RSAC 2022 Impressions From a Wandering CISO

Published:

Jun 23, 2022

Reading time:

4 Minutes

With the RSA conference now in the rear view mirror (for 2022, at least, I’m already planning for 2023), it’s worth taking a moment to reflect on what the conference felt like.

Yes, of course, everyone tries to capture RSAC, usually with a buzzword (in previous  years it was “zero trust” or “big data”), but beyond the vendor buzzword, what did the conference feel like?  

For many, this was the first conference in-person since … the last RSAC, in 2020, right as CoViD was becoming a thing (remember people telling you that masks were ineffective, and you shouldn’t wear them?).

So after some much needed sleep, I’ve had time to reflect on the massive event that is RSAC, and what I learned about the InfoSec community coming out of the pandemic. And what I’m seeing trending is fascinating. Here are three takeaways from RSAC 2022 that struck me as the most important.

“The most important thing in any security tool is how much it does for you – from a coverage and a comprehensive perspective.” Andy Ellis comments on Day 1 at RSAC 2022

RSAC is a small city

RSAC is huge.  And I don’t just mean in attendance.  The conference sprawls not just over the Moscone Center in downtown San Francisco – but for at least a mile in every direction.  Stores were wrapped in vendor advertisements.  Restaurants were booked solid with events (it took me three days to sit down and eat, though).  Hotel lobbies were loud.  Event spaces became temporary headquarters for various attendees.  Everywhere you turned, you spotted the ubiquitous RSAC badges, sometimes with a half-dozen additional badges from various events swinging alongside.

The show floor felt less crowded, because there was a little more space between booths.  Not enough to feel like they were isolated, but you didn’t have to fight your way through mobs of people to get to the booths you were seeking.  And with the Moscone Center escalators now dropping you right onto the show floor, it felt more massive than it has in the past.

InfoSec connects at RSAC

Everyone I ran into felt like they wanted to be there.  The current state of global health meant that anyone who wanted a reason to stay away had an easy way to skip out on attending.  As a result, everyone felt intensely present.  Hugs abounded – I skipped the handshakes for sanitary reasons – and a lot of huggers felt like they were grasping a lifeline.

People I hadn’t seen in a few years were eager just to catch up, whether that was just grabbing a group selfie in the courtyard outside the Contemporary Jewish Museum, or meeting in the lobby of the Four Seasons (when did that become as crowded as the W?), or going for a walk around the Yerba Buena Gardens and chatting.  Conversations that could have happened over Zoom, but felt more intense and meaningful with everyone finally together again.

The community is actively listening

When I was given an 8:30 am speaking slot, I’ll admit that I, along with several other CISOs in similar straits, made jokes about being on the B-List, and having unattended talks.  And, in past conferences, that has often been the case–the early morning talks feel a little sparsely attended.

This year?  Packed rooms.  Bright and early, folks were listening, and engaging with the speakers and the content.

Did you miss my presentation? Check out the post-RSA encore of my presentation below.

The Cloud-native shift in security is now

Of course, there had to be a content theme at RSAC, and this year, it felt like “cloud” has come into its own.  I know, it’s supposed to have been the buzzword of years ago (I refuse to count the number), but the number of talks and vendors that focused on cloud, not as an adjunct to an on-premise world, but as a primary use case, makes it pretty clear we’ve turned a corner.  Cloud security is going to be the dominant paradigm for a while going forward, and the cloud-first companies of today are quickly becoming cloud-native leaders of tomorrow. If there was ever a time to play catch up on cloud security, that time is now.

See you at RSAC 2023 NEXT YEAR

With RSAC over, the date for next year’s event has already been announced: April 24-27, 2023.   I’m excited for it, since my book, 1% Leadership, will be released just in time on April 18th, 2023 – and I suspect I’ll get to do lots of book signings.  I’d better start practicing my book-signing skills now!

Andy Ellis is the Advisory CISO at Orca Security, and 2021 Inductee into the CSO Hall of Fame. He is an Operating Partner at YL Ventures, and was formerly a US Air Force officer and the CSO at Akamai Technologies. You can find him on Twitter at @csoandy.