For years, I’ve been writing annual survival guides for new attendees at Black Hat, DEF CON and RSA. I’ll do the same this year, but for this post I want to build on a new survival guide I created for the more jaded conference-goer. The occasion was last summer’s Black Hat/DEF CON. Now, it’s for those who will be attending their zillionth RSA Conference at the end of February.

As always, this is a very unscientific approach. It’s simply what has worked for me and is based on personal experience. I hope it’s useful.


Having attended too many conferences to count, I consider myself a veteran. Or, to put it another way, I consider myself among the jaded.

“Jaded” is a negative word. It’s typically used to describe someone who is burned out and no longer impressed with what’s going on in their industry. The hard truth is that when you spend enough time in the information security world, it’s easy to become jaded — especially when attending an event like RSA Conference 2016, which is set to take place from Feb. 29-March 4 at Moscone Center in San Francisco.

After 10 or more trips to this conference, it becomes difficult to learn anything new. Attending talks is no longer the exciting activity it once was, so people spend more time at the bar wondering why they made the journey. People are already questioning the point of attending this year’s event because of RSA’s decision to put actors and writers from “CSI: Cyber” on the agenda. [My thoughts on that are in this post.]

But here’s the thing: If we’re honest about these things, we can move forward and find new ways to benefit from the events.

To that end, four thoughts:

1. You’re not in your 20s anymore. Some of us have fond memories of all-night drinking sessions spent with infosec peers as we wandered from one vendor party to the next. The memories are so fond it’s easy to want to relive the experience every year.

But we don’t bounce back the next day like we used to. Is the answer to abstain from adult beverages? Nah. Drink if you wish to. But I dare suggest that you pace yourself more carefully. The more you beat on the liver, the more likely you are to develop what many of us have come to know as “con flu” — that cruddy feeling that keeps you off balance for a full week after you’ve returned from San Francisco.

2. You don’t go to talks anymore. So What? I’ll admit it: I haven’t attended an RSA talk in a long time. It’s not that I think talks are worthless. They’re not, though I never valued RSA talks as much as I have at such events as BSides and ShmooCon. It’s just that when you deal with the same security challenges over and over again, the content of the talks starts to feel like an eternal showing of the Bill Murray movie “Groundhog Day.”

The conferences are about so much more than talks, though. The most important thing to me is the networking done in the hallways, coffee shops and hotel lounges. If speakers want you to attend their talks, it’s their responsibility to make it new and interesting. Make them tell you what you’re going to learn that you don’t already know. If you don’t see news value in the talk description, skip it without guilt. You’re only wasting your employer’s money if you stay in your room all week and weekend. Speaking of networking:

3. When you seek out old friends, you will still make new ones. Another lament I’ve heard over the years from fellow conference veterans is that we only spend time with old and trusted friends; and that doing so fosters the clique mentality. I still learn new things from old industry friends, so I’ll never apologize for gravitating back to them at each conference. But when I find old friends, they’re usually accompanied by people I haven’t met before. And so new relationships are born. When you can mix the old and new into your networking, a rich learning experience is likely.

4. It’s not what it used to be. Get over it. It’s easy for us veterans to pine for the good old days, when Black Hat was more of an underground event and DEF CON was held at Alexis Park Resort. RSA is different in that it’s been a vendor-driven event from the start. But it has still gone through changes. The exhibit floor is a lot more crowded. In fact, the last two had two full exhibit halls. The talks are a lot more spread out among the Moscone Center’s different buildings. And the noise factor has grown ever thicker.

But as I see it, security is a maturing industry, and so its conferences must evolve. The past was awesome, but change is the law of life.

Embrace the change as an opportunity to freshen up the experience. That’s the best thing for a jaded soul, really.

Leave a Reply

Your email address will not be published. Required fields are marked *