RSA Conference 2020

Moscone Center (North, South and West)

San Francisco, California
February 24 – 28, 2020

  • Attendees: 36,000+
  • Speakers: 704
  • Exhibitors: 658
  • Sessions: 520
  • Sponsors: 78
  • Media Partners: 40

Calysto’s Take

Though more subdued than in previous years – less hand-shaking and with hand sanitizer everywhere– RSA Conference (RSAC) is one of the largest conferences in the area of cybersecurity. As such, it’s an event not to be missed by information security professionals, whether established industry veterans or newcomers to the field.

RSAC 2020 in San Francisco took place as planned, despite fears of the coronavirus prompting three major industry leaders to pull out just days before. AT&T, IBM and Verizon were among the 14 companies that decided not to participate in the annual security conference this year. An estimated 1.2% of attendees officially cancelled their registration (it’s unknown how many others just didn’t show up; reported 2019 attendance was closer to 42,000). Organizers took pains to reassure those still attending that the spreading virus threat, which originated in China, was top of mind and under control – even emphasizing that the majority of the attendees and exhibitors (82%) were from within the USA, though the mega-show is billed as a global event.

With 36,000+ in attendance, 500 sessions and 650 exhibitors, it is easy to become overwhelmed by the largess of this conference. Building a plan and strategy prior to the event is a must – even for experienced attendees – to get the most out of the week. It’s impossible to see it all, so take advantage of the conference’s online agenda search and scheduling capability to help you zero-in-on which sessions, panels, tutorials, topics and tracks are most suitable to your particular goals.

Industry veterans will find that RSAC is time well spent. You will be able to network with thousands of your peers in the industry, while hearing about the latest cybersecurity-related research and gaining insights and intelligence from top experts in the field. The week is jam-packed with keynotes, in-depth tutorials, sessions, networking opportunities and hands-on experiences that improve your knowledge of the latest industry issues and best practices that will help you stay on top of the latest cybersecurity threats. RSAC is also the perfect venue to highlight your company, gain recognition and build your reputation by participating as a speaker, panelist or exhibitor.

Tony Surak, CMO of DataTribe, a cyber and data science start-up foundry, highlighted the networking value of RSAC. “Our portfolio had many productive prospect and investor meetings. This is enabled by the fact everyone comes to RSA.” He added that the crowded, noisy show floor is really “a side show.” The real value of attending RSAC lies in the massive number of industry peers in one place and potential for making new connections.

RSAC caters equally – if not more so – to newcomers in the field. A “Know Before You Go” webcast is offered prior to the conference, and the first full conference day (Monday) includes a First-Timers Orientation and Networking Reception. Industry newbies have a dedicated show floor, the Early Stage Expo, where they set up kiosks to highlight their innovative solutions. A “Shark Tank” style forum, called the RSAC Launch Pad, lets three very early-stage start-ups pitch their ideas to a team of cybersecurity venture capitalists (VCs). Another 10 selected start-ups can present their new solutions in front of a roomful of cybersecurity experts, and offer hands-on experiences at the RSAC Innovation Sandbox. The conference even reserves a day for college students. Recent graduates and faculty can attend – for free. Selected “RSAC Security Scholars” can present their research to a panel of industry veterans.

Calysto’s Show Overview

RSA Conference USA has come a long way since its debut in 1991. It is now one of the largest and most popular conferences in the area of cybersecurity, typically bringing together some 40,000 security professionals to present research and discuss all things related to cybersecurity – anti-fraud tools and techniques, best practices and strategies, emerging trends and future challenges. [As an aside, RSA stands for Rivest, Shamir and Adleman, the inventors of a data encryption/decryption algorithm they dubbed the RSA algorithm using the first letters of their last names.]

This year’s RSA Conference events and activities took place at San Francisco’s newly reconstructed 300,000 square-foot Moscone Convention Center which comprises three separate buildings (North, South and West) situated on two adjacent blocks in the heart of the downtown area. Good walking shoes are required! Shuttles to/from nearby hotels run every 15 minutes during peak service hours and every 30 minutes during mid-day service hours.


This year’s theme “The Human Element” – the role humans play in cybersecurity – was woven throughout all keynotes, sessions, and hands-on experiences. The intertwining of people and technology was reflected in the majority of the 2,400 applications received for speaking opportunities – and hence became a central focus of the show. “People—humans!—are the stars of the industry and the most important promise of the future,” explained Britta Glade, director of content and curation for the RSA Conference. People are at the very core of a successful cybersecurity strategy—as individuals (what skills do we need?), as diverse teams (how do we build the right teams for the challenge at hand?) and as partners with technology (how do we best harness the latest technologies?).

Adding a bit of thought-provoking fun, attendees were invited to embrace their own “human element” with a button to wear, reflecting who they are as a person (i.e. game-changer, dreamer, geek, renegade, peace-maker, hacker, etc.).

