Well. RSA USA 2008 was an interesting experience. It was certainly well organized. The online tool for making your session schedule simply rocked. I was even able to export it to iCal so I could just use my iPod touch as a pocket schedule.
I ran into Martin McKeay the on Monday and he pulled me into a round table with Symantec at the point they were covering Data Loss Protection. If was a fun time and thanks again to Martin. Symantec acquired the Vontu product. Certainly I agree that DLP is a fundamental shift change and method for controlling data loss that can only benefit us as professionals. The problem is that it is so expensive to implement that only the largest of companies can afford it for now. I did contribute one good question to the discussion. I pointed out that their “quarantine” function of replacing data that might not be where it should be was not doing a secure overwrite. Data could still leak in the file slack space. Michael Santarcangelo was fun to watch questioning the presenter and asking some hard but to the point questions.
The thing I was not overly impressed with was the normal sessions. There certainly were some gems. But a large number of sessions I attended the speakers just did not send me out with anything so new it excited me. More than one session the speaker took 30-40 of the 50 minutes just to reach the topic of the session. Too much time was spent on basics. Even some keynote speakers took time to define basic information security terms like: separation of duties. Come on, don’t speakers at this level know to research and speak to the level of the audience?
At least some speakers like Joshua Wright of Sans wireless training fame gave a well paced and informative talk on 802.11N security issues. I also attended a real good session on metrics. This is something I have already used to make some project dashboards for the big bosses at work. It also forced me to learn more excel than I had previously. Oh well a price for everything. *grin*
I think one of the talks I most loved was Malcom Gladwell. I read his book Blink over a year ago and loved it. He was a very engaging speaker and his take on decision making is really interesting.
Most likely I won’t be going next year. I think I can find other conferences with more consistent value to me. I wasn’t the only one wondering where the good sessions went either.