RSA Conference

RSA Conference 2011, San Francisco

Imported from http://consultingblogs.emc.com/ published May 28 2011
So this is the first time since coming back from the RSA Conference 2011, San Francisco, that I have had a chance to write up the experience – in Feb/2011 can you believe it!
This was my first RSA Conference, and I can tell those of you that have not attended such an event – GO FOR IT! There will be additional conferences this year in Europe (11-13/Oct) and China (date to be announced). I can definitely recommend this very thought provoking 5 day event with sessions ranging from extremely technical to high level governance themes and practical methods of implementation.
This year, I had the pleasure with other attendees to meet the founders of RSA, Ron Rivest, Adi Shamir and Len Adleman. These guys continue to have profound influence in shaping the security industry – and Adi in particular is a very funny guy!
We also met Whitfield Diffie and Martin Hellman of Diffie-Hellman key exchange fame. Incredible how these guys were already thinking about how to ensure security and privacy on networks that were inherently insecure.
What is really interesting about this conference is that it is NOT a sales and marketing pitch about RSA products. All the security industry vendors have their own booths in a separate hall away from all the seminars and conferences – all 324 exhibitors! Industry veterans and large complex customer CTOs, Architects, Security Analysts and Compliance Officers share their experience, thoughts, and shortcomings in today’s security and compliance fields.
The format of the event is such that CTOs discuss amongst themselves (with a moderator leading), open forum questions to the attendees, and a very structured format in making sure that each session has a “take away” – a key message(s) from the session. More technical sessions take a similar format, in ensuring key messages are conveyed. So all very good stuff.
Just to give you a feel for the number of sessions and how extensive – I will just take a single day’s itineray:
  • Tuesday
    8:00 AM KEY-100 Trust in the Cloud: Proof Not Promises
    9:50 AM KEY-102 Letting Go and Keeping Control: Beyond the PC and Data Center
    11:20 AM KEY-I 04 Defending a New Domain: The Pentagon’s Cyber Strategy
    12:30 PM BC-02 My Neighbor Runs a Crack House Aggregate Risk Model for the
    1:00 PM Briefing Center Cloud
    1:00 PM TECH-I06 Mature SIEM Implementations at Five÷ Years - ItWe Knew Then
    2:10 PM Orange Room 3(17 What We Know Now
    1:00 PM GRC-I06 One Small Click for Man, One Giant Leap for Continuous
    2:10 PM Orange Room 300 MonItoring
    2:30 PM CLD-107 A Prescription for Protecting Patient Data in a Private Cloud
    3:20 PM Orange Room 305
    3:40 PM TECH-I 08 The Death of Signature-Based Mf: How to Stop Today and
    4:50 PM Orange Room 307 Tomorrow’s Malware
    3:40 PM GRC-108 Risk Management Smackdown
    4:50 PM Orange Room 300
    5:30 PM BC-07 The Next Disruptive Step in Full Disk Encryption: Pre-Boot
    6:00 PM Briefing Center Networking
Tuesday Tracks – and you have to choose carefully for your specific session content from these tracks:
· Applications & Development
· Business of Security
· Cloud Security
· Data Security
· Cryptography
· Hackers & Threats
· Hot Topics
· Law
· Industry Experts
· Policy and Government
· Sponsor Case Studies
· Strategy & Architecture
· Technology Infrastructure
Spot the problem? Too many extremely useful sessions to attend – and only 1 of me! Advice – take a colleague if at all possible and share the workload! I mean this seriously. There is so much information that careful planning before the event choosing key sessions, and an alternative session should you need to jump into another room half way through a session. I did precisely that and managed to get in 2x the number of daily sessions!
The keynote sessions are an absolute must! The speakers are the industry leaders whether from civilian or military walks of life. We had such speakers as:
- Art Coviello, Jr., President RSA giving a great insight into the evolving world of security and what modern IT and privacy needs were demanding
- Scott Charney, Microsoft Corp., giving insight into collaboration for a safer Internet
- Enrique Salem, Symantec Corp., giving insight into threats beyond the PC and the Data Center
- William J. Lynn, III, US Deputy Secretary of Defense giving insight into how to handle global threats and the need for greater collaboration and vigilance without sacrificing the rights of the individual
- George Kurtz, McAfee, Inc. giving a great insight into the millions of daily attacks going on and being successfully thwarted as well as the new APT – Advanced Persistent Threats
As you can see the list is impressive and very long. There are slides (in PDF format) that are distributed shortly after the event from an online portal to attendees of the conference only.
However, actually listening to the presenters is vastly different in my opinion – as well as the great questions from the various security professionals in the audience. They share their experience and challenge the product manufacturers to step up to the plate and make things simpler and more effective.
In this conference the idea of different vendors simply did not come into play. Security is a global concern, and everyone without exception, was working on how to tackle this as an industry. That’s what I call leading by example.
https://365.rsaconference.com/community/connect/blog/tags/keynote shows most of the keynote speakers, and you can hear their podcasts there.
Lastly, three speakers on the final day who were incredibly entertaining and insightful.
The first was Dr. Michio Kaku (http://www.youtube.com/watch?v=219YybX66MY see him in action), a Japanese American theoretical physicist. He portrays in a vivid entertaining manner future uses of technology underpinned by current research. It is fascinating and highlights the security challenges ahead when effectively every aspect of our lives has associated digital information needing security and privacy.
The next was Hugh Thompson, chief security strategist, who was talking about reliable sources of information, and used Google as an example of “if you find it in Google, it must be the truth, right?”. I will not give anything away here, but Hugh is incredibly funny, and brings home the security points in a most memorable fashion.
The last speaker was President Bill Clinton, who provided a great insight on how common humanity can tackle vast daunting challenges. Again very interesting hearing his candid views on a range of subjects. Outspoken as always, and very informative of the “behind the scenes” thinking.
Well I could just continue writing, but I think it is best that you attend this event. Cloud security was of course the BIG theme this year, with sessions such as “Scanning the Ten Petabyte Cloud: Finding the Malware that Isn’t ThereBrian Sniffen (Akamai) absolutely packed. All the legal panels discussing jurisdiction and technicalities within the Cloud were also packed.
RSA Conference is for anyone actually – this is the place to hear the burning Cloud issues (beyond infrastructure build out). Don't be afraid to attend. You will defintely learn something. Networking is great here, and the RSA Conference organisers do a lot of work to ensure that event if useful for all and getting you oriented on this massive flow of information.

Disclaimer

The opinions expressed here are my personal opinions. Content published here is not read or approved in advance by EMC and does not necessarily reflect the views and opinions of EMC.