Latest News

I am out at the RSA Conference this week, and like every year, I am stunned by the number of product vendors selling “silver bullet” technology solutions to solve all of life’s security problems.  Seeing the make-up of the expo floor, you would think that you can just throw lots of technology at a problem in order to make it go away.  Given that real solutions always incorporate people, process and technology, it always amazes me that most vendors pretty much ignore the first two.

The talks are decent, but this year there are 17 tracks!!! It is incredibly difficult to figure out which talks to go to - and if you don’t get into a talk early enough, there is a strong possibility that you will get locked out (this has already happened to me twice!).  Apparently the fire marshall cracked down because standing in the back of the room is no longer allowed.

All this make me wish that there were more conferences like the Source conference in Boston.  Full disclosure - I am on the Source advisory board, so I am clearly biased!  However, Source was small, intimate, and you could actually interact with most of the attendees and speakers during the week.  The talks were as good if not better than anything I’ve seen out here so far.  In some ways it is like a combination of RSA and Black Hat talks.  There were excellent business talks like the CEO Panel, and there were also great technical talks like James Atkinson’s terrifying discussion of physical security issues and Roger Dingledine’s TOR talk.  And of course there was Dan Geer’s excellent keynote and the L0pht panel, which were the highlights of the show for me.  All in all, it really was a blast, and I can’t wait for next year’s Source conference.

In the meantime, I’ve been enjoying the “real” RSA conference, which takes place in the bars after hours.  Last night a ton of ex-@stake folks descended upon the Westin Market Street bar, a pre-cursor to Thursday night’s iSec event at Tres Agaves.