Last month I attended my first RSA Conference (USA 2012) as a participant — a real, full-time badge holder with access to all sessions and peer to peer gatherings. I had previously attended RSA with an Expo pass, which was an exercise in frustration… but this year, being able to attend sessions, the experience was much different.
From what I have seen, RSA is primarily a big money-making opportunity for companies, many whom employ subtle (or not-so-subtle) scare tactics to get other companies to spend money on IT infrastructure that will make their networks more secure. There is likely more to it than that, but I am not an InfoSec guy — I’m an AppSec guy, and that is a nut that the Expo folks have yet to — and may never — crack.
Application Security (AppSec) feels like the new kid on the block, potentially a growth field but also difficult to sell to. On the Expo floor I counted a scant 3 vendors — 3 out of hundreds — who had anything to do with AppSec, and for the most part that meant offering a static code analysis tool that focused on security. Some vendors offered developer education programs, but I could not name 10 vendors I talked to that I could offer me anything relevant to the problems I am interested in solving.
There is more to RSA than the Expo, however. The sessions pertaining to AppSec were very useful Read the rest of this entry »