This was my second year at the RSA Conference. It was interesting to come back as a "veteran" to the largest security conference (24k attendees according to rumor). I consider myself a veteran since I didn't really see differences between last year and this year. Now since I was working my interactions were limited to the expo floor and sidebars. I didn't get into any talks or sessions, but the view from the outside was worthwhile if a little rote. The keynotes and expo floor focused on the same problems we had last year. Sure the scale may have changed and the awareness of threat actors has broadened but we're still fighting the same battles against a backdrop of consumerization, the cloud, and big data.
Now I understand 20 minutes in front of a passive audience or five minutes with a conference goes that wanders up to your kiosk is not the opportune time to solve the world's problems. At best you grab their attention (hopefully in a tasteful manner) and set up that follow-up to really talk about problems and solutions. And it was at this level whether at an offsite meeting room, over a meal, over drinks, or even in front of the booth is where I got my value out of RSAC.
It was great catching up with colleagues and co-workers. In one morning our team knocked down some big problems on how to scale our processes. I learned more about the direction of our company listening to leaders answering the hard questions from a knowledgeable CISO. I learned about new customer businesses over drinks and caught up with old customers passing through the halls.
There's a widsom in crowds and broadcasting your message still has a great role to play but the work gets done in the small groups, whether at a conference or a company rebuilding a security program. Bringing the right group of a few people together for a common purpose is most of the battle. That's where innovation and value are created.