I always find RSA interesting because in addition to the official theme of the conference (what was this year’s anyways?) there is the unofficial theme, that usually comes from either the show floor (Everyone remember how every year from 1999 through 2003 was “The Year of the PKI”?) or from the talks themselves.
Well this years unofficial theme was “The Cloud”. Just about all the high profile talks were discussing some aspect of the security of “The Cloud”: was it secure enough? Was it more secure then traditional in-house applications? Was it really the any different then any other outsourcing agreement? Shouldn’t we really call the “The Fog”? And if we did would KFOG sue?
But despite what the vendors and conference organizers want us talking about, just about every year there is something else we all talk about instead. Just eavesdrop a bit when walking the halls or at the parties, and you’ll learn about what is really on people’s minds.
This year, the big topic of discussion was unsurprisingly PCI. Did it work? Were people ignoring “real security” in favor of meeting the requirements? Was it fundamentally flawed in it’s very design? What needs fixing to make PCI more effective?
While this year was about PCI in other years it was about Identity Management or Incident Response, but regardless it’s these sorts of dicussions that make attending confrences in person so worthwhile. Webcasts are helpful and blogs/Twitter allow for some great conversations, but in the end, it is just far easier to have these sorts of converstations in person.
Not only is the exchange of ideas faster, but also the natural flow of conversation often leads one to interesting and new places that text wouldn’t allow.
*Image via bocek.kevin‘s Flickr photostream.