This is my fourth RSA Conference, which doesn't exactly make me a cagey old veteran, but it's just enough history to have a sense of how the gathering has changed in recent years. (All of you who've been coming since the 1990s should probably stop reading before you start snickering derisively like those two old dudes from the balcony on The Muppet Show.)
The changes from my first RSAC in 2010 are apparent. Not just the obvious things such as more people, more sessions, more hustle-and-bustle around the Moscone Center. There are also more subtle changes that reflect how the information security industry has matured.
For instance, there are far more women. We don't have exact attendance figures yet, but we are seeing more — speaking on the stage, walking through the hallways, and sitting in the audience. Now, don't get me wrong; I'm not suggesting that there are plenty of women in the industry. There aren't nearly enough, as was made abundantly clear during a discussion of security's glass ceiling earlier this week. The latest ISC2 Workforce study pegs the number of women information security professionals at a dismal 10 percent of the workforce. But a person would have to be in a whole lot of denial to dispute the very noticeable uptick in the number of female RSAC attendees.
It's also hard not to notice the wider range of conversations while wandering the halls in Moscone Center. Oh, there's still plenty of security shoptalk. But the balance has definitely shifted. At my first RSAC, I was a fish out of water. I wasn't a security geek, and seemingly the only people there who weren't obsessing over the details were the PR folks representing vendors. Come to think of it, they probably made up most of the female population, too.
Today, however, there's a lot of general business talk. It's obvious that a lot of people who are not security practitioners are being asked to attend RSAC to brush up on their knowledge, bring back helpful tips, and network with industry peers.
This also helps to explain the evolving look of RSA attendees. In past years, security caricatures were prevalent—there were the renegade denim-jacket-and-pony-tail types, the Walter White-inspired chrome-domers who would be intimidating if not for their way-too-white sneakers, and then the rest of us. This year, there are more tailored suits and hipster casual clothing than I've seen at all my previous RSACs combined.
Now that I mentioned chrome-domers, there does seem to be a lot fewer bald guys than in previous years. I’m not sure how that maps to the trend I'm getting at, but it's worth noting.
There's also the choice of guest celebrity bookings. A few years ago, there were none. Last year, a surprise appearance by William Shatner had thousands of keynote attendees giggling like teenagers, but matching Captain Kirk with a security crowd was hardly a stretch. This year, however, RSAC turned to Jane Lynch, a completely outside-the-box choice. Lynch actually said — convincingly, I might add — that she was turned on being on the RSAC stage.
While all of this change is probably a source of great consternation to all the serious security freaks who've been coming for years, it's a good thing on many levels. Not only does it imply that more people are aware of security and wanting to learn more about it, it also means that more money is flowing into the industry, which will lead to technological innovation, job security, and raised status within the corporate hierarchy.
Perhaps most important, though, is the message it sends to the underworld the industry is battling. It tells the bad guys that the ranks of people who are watching them and learning how to fight them, or at least learning how not to be victimized by them, are growing and becoming more unified in their cause.
At a time when the security industry is searching for ways to stem the tide of threats, there may be no more powerful tool.