Software Integrity Blog


RSA Conference 2017: An ecosystem of security events

With the ongoing expansion of the Moscone Conference Center in downtown San Francisco, the RSA Conference planners had to be creative this year. To some degree they were successful (perhaps too successful) in breaking old habits and re-directing people to new locations, including new related events nearby. This pattern shift underscores how, at the end of the day, the RSA Conference is no longer just a physical conference, it’s an entire ecosystem.

In addition to utilizing Moscone North, South, and West, some of the official RSAC 2017 tracks were pushed across the street to the lower levels of the Marriott hotel. Ultimately this was not very satisfying. Once outside the main Moscone North and South halls (which are physically connected underground), it was tempting not to set foot back inside the official conference. Perhaps to take advantage of that, there seemed to be many more competing security events this year than last.

North vs south

Unlike previous years, RSA Conference 2017 filled both the North and the South exhibition halls. The distinctions were not as divided as in the past when it was clear that all the action was in the other hall. Both halls supported their own share of big ticket vendors as well as smaller vendors. Recent mergers and acquisitions made for some interesting pairing. Some companies, acquired only in the last week or so, remained separate, sometimes in different exhibition halls.


Synopsys did pair its most recent acquisition, Cigital, across the aisle, creating a larger, unified booth. At booth 1339 in the South Hall, Synopsys offered a fun way to start your software security journey, or to continue along it. By standing inside a hot air balloon and in front of a green screen, conference attendees can have their photo taken against a half dozen exotic locals. While across the aisle in booth 1333, subject matter experts were on hand to talk about the company’s complete offering of software testing tools and services.

Still other vendors insisted on having one branded booth in the North Hall and a second branded booth in the South hall – perhaps that’s a bit of overkill.


Foot traffic was just as complicated as vehicular traffic this year. The underground tunnel between the North and South halls was interrupted by a large hole being dug in Howard Street. As a result attendees had to jog left then right through a doglegged tunnel this year.

Upstairs, vehicle traffic routed around the hole in the street conflicted with attendees needing to cross the street. And finally, some people confessed they didn’t realize additional talks were being held outside the conference center itself.


Despite the maxed-out exhibition halls, the conference itself felt light this year. The talks were not spectacular or original. For example, Fred Bret-Mounet reprised his DEF CON 24 talk on compromising solar panels at RSA Conference 2017. No new conference tracks were added this year, with most speakers addressing the predictable topics of network security, cloud, mobile, and IoT.

There were plenty of gatherings this year. BSIMM, the community of members who participate in the annual BSIMM report, held a mixer on Tuesday night. Also holding meetings at the conference were ISSA, ISC2, and SAE.


In recent years, BSides events have sprung up around the country as counter programming to any major security conference. The idea is that if your talk was rejected from the main conference, you can always present it at BSides. This year BSidesSF was held at two locations, DNA Lounge and BuzzWorks.

In addition to BSides, an alternate vendor mini conferences were held by Cisco and Intel in the Marriott. While IOActive once again rented out the building next to Central Computers on Howard Street to host two days of their own programing.


The future

There remains a persistent rumor that the RSA Conference has outgrown San Francisco. If true, the pundits are betting that Las Vegas might become its new home. Quite honestly that has been said for a few years now. At the moment there’s no reason to think there will be a location change next year.

Ultimately RSA is not a physical structure, or the talks you saw — or didn’t see. It is the relationships you form and nurture over the years. It is where the world talks–if only for a few days– security.


More by this author