information, and lots of energy everywhere. It was fun and technically interesting at the same time.
2) As many keynotes sessions as you can possibly attend. Most were excellent.
3) A few key "open house" events held by large vendors. Most people who have key secuity partners get invited. The networking opportunities provided here can't be matched.
Try to avoid: 1) Doing too much. You will burn out and get overwhelmed.
2) Giving your business cards to everyone you meet. You'll be inundated with calls for the next two weeks.
3) The hype around whatever is hot on the show floor. I got my best information with professionals in a quiet setting over lunch or in out of the way places where I could ask the tough questions.
