What RSA can learn from Sector and Louisville Infosec

I do enjoy the RSA conference. I even get a good bit from it. Still it could be better. I mean have you ever tried to sit through the “keynotes”? Half of them are either vendor commercials or worse.. given by someone who does not even bother to figure out defining “separation of duties” to the RSA audience is a good example of being utterly clueless. You really have to research the level of the audience before getting in front of a few thousand people.

Yesterday I went to the Louisville Infosec ISSA conference.  It rocked!  But I noticed something.  The keynote by John Strand was simply outstanding.  Then there was Sector.  I was not at Sector, but I saw comments from many of my Infosec friends who did go.  Plus I had the pleasure of meeting and talking with Chistofer Hoff at the 2009 RSA.  Hoff is also known as @Beaker on twitter and always has interesting things to say.

So RSA I suggest this.  How about some of our own like @Beaker and @strandjs as keynote speakers?  Make it a regular thing for the keynote track.   Pull from quality speakers like them and maybe others from our own practitioner community.  The folks who understand the real issues important to us yet have refined their presentation skills through social media.  You don’t have to totally ditch the vendors who sponsor the event. They do pay the bills.  Though you could restrict them to their best speakers then toss in a few of our own folks.

Another suggestion.  Spice up the sessions.  Maybe call it the black track.  But if some of the better tech sessions I saw at Louisville and heard about from Sector were allowed it would only increase the value from the RSA conference.  Again keep it to speakers with a known track record from other smaller conferences and with good technical material to present.

One last suggestion.  You (RSA) are close to Verisign.  How about supporting VIP two factor authentication to your site.  So we can use our mobile phones for tokens.  https://vipmobile.verisign.com/ Or maybe support oauth so we can tie in our other social media credentials.

RSA USA 2008 – Probably not in 2009

Well.  RSA USA 2008 was an interesting experience.  It was certainly well organized.  The online tool for making your session schedule simply rocked.  I was even able to export it to iCal so I could just use my iPod touch as a pocket schedule.  

I ran into Martin McKeay the on Monday and he pulled me into a round table with Symantec at the point they were covering Data Loss Protection.  If was a fun time and thanks again to Martin.  Symantec acquired the Vontu product.  Certainly I agree that DLP is a fundamental shift change and method for controlling data loss that can only benefit us as professionals.  The problem is that it is so expensive to implement that only the largest of companies can afford it for now.  I did contribute one good question to the discussion.  I pointed out that their “quarantine” function of replacing data that might not be where it should be was not doing a secure overwrite. Data could still leak in the file slack space.  Michael Santarcangelo was fun to watch questioning the presenter and asking some hard but to the point questions.

The thing I was not overly impressed with was the normal sessions.   There certainly were some gems.  But a large number of sessions I attended the speakers just did not send me out with anything so new it excited me.  More than one session the speaker took 30-40 of the 50 minutes just to reach the topic of the session. Too much time was spent on basics.  Even some keynote speakers took time to define basic information security terms like: separation of duties.  Come on, don’t speakers at this level know to research and speak to the level of the audience?  

At least some speakers like Joshua Wright of Sans wireless training fame gave a well paced and informative talk on 802.11N security issues.  I also attended a real good session on metrics.  This is something I have already used to make some project dashboards for the big bosses at work.  It also forced me to learn more excel than I had previously.  Oh well a price for everything.  *grin*

I think one of the talks I most loved was Malcom Gladwell.  I read his book Blink over a year ago and loved it.  He was a very engaging speaker and his take on decision making is really interesting.

Most likely I won’t be going next year.  I think I can find other conferences with more consistent value to me.  I wasn’t the only one wondering where the good sessions went either.

RSA USA 2008

I am so bummed. My buddy Chuck Herrin is not able to get to RSA after all this year. I haven’t seen him in person in years. I will say to his credit that he is not going to cover work so his staff can go. The more experienced guy who was going to cover work with the newest guy took ill. So rather than making someone else stay Chuck is staying at work himself. That is a good boss. Doesn’t ask someone to do something he is not willing to do himself.

Anyone going? I am hoping to meet and catch up with Chuck’s guys. But this is my first time there I would love to meet some folks while I am there.