Ken Smith Recaps the RSA Conference

Overview
I spent one week in San Francisco to attend my third annual RSA security conference. This year, the conference was larger than ever. It was hosted in Moscone North, South, and West. Not only did the conference venue significantly expand, but the number of attendees grew as well. This year, I believe the total tally was 28,400 attendees.

Sessions
There were a few sessions that stood out as educational and informative. For example, Evan Wheelers' talk titled "Architectural Risk Analysis: NIST 800-53 on Steroids", was excellent.

Another talk that I hope was thought-provoking for attendees was Dave Shackelfords' presentation on"Virtualization and Cloud: Orchestration, Automation and Security Gaps". This is an area that I have been focusing on, and I think needs more attention.

The theme for many of the talks was “how we are doing it wrong”. We are focusing on the wrong things and we are not prioritizing in the right ways. Based on what I see in the field, I completely agree with this.
I will be breaking down some of my favorite presentations and providing more commentary in future posts, so look for those here.

Most of the session slide decks are available online

Keynotes
There were also a number of great keynotes. It all started with an appearance from William Shatner during the opening keynote. Yeah, he sang a song (if you want to call that singing, of course!). But it was entertaining and you can watch it here.

Bruce Schneiers talks are always good. What I got from Bruce’s talk this year was that we should all be using the encryption technologies available to us today to protect our communications. Oh, and that the NSA is doing surveillance wrong. I have not been able to locate Bruce’s talk online, but a good overview of what he planned to discuss can be heard in this podcast.

The final keynote was by Stephen Colbert. Stephen’s talk was great, really great! In his talk he poked fun at the NSA, the security industry, and us. One of his best lines was, “we can trust the NSA because without a doubt it is history's most powerful, pervasive, sophisticated surveillance agency ever to be totally pawned by a 29-year-old with a thumb drive."

I was surprised that he spent the last fifteen minutes to answer questions from the audience. To answer a number of these questions, he put serious contemplation into his answers, and I respect his responses.

Other Events
During RSA week, a number of other events also occur. One of them is Security Bsides, which takes place on Sunday and Monday and is close to the Moscone Center. I highly recommend attending this event as well. One of the talks I saw there was "Fix What Matters: Why Using CVSS for Remediation is Nuts" by Michael Roytman. The title really says it all and I believe that it is time for organizations to re-evaluate how they are prioritizing their application of patches. 

The other event is Metricon, which took place on Friday at the Moscone center. I was totally impressed with this group of people sharing their experience and insight on using metrics to make better decisions. Bob Rudis, one of the organizers of Metricon, wrote a recap, which is available here.