Monday, March 10, 2014

Recovered yet?

I think I have.  I am, of course, talking about the annual week of madness in San Francisco.

Security BSides San Francisco was another great event, lots of diverse and thought-provoking content, and plenty of good conversations- as we expect from BSides.  The planned lead organizer for BSides San Francisco had a change in career path, and a few of the BSides regulars had to step up and make the event happen- it is amazing working with the folks who make BSides happen, it looked easy from the outside.  And there are new folks ready to take the lead for BSidesSF 2015, so we’ll see you there next year.

Believe it or not, there was a lot more than BSides happening that week.  The RSA/NSA controversy didn’t appear to have any impact on the RSA conference, there were almost 30,000 people in attendance and a record number of vendors, with an expanded vendor expo area.  I was pleased to see a significant reduction in the number of scantily clad women working the booths, but I’m still struggling to understand the significance of a boxing ring in an infosec booth, other than as a bad metaphor.  And nothing, absolutely nothing, says “enterprise security” to me like some dude juggling while riding a unicycle in an expo booth.  At least he was fully dressed.  I had a lot of good conversations at RSA again this year, but the expo floor seemed unusually devoid of innovation.  I didn’t get to do a full crawl of the smaller booths on the edges of the big hall, but it really looked like a “yelling about nothing” year to me.  Terms like “threat intelligence” and “big data” were everywhere, but definitions for “threat intelligence” were often unintelligible.  Patrick Gray’s interview of Marcus Ranum summed it up pretty well (37 second mp3).

I did not make it to TrustyCon, the event spun up to provide an alternative for those who pulled talks from RSA, and a place to focus on trustworthy computing- but it sounded like it had some great content and I hope it grows into a focused event to provide insight and context to the challenges of privacy and security in our “post-Snowden” world.  They seem to be off to a good start.  (Yes, some folks seem to be playing the RSA/NSA story for media and PR, but many folks involved in TrustyCon are, I believe, truly sincere).

Once again the real value of the RSA conference for me was having thousands of people in one area, I had several informative meetings, and many good conversations in and around San Francisco that week.  Speaking of which, as soon as the Spare Time Fairy pays me an overdue visit, I want to write up some of what’s new with Denim Group’s ThreadFix project, cool things are happening there.