Keynotes and Conference Program

Some 29 keynotes, delivered in-person and live-streamed, provided unique insights and perspectives on all facets of cybersecurity. A range of topics included Cyber-threat Landscape, Geopolitical Risks, Privacy as a Human Right and the Psychology of Fear. Speakers came from a variety of industries, as cybersecurity touches all. Mary Barra, Chair and CEO at General Motors, addressed the high stakes that come with self-driving cars and biometric-enhanced vehicles.  “We need more talent, a lot more,” she said. Estimates indicate that there could be nearly unfilled cybersecurity jobs by 2022. Wendy Nather, Head of Advisory CISOs at Cisco, got attendees thinking about “democratizing” security.  Spoon in hand, she asked, “What if we designed security to be as easy to use as a spoon?” Cybersecurity and Infrastructure Security Agency Director Christopher Krebs got the audience thinking about the safety and security of Social Security numbers, asking “What are the things we can do down the road to help ensure that we have a more secure identity? Move away from the Social Security number as an identification element.”

The packed 6-day RSA event kicked-off with two days (Sunday and Monday) of in-depth tutorials and training for those looking to increase their knowledge of specific cybersecurity areas. This included crash courses in cloud security fundamentals, threat hunting and lethal security techniques and implementing critical security controls. Trainees also learned how to understand and measure their organization’s security culture. Getting a handle on cybersecurity requires more than knowledge of the technology. A business transformation – organizationally and culturally – is crucial to success.

The rest of the week featured more than 500 sessions and nearly 700 exhibitors from across the industry. Overwhelming to say the least. A Session Classification filter on the RSAC 2020 website agenda page helps to make this manageable and narrow down the sessions most beneficial to your particular needs. Over 20 session topics/tracks, such as analytics intelligence, artificial intelligence (AI), mobile and IoT security and risk management to name just a few, are further broken down into dozens of sub-categories, then into 12 delivery formats (keynotes, panels, seminars, labs, etc.). Sessions were also classified as General, Intermediate or Advanced, and by “type” (traditional sessions, networking, interactive learning, seminars, etc.). Creating a plan and building a schedule is the only way to make the most of the week.

Sandboxes, Villages and Zones

The RSAC Innovation Sandbox program, back for the 15th year, highlighted innovation in cybersecurity. Attendees explored a dozen “sandboxes,” each offering a hands-on, interactive experiences where attendees tested their cybersecurity skills and hacking abilities, and learned new techniques. Sandboxes (also called “villages”) this year covered the aerospace ecosystem, car hacking, Industrial Control Systems (ICS), the Internet of Things (IoT), medical devices, supply chains and – perhaps of particular interest this election year – voting machine hacking.

As in past years, 10 promising start-ups were selected to give a three-minute pitch in front of six judges, including venture capitalists and top experts in the industry. Finalists have found the honor to bring significant notoriety and be very lucrative financially, reporting together some 56 acquisitions and $6.2 billion in investments to-date. was recognized as RSAC’s “Most Innovative Startup 2020” for its AI-powered solution that automates privacy compliance with patent-pending People Data Graphs™ and robotic automation.

This year, there was a new RSAC Engagement Zone, a dedicated networking space designed for one-on-one meet-ups (so-called “Braindates”), small group discussions and networking. Three new tracks were added, based on feedback from last year’s attendees, to meet the needs of growing/evolving security requirements, tools and applications – Product Security, Open Source Tools and Anti-Fraud.

The second annual RSAC CISO Bootcamp was a closed-door, invitation-only program for chief information security officers (CISOs) and deputy CISOs from major organizations that have more than $1 billion in revenue (over 130 CISOs participated). No media, vendors/suppliers or consultants could attend these sessions/discussions.

The conference reserved a day for college students, recent graduates and faculty (650 this year) to explore job opportunities and attend dedicated education events – for free. Three selected “RSAC Security Scholars” were allowed five minutes to present their research to a panel of industry veterans.

Media Coverage

RSAC 2020 was sponsored by 40 media partners, including Crunchbase, Dark Reading, InfoSecurity, Politico, TechTarget, Threatpost and ZDnet, to name just few. Blogs before, during and after the show highlighted the impacts of the coronavirus on participation, emerging start-ups and innovations, keynotes and sessions and the show’s encompassing theme, The Human Element. Additional publications also covered the event, including Business Insider, CRN, eWeek and PCMag. See below for some articles of interest.

Security vendors, large and small, chose the mega-forum to debut new products and services. Microsoft announced the general availability of the Azure Sentinel connector for IoT. Cisco launched SecureX, an integration of the company’s security portfolio into one offering. Google introduced threat detection and timeline capabilities for its security analytics platform (Chronicle) in Google Cloud. Exabeam unveiled the multi-tenant Exabeam Cloud Platform, featuring the company’s new Cloud Archive and Threat Intelligence Service.

Next up

RSA Conference 2020 Asia Pacific & Japan is set for July 14 – 16 in Singapore. RSAC USA returns next year, February 8 – 12, 2021, at the Moscone Center in San Francisco.

Articles of Interest

Leave a Reply

Your email address will not be published. Required fields are marked *