RSAC branded a 'super spreader event' as attendees share COVID-19 test results
That, and Black Hat, are about to reveal risk assessment skills of our cyber-risk experts
RSA Conference Quick show of hands: who came home from this year's RSA Conference without COVID-19?
The cybersecurity event's organizers say they're not keeping count of attendees who say they've been hit with the coronavirus. Meanwhile, a growing number of folks have taken to Twitter to post photos and reports of positive test results after attending the conference.
This was one of the most shocking things (to me) about #RSAC -- it felt like nothing had happened since 2020 despite more than a million dead from COVID. Maybe 10-20% of attendees were masking. https://t.co/egBEQlW4oA— Erick Galinkin (@ErickGalinkin) June 15, 2022
As someone who attended the show, wore a KN95 inside San Francisco's Moscone Center where it took place, and returned home healthy, your humble vulture can attest to the vast numbers of mask-less faces of cyber-risk managers, who may have misjudged the risk of attending a 26,000-person event while case numbers start to climb again in California.
RSA Conference organizers required all attendees to show proof of vaccination or a negative test for their first entry into Moscone Center. Additionally, signs posted "encouraged" people to wear masks. Still, people wearing face masks inside Moscone were in the minority. And masks at cocktail parties and bars around the event were almost non-existent.
According to one very informal Twitter poll with 820 votes at the time of writing, 20.6 percent of attendees said they caught the coronavirus at RSAC, while 39.5 percent said they escaped COVID-free. However, 39.9 percent said they were unsure, for whatever that means.
For what it's worth, the organizers of May's KubeCon Europe, which required proof of vaccination and masks, said they were aware of 121 reported infections, or about two percent of the in-person audience. We wish we could report an accurate reported count for RSA Conference: it is unlikely to be as high as one in five, though we may never know.
- Threat and risk specialists signal post-COVID conference season is back on
- Inside the RSAC expo: Buzzword bingo and the bear in the room
- What keeps Mandiant Intelligence EVP Sandra Joyce up at night? The coming storm
- California tech industry gets its first big coronavirus hit: RSA Conference attendee infected, in serious condition
LastPass CTO Christofer Hoff tweeted he personally knows more than 30 people who got COVID-19 at RSAC.
"The RSA Conference should really be made aware to understand they were a super spreader event," Hoff added.
Following The Register's inquiry about COVID-19 cases related to the event, and questions about what organizers were doing post-RSAC to follow up on attendees' virus status, officials pointed to a health and safety hub update, which, among other things, urged attendees so "make responsible health choices."
"RSA Conference 2022 has been made aware that some attendees have tested positive for COVID-19," reads a note dated June 15. "We are, however, not collecting test results post-conference."
— Chris Nickerson (@indi303) June 13, 2022
The number of RSAC attendees that have since tested positive, even if it is anecdotal evidence, has some in infosec rethinking their plans for Black Hat and DEF CON in Las Vegas this August, aka hacker summer camp.
"All of these stories of people catching COVID at conferences, especially RSA, make me considerably less interested in coming to Las Vegas for DEF CON," EFF Cybersecurity Director Eva Galperin said.
After requiring both proof of vaccination and masks at last year's event DEF CON, "barring a major change in the situation," the event won't check attendees' vaccination status this year but will keep the mask mandate in place, organizers said.
"Protecting the community is our first priority, and we want to make sure that everyone is as safe as we can make them," DEF CON's FAQ page states. "Everyone includes the healthy, the vulnerable and those who have immune compromised loved ones they need to protect."
Meanwhile, Black Hat, which opens just before DEF CON, isn't requiring any COVID-19 prevention measures.
"At this time, there are no requirements for vaccinations, masks, or other health measures in place," according to that event's health and safety rules. "Attendees are advised to consider their personal health needs."
"Black Hat will continue to monitor the health situation and relevant authorities," officials added. "Changes to health and safety measures may be made by Black Hat show management at any time as events warrant."
Consider yourself forewarned. ®
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Remote Access Trojan
- Trusted Platform Module
- Zero trust