I’m about to curl up with my copies of the GreyNoise report on resurgent vulnerabilities and the Verizon DBIR, since both reports promise thrills and chills, but I wanted to drop a note here to talk just a little bit about RSAC next week.
If you’ve ever read this blog before, you probably know that RSAC is the other annual pilgrimage that a lot of infosec/cybersecurity professionals take, and it starts next week. RSAC is the Easter to Black Hat’s Christmas — important for adherents, completely wrecks many calendars, fun for kids, all that. I also know that a lot of self-identified “tech people” can get kind of eye-rolly about RSAC, and are quick to dismiss it as an event purely for “biz people” like marketing, C-suite, and venture capital types.
I’m here to tell you that I actually like RSAC, and I participate in it quite willingly, even eagerly. Here’s why: While there is undoubtedly a bunch of silliness and hype and puff surrounding RSAC, I take it as an opportunity to walk up to a vendor and get into a conversation with a sales or product engineer about how they’re doing whatever magic they’re claiming to do. Sometimes, I run into a marketing gatekeeper, but they’re usually pretty well-trained to deflect harder technical questions to the SE pretty quickly.
A couple weeks ago, we chatted with Tracy “InfosecSherpa” Maleeff on Storm⚡️Watch, and she professed pretty much the same strategy — be sincere, ask questions, and seek out the technical expert on site. I have to say, it was so nice to hear that I’m not the only one who sees this value in RSAC. I learned, pretty early on, that this show isn’t just a marketing opportunity for the vendors, it’s a learning opportunity for you. If you understand that the marketing messages are probably a little hyperbolic, forgive them for that, move past it, then see what’s up in whatever area of cybersecurity that you’re not already an expert in. You’ll stand a pretty good chance of being slightly better-rounded in your career and your interests after that conversation, and maybe even get some ideas on how to blend what you’re doing with whatever they’re doing.
So, go forth, enjoy RSAC, collect some swag for the kids, and learn a thing or two. It’ll be fun.
All that said, it would be a marketing crime if I didn’t remind you of the events that runZero has planned for next week across both BSidesSF and RSAC. I’ll focus specifically on those most geared for nerds:
Charting the SSH Multiverse: HD revisits the vast attack surface of SSH, covering vulnerabilities and exposures that come with this venerable protocol. Spooky!
Discovering OT Devices Across Protocol Gateways: Rob pokes and prods at operational technology (OT), and yet, does not crash the factory floor by doing so. Amazing!
RSA Hottest Innovators Party: Hosted by Ghost and runZero, a great opportunity to ask some of those harder technical questions to the founders of some of the neatest infosec startups around.
Hit our San Francisco landing page for registration links to these and the other events we’ll be at, and I’ll probably bug you about some network stack trivia next week!
