Fears of the coronavirus made the recent RSA Conference in San Francisco different than any previous security conference. Here are RSAC 2020 details and future questions.
It was Sunday, Feb. 23, 2020, and I was packing my bags for an early morning flight from Detroit to San Francisco for another week at an RSA Conference covering all things related to cybersecurity. The conference theme this year was “The Human Element,” which became an ironic choice of words.
While reading-up on the best sessions, pre-conference news and other hot cyber headlines, I noticed that several large companies had pulled out of the conference because of coronavirus fears.
Here’s an excerpt from the Business Insider article that grabbed my attention: “Verizon pulled out of the RSA Conference on Friday, joining competitor AT&T and IBM as large sponsors with coronavirus concerns abandon the cybersecurity trade show that was expected to draw more than 40,000 to San Francisco next week. …”
The RSA Conference website offered this webpage with coronavirus updates; however, the information was sparse and seldom updated. No new updates were added after Feb. 25, which started with this less than comforting news, “Today, the City of San Francisco declared a State of Emergency to begin preparations around any future coronavirus outbreaks. The City stated that residents and visitors remain at low risk for becoming infected with the coronavirus and that the number of cases within the City remains at zero. …”
My Delta flight was overbooked, and the airport seemed packed on Monday morning as I traversed through TSA security lines in Detroit. Several TSA officials wore face masks, and most of them were wearing plastic gloves, which I had not seen before.
Thankfully, my flight arrived early, and I was able to attend most of the RSA Public Sector Day at the San Francisco Hilton by Union Square. There was an excellent agenda of topics and federal, state and local government speakers on issues ranging from ransomware attacks to risk management practices.
RSA Conference 2020 Highlights
There were many excellent sessions and speakers throughout the week. While not the focus of this blog, I encourage you to visit the RSA Conference channel on YouTube to watch various keynote and breakout sessions. Here is one example (and you can see other presentations on the YouTube sidebar):
As far as RSA Conference headlines, here are a few topics worth exploring (with lots of embedded links and related stories):
Meanwhile … Back on the Show Floor
Attendance was clearly down at the 2020 RSA Conference, especially on the exhibitor floor where the vendor booths are located. Initial forecasts in January anticipated 45,000 attendees, which would have been an increase of 3,000 over last year.
On Friday, Feb. 28, an RSAC press release reported 36,000 attendees were at the 2020 RSA Conference, but that number seems too high to me. I wonder: Did all the people who bought tickets actually show up? Also, what about attendees who came for one day or one hour and left early?
What I can tell you from the perspective of show floor exhibitors, where I spent a large percentage of my time, is that foot traffic seemed to be mostly other exhibitors with far fewer “blue-badge” attendees than last year. I heard “word-of-mouth” estimates ranging from 30 to 50 percent fewer show floor attendees; however, those numbers came from about a dozen random exhibitors.
Perhaps conference attendees did come to the presentations, but just avoided the expo booths to not shake hands or interact with solution providers?
Meanwhile, the main topic on the floor among exhibitors (when not selling their products and services) was the coronavirus and not computer viruses (or malware or ransomware or other aspects of cybersecurity).
People stood their distances, and when exhibitors did shake hands with attendees, most people immediately used hand sanitizers. Conversations were generally shorter and farther apart than in previous years. Some attendees walked around wearing masks (but that was rare).
Headlines of confirmed cases in California that came via “community spread” were not encouraging. Here’s an excerpt from Fox News: “Jennifer Nuzzo, a senior scholar at the Johns Hopkins Center for Health Security, told The Washington Post that the virus is likely starting to spread throughout the state,
‘I think there’s a strong possibility that there’s local transmission going in California,’ she said. ‘In other words, the virus is spreading within California, and I think there’s a possibility other states are in the same boat. They just haven’t recognized that yet.’"
While the RSAC vendor parties seemed pretty crowded in the evenings, restaurants and bar staff said the traffic was slower than last year. Everyone was thinking, is the coronavirus being spread right here at RSAC events?
One hotel worker told my boss, “Thank you for coming to San Francisco, because the next three conferences have canceled. People will not be coming, and I may be out of work."
On the Human Element in Cybersecurity
This 2020 RSA Conference blog description is in no way intended to undermine the vital importance of the human element in cybersecurity. On the contrary, my readers know that building a culture of security and keeping security awareness training positive and engaging with fresh content have been top themes that constantly show up in my blogs. I work for a leading security awareness company, and I applaud the choice of the human element as this year's RSA Conference theme. The planning committee had no way of knowing that the coronavirus would strike when it did.
Nevertheless, there are many lessons that the technology and cybersecurity industries must learn from this global coronavirus pandemic right now, and each of us needs to take a big step back and determine what actions we need to take for our families, our businesses, our governments and our communities. Bottom line, the coronavirus topic was the "elephant in the room" in San Francisco last week.
Thoughts on Our Near-Term Future
On the way home, I read stories of technology and other business conferences being canceled all over the world. The stock market closed the week down a record 3,600 points. CNN and FoxNews were full of coronavirus impact stories on topics ranging from school closings to politics to how to wash your hands.
I pondered what all this meant for the weeks and months ahead. Will we have a global recession? Will my upcoming conferences and travel be postponed? How will business interactions change in America? How long will this last? What should governments be doing now? What online scams and cyber tricks are coming next in this new world?
(Side note: I remember previous flu emergency response situations during my years in Michigan government, but this pandemic seems different. Government leaders need to dust off those plans and develop “what if” scenarios now.)
As I was getting off the plane on Friday afternoon in Detroit, several people were taking longer than normal to get their bags from the overhead compartments. As I waited my turn to exit the plane, the stewardess was clearly frustrated with the delay and made the announcement, “We have a very sick person on the back of the plane with emergency medical staff on the way. Can you quickly clear the aisle?”
“Wow — that’s encouraging,” someone near me said (and everyone was thinking).
The airport was much less crowded on Friday afternoon than on Monday morning. Baggage claim went fast, and it was wonderful to see my wife and kids and arrive home again in mid-Michigan.
Looking back, I never thought the fear of a human virus infection would steal the show at RSAC. The conference organizers certainly got that right, but in an unexpected way.
Right now, the coronavirus is THE HUMAN ELEMENT, for cybersecurity pros and everyone else.