Skip to content ↓ | Skip to navigation ↓

Welcome to my slightly delayed RSA wrap-up post. Getting caught-up after any big conference is a pain and it’s even worse when you’ve managed to come home with conference plague. Apologies for the delay but I still had thoughts I wanted to share with the world… or the seven people that will have read this far.

This wasn’t my first RSA… I’ve attended in the past, but it was my first RSA since 2012 and the first thing I noticed was the increase in the size of the tradeshow. The second was the quality of the talks. I don’t normally attend many talks at RSA, finding that there are better ways to spend my time (I’m a big fan of conference networking). This year, I found myself reading the news the next day and regretting missing some of the talks. I feel that there was a lack of advertising / announcement around the improvements of the technical talks at RSA. Maybe that’s my fault for missing a few years but I didn’t feel that the program guide did the conference justice in this regard.

Security_Bloggers_MeetupThat said, I really enjoyed RSA this year. I had a great time catching up with people at the Security Bloggers Meet-up, both catching up with old friends and putting faces to names for the first time. The meet-up has been my highlight of RSA in the past and this year didn’t disappoint. I had a great time. The same can be said for the other social highlight of my trip, the Recovery Breakfast. I wasn’t sure if I’d make it to this year’s event but I managed to finish my P2P Session and show up.

Speaking of the P2P session, this year was a lot of fun for me on the speaking front. On Tuesday, I spoke in the vendor track with two of my colleagues, Alex Cox and Ken Westin. We demonstrated how you can “kill the killchain” with the proper security tools. I had fun in the weeks prior to RSA setting up environments and building custom exploit scripts for the vulnerabilities we used. On the Wednesday, I was speaking at the Tripwire booth and didn’t feel 100% comfortable with my topic. I tried to add some humour to the talk and, if nothing else, the audience can tell people they went to a computer security conference and learned that Volkswagen studied the Antarctic Toothfish because it has naturally occurring Antifreeze proteins and the Electric Eel is a mouth-breather.

The biggest event for me though happened on Thursday morning, immediately before I attended the Recovery Breakfast. I hosted my first P2P session and I’d never hosted nor attended one of these before. I walked away really happy with the topic and surprised that it went in a direction 180 degrees opposite of where I’d been expecting to go. While I had expected to steer the conversation toward metrics (I really do love numbers), we instead talked about how scoring systems fail to consider the complexity and time involved in resolving a vulnerability and how to determine the acceptable time to patch critical vulnerabilities.

I loved that there were a number of attendees that were very active in the discussion and felt that it was a rather interesting topic. It really took RSA to the next level for me. I wrapped up my week in San Francisco with a few days of tourist-type activities and made the long flight back home. I must say that I’m looking forward to my next RSA and the P2P CFP. There’s really nothing better than a good discussion with colleagues in a beautiful city.