Your RSA survival guide: How to get the most out of security conferences

With RSA just around the corner and Black Hat (aka Hacker Summer Camp) following a few months later, we were curious to find out if security practitioners still find value in these “mega” conferences. So, we posed this question to the r/cybersecurity community:

‍

As you can see, almost 40 people chimed in with their thoughts (thanks r/cybersecurity!). We’ve summarized some of the common themes here to help you get the most out of RSA (if you’re going) and perhaps earmark a few other conferences that might be worth checking out in the future.

‍

Finding connection in the chaos

Here's the not-so-secret secret: networking is still the crown jewel of these events. As u/brunes wisely notes, "It's the only time of the year pretty much everyone in the industry is in one place in person." But with events hosting more people than a small city, how do you make meaningful connections without getting lost in the crowd?

‍

Here are some tips distilled from the Reddit thread:

• 🗓️ Pre-conference planning is your best friend—research speakers, map out sessions, and identify who you want to meet. As u/phoenixcyberguy shared, “When I attended in the past, I'll review the session offerings and make a list in priority based on where my role at work is currently and where I see things going.”
• 🤝 Start reaching out to those you want to connect with at least a week in advance, before everyone's calendar looks like a game of Tetris.
• 🎯 Skip the generic keynotes for specialized tracks, roundtable discussions, and smaller talks where the real learning happens.
• 🌙 After-hours events are not only fun, but can be more valuable for networking than the daytime sessions (plus, better snacks). Pro tip: Consult this handy list of RSA events to plan your evenings.

‍

Wait, people actually like the expo hall?!?!

After years of working trade show booths and watching attendees avoid eye contact like it might light them on fire, this one came as a bit of a surprise. There were multiple comments from people who like to go check out the expo hall, especially from the perspective of seeing what’s new, like this post:

‍

As always, there was also some skepticism about the vendor-heavy nature of the conference, but Redditor u/Das_Rote_Han had some good advice for how to approach the expo hall strategically:

‍

And, the prize for the most entertaining comment about the expo hall goes to…

‍

Alternative routes: The roads less traveled 🛣️

If big crowds aren’t your thing, don’t fret. The security community seems to have created something for everyone, even a security cruise! Here are some of the other conferences and  options to sharpen your skills without breaking the bank:

• BSides Events: Technical depth and smaller crowds, allowing for more focused learning
• Smaller Conferences and Regional Security Meetups: Quality networking opportunities without extensive travel requirements.
  • u/Square_Classic4324 and u/SkierGrrlPNW had several specific recommendations (in addition to more votes for BSides):

• Industry-specific ISACs like FS-ISAC: Learn from others facing similar regulatory requirements, company goals, and security challenges.
• Virtual Conferences: Cost-effective, and you can learn in your pajamas (we won’t judge)

‍

The bottom line 📊

Large conferences aren't dying—they're evolving. You can get a lot out of the big conferences with some advanced planning and tailoring your approach. And, you can keep learning all year round by mixing attendance at major events with smaller, focused gatherings in your area. And remember: the best conference strategy is the one that works for your specific needs and goals.

‍

Just don't forget to pack your noise-canceling headphones. Trust us on this one. 🎧

‍

Interested in meeting up with the Nudge Security team while you’re at RSA? Get in touch with us here.