RSA Recap Day 1

The first day of the RSA 2012 conference was a good one. I learned a lot about the leadership of security, how prone we are to burnout, got some good hiring tips, and learned a few things about affecting change in my organization. Oh, and there were a few adult beverages and vendors available at the Welcome Reception.


I attended the Leadership track today. The Surviving as a Security Leader session was interesting. It was nice because it reconfirmed that my approach is sound. That approach includes aligning with the business, establish a clear goal state, develop a clear strategy to achieve the goal, and to frame security matters in teem of risk.


One thread I noticed throughout all the component presentations was the assumption that I was the new guy coming into the organization. Most of the presentations talked about reviewing the old program and identifying how you would change it. I asked the panel if the same techniques would work for someone who had been in the saddle for a while. For the most part, they said yes. Some interesting comments they shared included:


  • Maybe CISOs are like baseball managers and just need to circulate periodically
  • Communications and politics are very important for success
  • A number of CISOs have returned to more technical roles or consulting
  • Be an opportunist regarding security events to raise awareness and funds
  • Establish a portfolio of threats and recommendations for remediation

The second session I attended was the one discussion burnout in the INFOSEC community. Based on personal observations of its members, there is an unusually high rate of burnout in the INFOSEC community. The community is collecting hard data to confirm these observations. You can help by participating in the survey at Please contribute if you can. They only have about 120 data points presently and need more to draw meaningful conclusions from the data.

The burnout session really made me think hard. It will get its own blog post.

The third session I attended today was on making the move from one job to the next. Jeff Combs was rhe presenter. It was very helpful from a hiring manager position. I was able to see how someone who reviews resumes for a living Interprets resumes and how he helps people better organize theirs. I also heard how he uses social media to this clients. Overall, it was very insightful.

The final session I attended discussed how to be a change agent in an environment that is constantly changing. I had to leave early due to another commitment but whT I took away from the session was that you just need to a clear and concise message about your change and thencommunicate the living crap out of it. As security professionals we aren't always the best communicators. Some focus on the soft skills like communication might make us more effective as a group. At the very least we should consider making friends it's the Public Relations and Marketing Departments.

I wrapped up the day with the RSA Welcome Reception in the vendor area. The vendor area is just massive with all the big vendors and some of the up and coming ones. I spoke with some of them but certainly not all. In fact, I only got about half way through the floor in two hours. I'll be heading back several times before it's over.

More to come on Day 2...