In 25 years of the RSA Conference, it has become one of the largest information security conferences in the world...
with a 220-page program guide, 40,000 attendees, hundreds of presentations, training sessions and vendor booths. That doesn't even account for the side events, receptions, business meetings and the hallway track. Even the media coverage is practically overwhelming. Attendees have many different reasons to go, ranging from getting free tchotchkes, interacting with their peers and listening to speakers from across many different industries including academia and government. If they are lucky, attendees can get a pulse of the information security industry and see how the next year or so might develop. It is a place to debate issues like strong encryption and women and minorities in information security.
For first time attendees, or any for that matter, it might be difficult to do all of this without planning. To get the most out of RSA Conference, you need to use the program guide, unofficial guides, the agenda, presentation descriptions and speaker lists to plan out your time at the show. There were a couple main themes fighting for attendees and media attention at RSA Conference 2016. Wade Baker put together a very interesting qualitative analysis of the session titles to determine how the content has changed over time. This year was no different with the hot topics being encryption, data breaches, threat intelligence and cloud security access brokers. These topics have evolved from incident response, intrusion detection, and third-party or vendor management and will continue to evolve.
Presentations on popular subjects and many other prevalent sessions were packed with lines out the door, so you couldn't delay determining what session to attend or what track room to camp out in. If there was a particular topic or question you wanted to bring up, you had an opportunity to do so during the discussion with speakers after the sessions. However, with the lines out the door and the crowded rooms, it was difficult to ask questions and engage with other audience members. The hallway track – which was also packed -- and discussions with speakers sometimes spark the most valuable conversations providing feedback on specific issues, so it was unfortunate that the limited convention center space impeded this. For all of the sessions you wanted to attend, but couldn't, RSA Conference 2016 posted presentation materials and videos to review after the conference. For future conferences, you may want to focus on attending presentations where you will get the most from hearing the speaker and any discussion or debate in person.
Exploring and debating the issues on an individual level was difficult at RSA Conference 2016, but the large audience was exposed to many of the important issues in the industry. Encryption was hotly debated by information security speakers and government representatives. As cryptography pioneers Whitfield Diffie and Martin Hellman won the ACM 2015 Turing Award earlier in March, the debate at RSA Conference 2016 reminded me of the crypto wars of the 1990s. Very few new arguments were made and it was almost as if not much has changed since the crypto wars. The new twist on the debate was provided by the Apple-FBI legal battle, which brought attention to a non-IT audience. However, the technical details of the debate haven't changed.
It is healthy to question core assumptions like 'strong encryption is good' and carefully evaluate how to implement strong encryption. But at some point, the debate overshadows other critically important nontechnical issues, such as recruiting women and minorities in the information security industry and addressing the skills shortage. Knowing the history of cryptography and information security helps drive current and future issues, but more focus on women and minorities in the information security profession is needed. Duo's 2016 Women in Security Awards helps bring more attention along with the "Should I Stay or Should I Go?: How to Attract/Retain Women in the Industry" panel. Diversity in information security is as complicated as encryption is as important to our future, and should get significant attention to address the challenges in our industry.
While RSA Conference 2016 was a crowded and at times challenging event, the show provided a comprehensive view of the state of the information security industry. But future attendees be warned -- the event will likely continue to grow and feature bigger crowds and longer lines, so preparation and planning is crucial.
Read about the CASB buzz at RSA Conference 2016
Learn about the varying panel opinions on the Apple-FBI battle at RSA Conference 2016
Watch Angela Knox talk about women in the InfoSec field