Gartner Blog Network

RSAC 2014: Buyouts and Boycotts and Allegations, Oh My!

by Ben Tomhave  |  February 4, 2014  |  1 Comment

Unless you’ve been living under a rock, you’ve undoubtedly heard about the various revelations from the Snowden files, with which he absconded from the NSA. In a [Reuters article] last year it was alleged that RSA – the namesake and official owner of the RSA Conference (RSAC) – had accepted a single payment from the NSA to prominently place a flawed algorithm into their BSAFE crypto library (read more here). RSA has denied those allegations.

But this post isn’t about the alleged deal… it’s about the reaction that’s come from within the security community against the annual RSA Conference. Specifically, 9 speakers have withdrawn from the event in protest over the allegations described above. Some have also urged keynote speaker Stephen Colbert to withdraw as well. At the same time, a competing conference has also popped-up that has given a new home to the withdrawn speakers and their content.

Toward that end, I hopped on the phone and spoke with Hugh Thompson, Program Committee Chairman, responsible for content for the entire conference. Hugh also gets to have a little fun hosting “The Hugh Thompson Show” as the warm-up for the closing keynote.

On the Relationship Between RSAC and RSA…

The RSA Conference is indeed owned by EMC/RSA, but that’s about as much “ownership” as the corporate entity exerts over the event. Much of the operation has been outsourced to third parties, and the content is fully managed under Thompson’s watchful eye, with each track managed by volunteers who review and select the talks. Says Thompson, “there’s a solid degree of separation between the two.” As such, while the event does bear the name of the corporation, there is really very little sensibility in boycotting the event, at least in terms of meaningful impact on RSA (the corporate entity).

On the Impact of the Boycott, Buyout, and Competing Events…

So, what exactly has the impact been thus far? As noted above, 9 speakers have withdrawn from the event. And, while Thompson says it’s regrettable to lose their content, the actual impact is negligible. He noted that there are about 560 speakers for this year’s event, and also pointed out that every track selects alternates as a proactive step to guard against the inevitable loss of speakers from various causes.

One of the notable cancellations was OWASP reneging on their contract, pulling their training from the program. However, Thompson says that the IAPP has quickly stepped up with a great privacy-oriented track to back-fill the loss of the training. Overall, he said that there is a very exciting theme evolving around privacy and securing the human element this year, which he’s very excited about.

Last year, RSA reported a new record with “more than 24,000 attendees” (total, including expo-only attendees) for the event, and this year is expected to be even bigger. They have expanded into Moscone West, where most of the tracks will be held. The keynote is moving to the “esplanade” area of the complex, and they have also added something called “The Viewing Point” ( from whence people can also watch the keynote sessions.

Perhaps the most disconcerting impact of the Snowden fallout has been what Thompson terms an unexpected “denial of taco attack” through the “hacker buyout” of nearby restaurant Chevy’s (Wednesday 11am – 5pm). During the interview, Thompson sounded almost wistfully distraught about the counter-event, commenting that he hoped take-out orders might at least still be honored. 🙂

As with most years, there are of course competing events occurring. RSAC and B-Sides San Francisco have long since made peace, but we did wonder about the impact of the new “TrustyCon” event, which has popped-up as an alternate venue for the 9 withdrawn speakers, among others. Thompson noted that there are “a bunch of private events that always pop-up around the conference week.” He was glad that these speakers have found a new home for their content and remarked that the “topics sound interesting.”

What’s a Client To Do?

Overall, this year RSAC sounds like yet another excellent event. Despite some high-profile withdrawals, the content is expected to be very strong, with a particularly strong focus on privacy and the human element. As far as they know, no vendors have withdrawn from the event, and all speaking slots have been readily filled with alternates. Thompson expects this conference to be the best and biggest yet, which would really be an amazing accomplishment.

For those who do feel that they need to cancel their attendance, you have limited options at this late date. Under event policy, “After January 24th, 2014 [RSAC] will not be able to refund your registration if you cancel, however you can make a substitution at any time for a $125 fee. Please see the substitution policy for details. If you don’t attend the Conference and have paid your registration fee, you will not be refunded.” As such, we highly recommend following-through with attendance plans as there will be a lot of good content, as well as myriad networking opportunities.

As a closing note, several Gartner analysts will be in attendance during the week (including me). If you’re interested in meeting with someone while you’re there, then please contact your client engagement / research engagement specialist. Otherwise, we hope to see you at a Gartner event later this year!

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: event-notes  

Tags: 2014  controversies  rsac  

Ben Tomhave
Research Director
1 years at Gartner
19 years IT Industry

Ben is conducting research within the Security and Risk Management Strategies team under Gartner for Technical Professionals.

Thoughts on RSAC 2014: Buyouts and Boycotts and Allegations, Oh My!

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.