What Did You Miss at RSAC 2024?

Each year, the RSA Conference brings together thousands of cybersecurity professionals for four days of expert perspectives, groundbreaking innovation, and best practices. Zerofox VP (who you might know as the host of the Unspoken Security podcast), AJ Nash, attended and connected with other notable cybersecurity experts. In this post, AJ shares his top takeaways. So, whether you were there and want a recap or you weren't able to attend this year, get an insider's perspective on the big takeaways from RSAC 2024.

Zerofox VP AJ Nash Shares His Top Takeaways

Another RSA Conference has come and gone…fast! It was a whirlwind of meetings - formal and informal - demonstrations, and media and public relations opportunities. While I enjoyed catching up with old friends and making a few new ones, I also spent more time this year considering how the conference compared to previous years I’ve attended.

RSA Conference Is Still BIG

Before the COVID-19 pandemic, RSA Conference was THE big event on everyone’s calendar…and it showed. Conference leadership reported an estimated 40,000 to 43,000 people attended annually and I don’t doubt it. The halls were always full, vendor booths were packed, and long lines of people waiting to get into the most popular talks were a common sight.

The pandemic brought attendance way down, culminating with the 2021 event being completely virtual. This led to some whispers about the end of large cybersecurity conferences. But, to paraphrase Mark Twain, reports of the death of cybersecurity conferences were greatly exaggerated. While the official numbers aren’t published yet, I suspect attendance will be reported at pre-COVID levels. RSA Conference is, again, the biggest event in cybersecurity.

New Cybersecurity Players Made Big Swings

Something that struck me immediately and throughout the week was the number of massive vendor booths for companies I had never heard of before. At first, I worried this was just a reflection of my disconnect from the industry and I feared I’d lost my way on competitive intelligence. But, in conferring with others, I realized many of us had the same feeling. I don’t know if this indicates an influx of new money from private equity firms or small companies choosing a “big swing at RSA Conference” strategy, but something felt decidedly different.

Additionally, the trend of booths on the vendor floor that represented foreign nations continued to grow, as Germany, Saudi Arabia, South Korea, and Spain (along with multiple booths tied to U.S. Government agencies) were all represented. The push to advertise cybersecurity communities and business opportunities at a national level is interesting and - based on the foot traffic - popular.

Expansion Beyond the Moscone Center

While the RSA Conference is hosted at the Moscone Center in San Francisco, the last few years have seen some large companies secure storefront space nearby to set up their own venues for hosting customers and prospects. This year proved that venue strategy is no longer limited to multi-billion dollar public companies. Some relatively small firms (sub $250M valuation) chose this path, creating significant buzz and traffic outside of Moscone…even during daylight hours. Additionally, the trend toward using hotel suites for meetings has grown to the point that several firms bypassed the RSA Conference event and vendor floor entirely.

Buzzword Bingo Persists Among Vendors

A few years ago, the most popular technology being talked about and sold as the cybersecurity cure-all was “blockchain.” Last year, “Zero Trust” was all the rage. Unsurprisingly, 2024 was the year of Artificial Intelligence (AI) at the RSA Conference. Most, if not all, vendors had some reference to AI. But few could articulate how they were using it. More disturbingly, discussions about the integrity of the Large Language Models (LLMs) were few and far between. It’s hard to know if that reflects booth staff training or exaggerated claims from corporate marketing teams that informed this year’s booths. Either way, it was a reminder to remain skeptical about buzzwords thrown around in cybersecurity.

The Unified Platform Is Back!

As funding shifts like a pendulum, so do cybersecurity strategies. When credit is cheap and money flows freely, a popular gambit is to cobble together several “best of breed” vendors into an overall security apparatus. Conversely, during credit crunches that create pressure on spending (as we’ve been seeing for the past year), priorities shift to consolidation. This strategy reduces the friction created by custom integrations, provides cost savings through enterprise licenses, and limits the effort needed to manage too many vendors instead of a few trusted partners. 

Another advantage of unified platforms is connecting content that is often otherwise trapped in silos, such as threat intelligence, attack surface, physical security, insider threat, and incident response. This is the primary reason that, as an Intelligence professional, I’ve always advocated for unified platforms -  even when budgets are big - because building a holistic security program that connects all the dots to reduce risk is still the best strategy. And that is SO much easier to do when all the data is structured the same and designed to work together in one system.

Bringing it All Together

I enjoyed connecting with colleagues and friends across the security community again to compare notes on where security is going and what is real vs hype. These moments remain the biggest value of attending such large conferences. I was struck by how companies evolved their messages and where they put their efforts and resources toward delivering them to potential customers. The ongoing push of technologies emphasizing collaboration, efficiency, and proactive defense was unsurprising, yet felt noticeably stronger than in recent years. Unfortunately, that included too many companies pushing AI as the cure-all; a trend we see with nearly every new or emerging technology. While AI is interesting - perhaps revolutionary - it won’t solve all of our security problems today…if ever.

More than anything, RSA Conference 2024 reassured me that immense geopolitical and economic pressures didn’t slow security innovation or shrink our industry. As we continue battling the hordes of cybercriminals and nation-state actors that threaten our technologies, data, and people, our industry desperately needs to keep growing and challenging each other to defend against these threats. RSA Conference 2024 demonstrated enough growth and competition to (at least) keep pace with those threats.

Tags: Cyber Trends, Cybersecurity, RSA Conference, Unified Platform