RSA Conference 2008

Once again I had the opportunity to attend the RSA Security Conference in San Francisco California. I had a wonderful time at the event and already am looking forward to the 2009 conference.

Sessions… I attended a handful of sessions throughout the week. The first thing that I learned is that RSA did not do a very good job of managing the sessions. I pre-registered for all of my session tracks. When I arrived for my first track I was informed that the session was full and no one else was allowed into the room. After I advised them that I was registered and had my confirmation, I learned that it did not matter and that the other fifty locked out people were registered too. It turns out that the registration process is nothing more than a calendar for you to track what you want to do and they will let anyone into any session. So from that point on I showed up early to any session I wanted, registered or not (make that note for next year!)

The information in the sessions I attended varied from pretty remedial to good. One that I really looked forward to was on social engineering. I had high hopes going into this course and was disappointed. While the information was very good, it was also very basic and was the type of training I would expect to give to a manager or a user, not a security professional. This goes the same for a couple other courses but for the most part the sessions were good and I will likely get a full pass again next year.

Key Notes… I didn’t go to a single one. It is my understanding that key notes speakers pay RSA $300K to be a speaker. So any whack-job can get a key note if they fork over the money, even Al Gore.

Expo… I was able to spend a surprising amount of time on the expo, especially after I got locked out of some sessions. This year there seemed to be about 10% more exhibitors then last year, and unlike last year, every third booth was not touting a NAC solution. While there are still a good number of NAC solutions on display, the little guys seem to have not been around and the bigger names have taken the space. Some of the vendors that I really was impressed with: Voltage Security, Hightower, RoboForm, Sophos, and Beyond Trust to list a few.

I feel this conference is a must attend for any security professional. This is by no means a user level event or even a technician level (or most managers, which a lot of the time fall somewhere between a user and a __________ fill in the blank). If you are a security professional or systems administrator this would be a valuable event for you to attend.

RSA 2009 is scheduled for April 20-24, 2009 (RSA Website)

RollnPC