Skip navigation

Hello, San Francisco! Survival Tips for Attending RSAC 2017

Heading to RSAC 2017 in San Francisco this year? Whether you’re a first-time attendee or a seasoned pro, it can be a challenge to get through without at least some stress. But don’t sweat it; I’ve got some general tips to guide you.

Plan, and Then Plan Some More

First things first: Let’s talk about your tech. Leave home as much of it as possible. These days, you can get by with a phone and the proper apps. If you like to take notes and insist on some type of larger device, maybe bring a tablet or Chromebook, but the idea is to free yourself up tech-wise as much as you can stand. Before the conference, load up all of the apps you’ll need, including the official conference app, which has the complete schedule and maps of everything within the physical conference space. Patch everything and do your backups. Bring your chargers, and buy one or two of those portable batteries for your phone/tablet to carry with you – your devices will drain faster than you might think. And don’t forget the earbuds!

If you must bring a laptop, make sure you have a personal firewall up and running with all ports off, disable Wi-Fi and Bluetooth unless you really, really must use it, and turn it off when you’re done.

For more on traveling with your tech, check out my recent blog post discussing holiday travel – a lot of advice there applies.

Your clothing choices are also key. Dress comfortably in breathable clothes, and wear comfortable shoes; you’ll be doing a lot of standing, walking and sitting in crowded rooms. Bring an empty water bottle you can refill to keep hydrated, and I usually pack a supply of granola bars so I have couple with me during the day. I’d also recommend a comfortable backpack, purse or satchel made of knife-resistant material (to thwart those knife-wielding pickpockets) for everything you’re carrying around.

I hope you don’t have to bring any traditional business attire – lots of folks go to RSAC but barely attend the conference itself because they’re in meetings with potential clients, vendors and partners. If that sounds like you, I’d do everything possible to avoid stiff suits or skirts at the conference proper, because 1) they'll be wildly uncomfortable by the end of the day, and 2) everyone will think you work there and keep asking you for directions to the restrooms – I’ve seen it happen!

Preview the schedule on the conference app on your phone, and if you’re a full session attendee you’ll probably hit up a number of the session talks. It’s a good idea to have each talk you want to attend lined up, plus a backup in case your first pick is full. If two talks you want to see are at the same time and you need to break the tie, try to attend the one where you might be more likely to ask questions. Keep in mind, most of the talks are recorded and you can view them later, so no big deal if you miss one.

You Are Here

After you’ve checked in at the hotel, try to check in for the conference as soon as you can. If you arrive early enough in the day on Saturday or Sunday, you may be able to check in (you can find check-in times on the RSAC website or app). Monday and Tuesday have long conference check-in lines, so get there early if you can’t do it on the weekend. When you check in and get your lanyard, you’re often handed what I refer to as “the bag of crap,” loaded with stuff like swag from sponsors and various fliers. I usually go through it, see what I can live without and then hand them back the bag. The main thing is just getting the lanyard, no point in having extra junk to lug around.

Turn off unneeded services on your tech! Disable Bluetooth, and I would avoid using the conference Wi-Fi, so leave that off as well. I would also avoid any free Wi-Fi anywhere at or near the conference, like hotels and coffee shops. This is a security conference, and while it’s not quite as volatile as DEF CON’s network, there’s still a risk. But you’re a security professional, so no problem – turn off your phone’s Wi-Fi, use the data plan on your phone, and if you must use another device like a laptop, tether it to your phone for interwebbing. Use a VPN, use strong passwords, and use 2FA!

Other Conference Fun Stuff

The keynotes on Tuesday morning and Friday afternoon are usually the most crowded events, so decide if you want to stand in a long line to see it in person, watch it from one of the two viewing areas (at least they had two in 2016), or follow the live stream on your phone (one of many reasons to have your earbuds at the ready). And feel free to just skip them – the Friday one is usually a celebrity that has nothing to do with our industry, so unless you really want to see Seth Meyers make jokes about nerds and generally not get our industry, you can probably have a more productive time doing “hallway con” with some colleagues.

A word about the expo floor – this is a sea of millions of vendors (well, a few hundred, but damn) usually housed in not one but two areas. You’ll see everything from excellent companies with fun, creative booths to sad, small companies spending the last of their VC money in a desperate attempt to make it to the next round of funding. Some attendees make a game out of trying to get as many vendor t-shirts, whistles, letter openers, keychains, pens and every other branded piece of swag imaginable, so if that’s your thing you’ll find this to be a treasure-ladened environment. Unless the swag is really great (like a book you wanted to read, or a black hoodie like those kind the hackers wear in Shutterstock photos), I usually avoid it… although I do admit I’m a sucker for tech-themed stickers.

Some Conference No-No’s

Don’t collect USB sticks, especially if they’re lying around in the restroom (eww!) or on a table in a common area near food. Don’t sit down and tell someone you just met every last detail about your insecure network. And while talking to a vendor in a booth about a solution is great (always ask tough questions!), I’d avoid spilling your technical guts to them unless you’re in a private area where you won’t be overheard.

Don’t hack at the conference. Trust me, this will be a target-rich environment for sure. But while this type of illegal behavior is nearly a tradition at hacker conferences, it’s frowned upon with great legal vengeance at more conservative events like RSAC.

A general rule of thumb – if the person introducing the keynote is dressed for a funeral, don’t hack there. If they are wearing a black t-shirt, you probably still shouldn’t do it, but if you do and get caught they probably won’t press charges.

Final Words

Have fun! It can be a long week. Remember to try and get plenty of restful sleep at night so that you’re recharged for the next day. Don’t attend too many vendor-sponsored parties, and don’t drink or 420 yourself silly. Do that “networking with people” thing I keep hearing about, be flexible to changes (especially if you have no control over them), and most importantly stay vigilant and safe!

Mark Loveless

Senior Security Researcher

Mark Loveless is a Duo Labs researcher who also goes by the name Simple Nomad on the interwebs. He is not overly paranoid in spite of the fact that evil alien robots are stealing his luggage when he travels.