Making the most of your time at the RSA 2023 conference

Ben Rothke, CISSP, CISM, CISA, is a Senior Information Security Manager at Tapad

Going to RSA 2023? Failing to plan is planning to fail.

With the RSA 2023 conference starting on April 24, now is the time to plan your trip. Attending the conference requires a significant time and monetary investment. I’ve been attending RSA for a long time, and here are my tips attendees should consider to ensure their time and money are well spent.

Register early – hard to believe, but some people show up at the conference thinking they or someone they tasked has registered for them. So make sure to register and know that the earlier you register, the more you can save. While the early bird discount ended on January 6, the discount rate is effective through March 24. Showing up the week of April 24 and registering at the conference will cost you more.

Book your hotel now – San Francisco is a small city with a shortage of hotel rooms for large conferences such as RSA and Dreamforce. If you didn’t book yet, do that now at the conference hotel site. Note that to get the conference discount, you must be registered.

The number of available hotel rooms in San Francisco has pretty much stayed the same, but the number of RSA attendees has increased. Many hotel rooms in the Moscone Center area are 2-3 times above their regular price, given the amount of RSA attendees.

Alternatively, sites like Hotels.com may have other and cheaper options. But be aware that some listings are so low as they have shared bathrooms and need other basic amenities that business travelers expect.

Create a schedule – Most people attend the conference to learn as much as possible. Others go for the famous RSA parties. For those that want the learning experience, here’s a complete agenda of all sessions where you can create a personalized schedule and reserve a seat. There’s a massive amount of sessions to choose from, so take the time to peruse and build your customized program.

When I say huge, I mean it. Having just created my schedule, there were at least 2-3 interesting sessions at many slots I wanted to attend.

There is a large amount of sessions, which are broken up according to the following 23 tracks:

1. Analytics, Intelligence & Response
2. C-Suite View
3. Cloud Security & Cloud Sec Ops
4. Connected Devices & Cyber-Physical Security
5. DevSecOps & Application Security
6. Fraud Prevention
7. Hackers & Threats
8. Hackers & Threats Advanced
9. Human Element
10. Identity
11. Inclusive Security
12. Innovation & Entrepreneurship
13. Law
14. Machine Learning & Artificial Intelligence
15. Policy & Government
16. Privacy
17. Professional Development & Personnel Management
18. Protecting Data & the Supply Chain Ecosystem
19. Risk Management & Governance
20. RSAC Sandbox
21. Security Mashup
22. Security Strategy & Architecture
23. Technology Infrastructure & Operations

In the past, some attendees got enraged, arriving (most often late) and finding the session they wanted to attend was full. Somehow, a few hundred other people managed to get there on time. You can reserve a seat before the conference at the agenda page, which helps ensure you can attend your preferred sessions.

Know which vendors you want to meet – in years past, there were over 600 vendors on the various expo floors. As of this writing, the vendor list has 476 vendors listed. And that number will most certainly increase as more vendors sign up to be at the conference.

The expo halls are massive, overwhelming, and loud. Spend time reviewing the exhibitor list in advance and get a feel for the vendors you want to meet with.

Once there, think twice about spending half an hour sitting through a vendor pitch to enter a drawing for drone or similar prize. For me, my time is better spent speaking with the technical staff at the booths. You can get valuable insights into how their products work and solve your security issues. This is especially true if you are already a customer. Don’t squander your limited time just to bring home a hat or beer holder.

Wear comfortable shoes – you’ll be doing lots of walking at RSA. With events in the south, north, and west Moscone Center, combined with the long expo floor aisles, you don’t need a podiatrist to tell you comfortable shoes are a must.

Chat with a legend – the conference has many illustrious industry personalities. The good news is they are approachable and often happy to share quick advice. Be it RSA themselves (Ron Rivest, Adi Shamir, Len Adelman), Bruce Schneier, and many more. RSA may be a huge show, but you can also pick the brain of and meet some of the best minds in the business.

If you would rather chat with a legend over deafening music in a crowded club, the many RSA parties afford such opportunities.

Don’t use the conference bag – RSA gives attendees great high-quality backpacks. Since thousands of people will be using identical 2023 conference backpacks, often without nametags, many get switched and lost forever from their rightful owners. Bring a different backpack if you don’t want to be an accidental RSA conference bag switch victim.

Be safe – San Francisco has changed a lot, and even though it is a relatively (that’s relatively with a lower case r) safe city, there are still safety issues that an attendee needs to consider. While it’s impossible to know when, or even if, you’ll become a victim of a crime in San Francisco, there are ways to reduce the odds.

San Francisco’s halcyon days of Tony Bennett leaving his heart in San Francisco have long past.

The bottom line is that a tourist to any city, including San Francisco, needs to know their surroundings and where there are and have the necessary situational awareness to ensure their safety.

My time at RSA – As for me, I’ll be at the conference and giving a presentation on Implementing and Managing Electronic Data Disposal and Destruction on Monday, April 24, at 8:30 AM.

I’m also a member of the Cybersecurity Canon, and I will be at the conference bookstore with some of the members. There will be extra copies of the Canon Hall of Fame books and author signing sessions. Canon members will be at the book concierge desk (think of us as security book sommeliers) at times yet to be determined.

I hope to see you at RSA in San Francisco in April!

About the Author

Ben Rothke, CISSP, CISM, CISA, is a Senior Information Security Manager at Tapad and has over 20 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design & implementation of systems security, encryption, cryptography, and security policy development. Ben is the author of Computer Security – 20 Things Every Employee Should Know (McGraw-Hill) and a co-author of the upcoming The Definitive Guide to PCI DSS Version 4: Documentation, Compliance, and Management (Apress), and writes security and privacy book reviews for the RSA Conference Blog and Security Management magazine. He is a frequent speaker at industry conferences, such as RSA and ISACA, holds numerous industry certifications, and is a member of ASIS, ISACA, and InfraGard. And holds CISM, CISA, CGEIT, CRISC and CISSP certifications