Reviewer's Report: RSA 2010

This guest post on RSA 2010 is by Phoram Mehta, one of our reviewers and a senior consultant at Solutionary, Inc.

RSA 2010 was held March 1-5 in San Francisco, CA, as it has been every year for the last two decades. The conference has come a long way during this time--from the sheer number of attendees (a mere 50 in 1991 to almost 25,000 (unofficial estimate) in 2010) to the topics covered. It’s also expanded into Europe and Japan. In my opinion, the reason for its popularity is an organizing committee that balances the contents so well that anyone who has anything do with security could gain something from attending the conference. The Expo alone--with all of the free gadgets and amusing presentations (Symantec this year had their version of the “Who Wants to Be a Millionaire” game show), standard presentations, and specialty kiosks--was worth attending for folks like me who like to stay abreast of the latest technologies that are being transformed into products that can be used to improve the state of enterprise security. Cloud computing and virtualization security were clearly the trends, with vendors showcasing their offerings in support of the cloud.

Keynotes

RSA is known to draw the biggest names in the industry for its keynotes; this year was no different. Eighteen keynote speeches in four days covered every topic under the sun, from how the private sector fared through the biggest recession of our times to what big brother is doing to keep close tabs on citizens without raising too many privacy questions. The first-ever Whitehouse Cyber Security Coordinator, Howard  Schmidt (photo at right), discussed his initiatives and the CEOs of McAfee, PGP, VeriSign, and others spoke about trends and next steps. Once again, messages on security in the cloud were loud and clear. You can access a complete list and videos/podcasts of the keynotes here.

Track Sessions
The conference offered 18 tracks with over 250 sessions. The topics covered ranged from application development to physical security & infrastructure (and everything in between). Every single security concept was being discussed in one room or another. The quality of the sessions varied greatly. Even though the categories--non-technical, intermediate, and advanced--provide some indication of the content, there are always a few that disappoint you (and, on the flip side, some that wow you). My personal experience is to use the ratings of the speakers in combination with the topic to decide which sessions to attend. The introduction of data security and security as practice tracks in 2010 was quite welcome, however no other track in my opinion is as beloved as cryptography. 

Other Events
People usually think that Black Hat and DefCon have the most after-hour parties and events due to the fact that they are held in Las Vegas. But, having attended all three, I don’t think anything comes close to RSA. The official schedule has enough to keep those interested busy until the wee hours with P2P sessions, Innovation Sandbox, table for 6 networking dinners, and receptions from various organizations like the Executive Women’s Forum, ISC2, and Cloud Security Alliance, to name a few. In addition, the vendors represented inside the Expo hall and a few in nearby hotels have their own happy hours at restaurants and bars. Bruce Schneier reviewed local restaurants this year and provided his recommendations. There was also a video blog for attendees to record and broadcast what they thought of the conference.

All in all, this was a decent conference that had something for every individual who attended.