Packing for #RSAC 2016: An OCD Case Study

At the end of the week, I’ll be packing for five days in San Francisco, where I’ll write about the goings-on at RSA Conference 2016. When you have OCD, packing a suitcase is as ritualistic as the compulsive hand washing you’ve heard about.

Mood music:

Before I had the OCD under control, packing was an all-day affair. I’d line up all my clothes and accessories in order of the days I planned to wear them. I would undergo a similar ritual when gathering toiletries. I’d pack extra for fear that I’d be without something on the second-to-last day of the trip.

Today I do things a lot differently. I still keep track of what I stuff into the suitcase to ensure I have enough for each day, but I only look over my cargo twice. It takes less time to do than when I used to look things over 5 to 10 times.

I save space in my suitcase because I don’t stuff it with cigars and cigarettes anymore. While I carry my vaping pipes, they take up less space. I also used to stuff books in to have something to read during downtime. I don’t do that anymore, because those books always sit unread. I’ll still have a supply of Starbucks Via packets in case I can’t find my preferred coffee in the airport.

Last year I walked around San Francisco in my big, heavy boots. This year I’m being smart about it and going with the sandals that slip on and off effortlessly.

One year I forgot to grab my Prozac bottle on the way out of the hotel and only realized my mistake after getting through the airport TSA line. Now I just pack the exact number of pills I need for the trip. The rest of the bottle stays home.

Packing the laptop bag has gotten easier, too. I used to cram five notebooks and a handful of pens in there. Now it’s one pen and no notebooks. At this stage of my career, I’m pretty good at storing notes in my head. I don’t let then sit in my head for too long, either. I usually write up the talks and demos within 10 minutes of seeing them. Some talks I write up while I’m watching.

I still worry about having enough power cords, though, so I pack every cord I own. But I don’t lay them all out on the table to count them multiple times. I just stuff everything into the bag.

I’ve also gotten bolder about when to go to the airport. I used to get to the airport three hours before the flight because I worried about unexpected problems and wanted time to fix them. I’ve scaled that back to two hours during recent travel. So far, it’s working out fine.

I may not travel the lightest I can, but when you have OCD and learn how to simplify packing, it’s a victory.

Safe travels, all!

Suitcases and Briefcase

So You Wanna Boycott RSA Conference 2014

Disclaimer: This is my opinion. I do not speak on behalf of my employer.

Folks in the information security industry are debating whether to boycott RSA Conference 2014 to protest RSA’s reported misdeeds concerning the National Security Agency (NSA). Boycotts can be powerful tools. But they can also lead to trolling or a loss of your own voice.

Mood music:

One of this blog’s missions is to promote more reasonable discussion. I’ve seen how people hurt each other with words in the security industry and elsewhere, and this latest issue is no exception.

It’s a waste of energy.

Some Background

At last count, eight well-known security practitioners announced that they were skipping the upcoming RSA Conference in San Francisco because the conference’s sponsor, security vendor RSA, allegedly pocketed money from the NSA to put a faulty encryption algorithm into one of its products.

The revelation is part of the ongoing fallout of former NSA technical contractor Edward Snowden leaking details of top-secret mass-surveillance programs to the press.

In this debate on whether RSA, and by extension the NSA, did wrong, you’re either a PR-obsessed grandstander or a coward who refuses to take a stand. It just depends on which side of the discussion you fall under. Those who are boycotting the RSA conference have been accused of the former, while those who are still attending are accused of being the latter.

My Two Cents

I’m going to RSA Conference 2014.

Based on all the information out there — and I’ve read quite a bit of it — I’m inclined to believe RSA took money from NSA to allow a flaw into its technology.

I agree that this shouldn’t come as a surprise because the NSA was, after all, created for those sorts of activities. That doesn’t mean there’s no cause for anger.

RSA customers rely on the company’s products to keep proprietary information safe from sinister hands. Taking money from a government agency to make spying easier is not OK. The argument that spying on American citizens is necessary to uncover terrorist plots is rubbish. It’s the same fear-based thinking after 9-11 that led to the PATRIOT Act. That’s my opinion. To those who disagree, I mean no disrespect. Good people can disagree.

Having said all that, you would think I’d be among the boycotters. I share their anger and respect their right to protest as they see fit, as long as no one is harmed in the process. But I’m not boycotting for a few reasons:

  • I’ve never gone to RSA Conference to support RSA the company. I go to network with peers and get a better sense of what the latest security trends are.
  • I can’t do my job from the sidelines. I have to be where the action is.
  • If you’re angry with RSA, isn’t it better to attend the conference and speak your mind? It’s a more powerful approach than staying home.

I don’t claim to have all the answers. I don’t claim moral superiority. That’s simply where I stand.

On Twitter the other night, Akamai CSO Andy Ellis — my friend and boss — said, “Whether or not one agrees with the RSAC boycott, we can celebrate [the boycotters’] freedom to express anger and disappointment. We need more of that.”

Furthermore, he said, we should be able to be angry without feeling the need to ostracize those who aren’t expressing anger, and vice versa.

He’s right.

It’s OK to rage, and it’s OK to boycott. Troll if you must. That’s your right, my friends. I’m going to follow my conscience and strive for civility.

RSA SecurID