4 Tips to Beat Fear and Anxiety at #RSAC2016

The first time I attended RSA in 2005, fear and anxiety threatened to consume me. I feared the flights, the crowds and the prospect of failing professionally.

Fast-forward to 2016: I’m a veteran infosec journalist who has been to too many conferences to count. I can’t say that I’m done with fear and anxiety, but I’ve brought it largely under control.

I’ve met a lot of people who suffer the same debilitating anxiety I used to experience over conferences, especially RSA. I’ve watched them worry endlessly over which evening events they needed to attend. I’ve seen them recoil at the waves of humanity wafting through the Moscone Center. I’ve seen them succumb to the temptation to drink every last drop of the free booze at vendor parties.

To some, this all sounds too dramatic. These are not life-or-death situations. But that’s the thing about fear and anxiety: They make situations look scarier than they really are.

This stuff isn’t specific to infosec, either. People go through this in any industry. But infosec is my industry, and I want to direct this at my peers.

Here my tips for surviving RSAC 2016:

  • Vendor keynotes aren’t mandatory. For a new attendee, the keynote sessions can be big and scary. The crush of humanity crowding around waiting for entry can be overwhelming, especially on the morning of the first day. If you’re absolutely dying to hear what the opening keynotes are about, you gotta suck it up. But veteran attendees have learned that it’s rarely, if ever, worth it. Find some industry pals and go have a good chat over coffee instead.
  • Don’t let the exhibit floors get to you. People working the booths will hound you aggressively to see their slide deck or hear the pitch. If you’re not careful you could easily get sucked into things that aren’t going to help you. The loud displays can induce major headaches. Skip the Monday-night opening of the floor; it’s the loudest time to go. For the rest of the days, wait a couple hours after the opening before going in. Things are usually calmer by then.
  • You don’t have to venture out at night. There’s always a huge expectation that an attendee must go to all the vendor parties in the evenings. If the day has been too much and you need to be at full strength for the next day, there’s nothing wrong with retiring to your room for the evening.
  • Focus on the reason you’re here. Looking to forge a new business partnership? Or maybe you’re there for education? Then just focus on those things. The keynotes are chaotic, but a lot of good talks happen in smaller rooms throughout Moscone. If your number-one goal is to make a deal, collaborate on some research or strike a partnership with another entity, then focus on making those things happen and ditch the rest.

I know it’s easier to talk about how best to proceed than it is to do it. Nevertheless, I hope you find some of this helpful.

RSA 2015 Crowd Shot

Potential Positive of “CSI: Cyber” at RSA Conference 2016

The information security community is losing its collective mind because actors from the much-maligned CSI: Cyber TV series are on the keynote schedule for RSA Conference 2016. Dave Lewis, writing as @gattaca, captured the sentiment:

A lot of analysis has been devoted to RSA’s decision. I like the suggestion Violet Blue makes about how maybe, just maybe, RSA is playing a clever joke on us:

What if RSA’s ongoing keynote stew of disconnect and incompetence is part of something way more thoughtful and complex than we’re giving it credit for?

Jericho wonders in this post why anyone would be surprised, since, he believes, RSA has been a joke for years already:

It’s the party everyone shows up to, and the one you want to be at, to “be seen” and “catch up on the gossip”, even though you hate it. In our industry, it is the embodiment of reality T.V. in many ways. On the flip side, this conference hasn’t actually been relevant to our industry for a long time, where reality T.V. is sadly relevant in the worst ways.

He’s not wrong, though as I’ll note shortly, it’s not really as clear cut as that.

Crowd scene from RSA 2015

My thoughts:

  • There are many other keynoters. Though CSI: Cyber is getting all the attention, the agenda is crammed with a lot of people who practice infosec in real life, including Intel Security Group senior VP and general manager Christopher Young, Snort creator Martin Roesch and the annual Cryptographer’s Panel.
  • TV personalities have keynoted RSA before. And you didn’t see the kind of stink being raised today. To be fair, much of the ill sentiment is because CSI: Cyber sucks so badly, failing to portray our business accurately and fostering FUD (fear, uncertainty and doubt, for the uninitiated).
  • It’s always been what you make it, anyway. Jericho is right that people attend RSA to see and be seen, hating it all the while. But my personal experience has always been that you get what you put into it. I haven’t attended a keynote in five years. Most tend to be the same old vendors pitching the same old message wrapped in whatever that year’s buzz topic is. I get far more value from the conversations. Reconnecting with peers I haven’t seen in a while. Meeting new people I can learn from. That’s what matters to me. I also believe it’s healthy to be in an arena where you have to keep selling what you bring to the table, be it the technology your employer sells or a side project you care about.
  • It’s an opportunity. What if we used the CSI: Cyber appearance as an opportunity to put the feet of the show’s writers and actors to the fire? If we stand up and tell them why their show offends us, maybe their shows stories start sucking less.

OK, probably not. But it was a nice thought.

I’m going to RSA because I’ve gotten much from it in the past. I also have a report to tell people about. My team worked hard on it and we believe it will provide value.

Cheer up, everyone. Have a song:

https://youtu.be/21ewvNVAYUw