First of a blog series on the questions RSA’s mammoth growth raises for communicators in the cybersecurity industry
The RSA Conference, “Where the world talks security,” is the world’s largest cybersecurity gathering and a bellwether for the digital security, privacy and risk industry. Claiming more than 50,000 attendees annually, last year RSA touted “17 keynote presentations, more than 700 speakers across 550+ sessions and more than 600 companies on the expo floors.”
I have been attending RSA for years and spend a lot of time developing speaking submissions, planning RSA week activities and arranging meetings with journalists, analysts and other influencers at the show. It is remarkable how big and all-consuming the conference has become. For years, RSA had a traditional feel and flow: News cycle attention was placed on speakers’ (highly competitive) speaking slots and a familiar crowd of media settled-in to cover those talks’ debates and revelations.
Flash forward to today and the landscape is completely different. Some 300+ reporters and analysts are on the registered media list. External 24×7 news cycles shape RSA’s sessions and hallway conversations. While still coveted, earning a panel or presentation returns significantly less publicity because there are so many talks jostling for attention next to the Innovation Sandbox Contest, the Launch Pad investor pitch competition — an Early Stage Expo for new companies — and multiple Peer2Peer talks – and that’s just what’s promoted on the conference’s home page.
Is “bigger” always “better?”
This year, I started thinking about what RSA’s staggering growth means for communicators and companies – whether we’re already invested in RSA’s annual security bonanza or deciding whether to dive-in to the show for the first time. Heading in to the conference’s 28th iteration, I am hearing a noticeable increase in skepticism from fellow RSA veterans in the media and industry. Affinity and respect for the show are strong, but the eye-popping growth and costs are raising more eyebrows.
To start a little discussion, I decided to write a two blogs breaking out the pros and cons of RSA’s growth. This first post looks at some of the negative perceptions. We’ll look at enduring positives in the next post.
So what are the red flags?
“The conference is too big and overwhelming”
The larger a conference becomes, the less approachable and accessible it feels. RSA does an admirable job with its frequent newsletters, updates on how to reserve seats and live-streaming many of the speakers on screens across the Moscone campus. But this still does not change the fact that RSA is really big and can be overwhelming. This year the show offers a game night, comedy club, group yoga and meditation and craft beer tasting. This is starting to feel like a cruise ship itinerary – all we need is a rock wall and day trips to Alcatraz and Fisherman’s Wharf.
RSA’s challenge is trying to keep show staples in place, like its respected Cryptographers’ Panel and high-end sponsors’ CEO keynotes, while at the same time adding sessions for each year’s new “it” topics, like industrial control systems (ICS), cloud and policing APIs. To attract and retain every slice of the audience, RSA has to keep growing.
“The conference is getting too expensive”
Like any event, RSA is an opportunity cost. You have to add up the price of sponsoring and attending, realistically consider what you get in return – and then weigh this against other places to apply that budget. The relative scarcity of hotels in San Francisco and cost of doing anything in the city, generally, make RSA an increasingly expensive trip, particularly for companies who plan to host a networking event or VIP dinner, on top of their booth and attendance costs. RSA’s geography and economics make it more expensive that Black Hat USA in Las Vegas, for example, where there are many more hotel rooms, dining venues and event spaces to choose from. I definitely took notice when RSA recently sent surveys to past attendees, asking how we felt about other host cities including Chicago, Anaheim and Vegas.
“We do not see as many of our buyers at RSA”
For years the conventional wisdom considered RSA a “sales conference” where security buyers go, but there has been growing buzz that chief information security officers (CISOs) are skipping the noise of large security conferences for smaller, focused gatherings with their peers that are more conducive to candid sharing of lessons-learned and other insights.
It’s safe to say plenty of people influencing security and compliance spending still attend RSA. Yet, as the conference takes time and sponsor dollars from a wider array of vendors focused on security buyers in manufacturing, energy or vehicles, organizers are pressured to demonstrate that all these attendees are out in force at RSA, too.
Because security is no longer a niche community, RSA has to compete with more specialized security events sponsored by technology and industry heavyweights like Amazon Web Services, the American Petroleum Institute and automakers. When security becomes everything in every industry – it’s hard to have an “everything conference.”
There are some legitimate challenges here to be sure, but as I’ll explain in the next post, RSA still has a lot to offer, as long as you can ingest enough Philz or Blue Bottle coffee (OK, and water) to make it through the afternoons.