RSA Conference For the first time in over two years the streets of San Francisco have been filled by attendees at the RSA Conference and it seems that the days of physical cons are back on.

The security conference trade has been more cautious than most when it comes to getting conferences back up to speed in the COVID years. Almost all cons were virtual with a very limited hybrid-conference season last year, including DEF CON, where masks were taken seriously. People still wanted to mingle and ShmooCon too went ahead, albeit later than usual in March.

The RSA conference has been going for over 30 years and many security folks love going. There are usually some good talks, it’s a chance to meet old friends, and certain pubs host meetups where more constructive work gets done on hard security ideas than a month or so of Zoom calls.

So this year’s RSA conference was a bit of a test case. Would the security community, rightly obsessed with risk management and threat evaluation turn up in force and get ready to mingle. The answer was yes, although with qualifications.

Visitor numbers were surprisingly perky. The organizers reported over 26,000 attendees, down on the 36,000 who attended in 2020 but not bad after two years of COVID. Full disclosure: this hack has been going to them for over 15 years, caught COVID at the 2020 event and skipped this year’s shindig since my better half was struck by the virus last weekend.

However, the Reg‘s security expert did volunteer to attend. She says that while everyone was very keen on hand sanitizer freebies on the expo floor, masks were sparse sight indoors and outside the halls most people gave up as well.

RSA last year was fully virtual, but this year there was a new twist. No more live-streaming of talks, a 24-hour delay was added. That’s not massively important for most attendees, but was a sign that the era of hybrid or virtual conferences may be on its way out.

For conference organizers that’s a boon. The real money at these events is made in the expo halls and if companies aren’t prepared to spend hundreds of thousands on a stand stuffed with swag and salespeople there’s not a lot of point in having the event. Certainly not for the new owners of this con – RSA sold off the event to private equity in March.

Black Hat and DEF CON, the stalwarts of this year’s August hacker summer camp, will be livestreaming talks, although in the latter case it’s up to specific community villages to decide if they will do the same. A few people went to the City of Sin last year, and infection rates were reportedly low, but when you’re coughing your guts up who really calls the con organizers to tell them as a priority job?

We’ll see how many attendees show positive in the next week or so. A recent study by the University of Texas [PDF] showed that indoor events are still risky, but it appears that many are ready to get out there again. See you in Vegas. ®