Threat and risk specialists signal post-COVID conference season is back on

Well, we'll see in a week or so

RSA Conference For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on.

The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years. Almost all cons were virtual with a very limited hybrid-conference season last year, including DEF CON, where masks were taken seriously. People still wanted to mingle and ShmooCon too went ahead, albeit later than usual in March.

The RSA conference has been going for over 30 years and many security folks love going. There are usually some good talks, it's a chance to meet old friends, and certain pubs host meetups where more constructive work gets done on hard security ideas than a month or so of Zoom calls.

So this year's RSA conference was a bit of a test case. Would the security community, rightly obsessed with risk management and threat evaluation turn up in force and get ready to mingle. The answer was yes, although with qualifications.

Visitor numbers were surprisingly perky. The organizers reported over 26,000 attendees, down on the 36,000 who attended in 2020 but not bad after two years of COVID. Full disclosure: this hack has been going to them for over 15 years, caught COVID at the 2020 event and skipped this year's shindig since my better half was struck by the virus last weekend.

However, the Reg's security expert did volunteer to attend. She says that while everyone was very keen on hand sanitizer freebies on the expo floor, masks were sparse sight indoors and outside the halls most people gave up as well.

RSA last year was fully virtual, but this year there was a new twist. No more live-streaming of talks, a 24-hour delay was added. That's not massively important for most attendees, but was a sign that the era of hybrid or virtual conferences may be on its way out.

For conference organizers that's a boon. The real money at these events is made in the expo halls and if companies aren't prepared to spend hundreds of thousands on a stand stuffed with swag and salespeople there's not a lot of point in having the event. Certainly not for the new owners of this con - RSA sold off the event to private equity in March.

Black Hat and DEF CON, the stalwarts of this year's August hacker summer camp, will be livestreaming talks, although in the latter case it's up to specific community villages to decide if they will do the same. A few people went to the City of Sin last year, and infection rates were reportedly low, but when you're coughing your guts up who really calls the con organizers to tell them as a priority job?

We'll see how many attendees show positive in the next week or so. A recent study by the University of Texas [PDF] showed that indoor events are still risky, but it appears that many are ready to get out there again. See you in Vegas. ®

Other stories you might like

  • What keeps Mandiant Intelligence EVP Sandra Joyce up at night? The coming storm
    The next wave of security maturity is measuring effectiveness, she told The Register

    RSA Conference When Sandra Joyce, EVP of Mandiant Intelligence, describes the current threat landscape, it sounds like the perfect storm. 

    The threat intelligence firm, which is being acquired by Google Cloud, made its annual cybersecurity predictions for the year ahead. And this year, they all materialized at once.

    "We predicted supply-chain attacks four years ago," Joyce said, in an interview with The Register at the RSA Conference. "We predicted deployment of wipers during wartime. And now we're watching all of these things happen at the same time, and in amounts that are greater than ever and at frequencies of scale that are more than ever."

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • What to do about inherent security flaws in critical infrastructure?
    Industrial systems' security got 99 problems and CVEs are one. Or more

    The latest threat security research into operational technology (OT) and industrial systems identified a bunch of issues — 56 to be exact — that criminals could use to launch cyberattacks against critical infrastructure. 

    But many of them are unfixable, due to insecure protocols and architectural designs. And this highlights a larger security problem with devices that control electric grids and keep clean water flowing through faucets, according to some industrial cybersecurity experts.

    "Industrial control systems have these inherent vulnerabilities," Ron Fabela, CTO of OT cybersecurity firm SynSaber told The Register. "That's just the way they were designed. They don't have patches in the traditional sense like, oh, Windows has a vulnerability, apply this KB."

    Continue reading

Biting the hand that feeds IT © 1998–2022