5 things to watch at RSA Conference 2018

RSA Conference brings together the glitz, glamour, marketing and enterprise focus of cybersecurity. Sessions abound and corporate all stars make their pitches on just how effective their cybersecurity practices are.

The fast-paced event takes over the already tech-saturated city and makes nearly everyone fear for the sanctity of their passwords. RSAC 2017 featured more than 700 speakers, with 550 companies exhibiting and 43,000 attendees.

Aside from the free food and the late-night events, here's the reality of RSAC — it's is all about networking. Companies meet vendors; journalists meet sources; and security researchers meet security researchers and inevitably establish brain trusts and side projects.

Samantha Schwartz and I will be making our way to San Francisco next week. To help you prepare for the event, here are five things to watch at RSAC:

1. Sessions showcasing cybersecurity strategy

RSAC offers an unparalleled concentration of cybersecurity companies, researchers and executives. Sure, Black Hat and DEF CON are the splashy hacker conferences, but it's far better to attend a conference where you know the elevators are going to get hacked just for fun.

The concentration of experts allows ample opportunity for attendees to learn a thing or two about security. But the best conference sessions to attend are the ones where leading CISOs illustrate how their organization tackled a threat.

A vendor can pitch products all it wants, but a far greater impact comes from security leaders showing products, services and techniques in action to mitigate the evolving threat landscape.

For CIO Dive, the key conference track to follow is the "C-suite View," which features key leaders in the field, such as Microsoft CISO Bret Arsenault; Dr. Christine Izuakor, senior manager of global security strategy and awareness at United Airlines; and Orbital ATK CISO Mike Raeder.

2. Opening up the floor

Diversity in cybersecurity will take center stage at RSAC this year after the conference received widespread criticism over its predominantly male keynote speaker lineup.

When the keynote speakers were first announced in early March, 19 of the 20 speakers were men, reports CNET. The exception was Monica Lewinsky, who is speaking at the conference about cyberbullying.

The gender disparity inspired the creation of an alternative cybersecurity conference, called Our Security Advocates, or OURSA, The competing conference is a one-day, single-track event taking place on April 17 and features a diverse set of speakers, the majority of which are women.

Since the initial keynotes were announced, the cybersecurity conference has augmented its list of keynote presenters to include more women. As of now, RSAC has 29 keynote speakers slated, seven of which are women.

3. Playing in the Sandbox

In Silicon Valley, it is hard to guarantee an early-stage company will stick around. Whether a startup is gobbled up by acquisition-hungry tech behemoths or falls prey to a demanding market, there is a rapid turnover of young companies.

But RSAC is a time to show off innovation and highlight new technologies companies are working on. Taking place Monday afternoon, the RSAC Innovation Sandbox Contest will pit companies head to head. The 10 finalists have three minutes to make a pitch followed by a Q&A with the judges.

The showcase is not just about the glory of winning the contest. Over the past five years, finalists have earned more than $1.25 billion in investment, according to RSA Conference. And making a splash at RSAC boosts a company's profile, showcasing the readiness of new products for market.

Keep an eye on the companies competing. In the coming years, they'll either be acquisition targets or the next security startup success story.

4. Marketing at the show

The sales pitches that define the Silicon Valley tech community are omnipresent at shows like RSA. The enormous venue features two expo floors, where companies exhaust marketing budgets to ensure a choice booth location on the floor.

But don't get too caught up in the blinking lights, robots, Breaking Bad-style motor home exhibits, the generous coffee stands or the allure of swag. Companies are there to market their wares, and buyers need to use a keen eye to understand the reality of what a company is offering.

@bromium has the best #RSAC2017 booth by far. pic.twitter.com/UtGNmNMr22
— Naomi Eide (@NaomiEide) February 14, 2017

It is easy to tout buzzwords like "machine learning," "artificial intelligence" or "blockchain." But IT decision makers have to sift through the noise to ascertain what a vendor is really capable of.

Even if you're not a buyer, the expo floor offers plenty of distractions in between conference sessions. There are more lights than the Las Vegas Strip and always goodies to seek.

5. Reviewing what went wrong in 2017

Last year, RSAC was at the beginning of February, coinciding with the release of vendors' year-end review to analyze what went wrong in cybersecurity and what it could mean for the future.

But this year, RSAC is later, though that hasn't stopped presenters from crafting sessions around 2017's major attacks. With a simple search for "WannaCry" of "NotPetya" in the sessions index, attendees will find a smattering of presentations dedicated to the crippling attacks.

Even if a session is not about NotPetya or WannaCry, it's almost guaranteed presenters will bring the attacks up. That speaks to the crippling nature of the cyberattacks, but also showcases how some researchers discuss successful attacks with near reverence.

By now, the narratives of past attacks may seem a bit stale, but there is still much to learn as companies look to defend themselves.

If you haven't created your RSAC bingo card yet, now's the time. Also be on the lookout for the overuse of terms like "nation state actors," "cyberwar" and "GDPR."