RSA, as many of you may have heard in other blogs was a silly rehash of vague promises of 'securing your enterprise' and 'vertical security' without anyone actually being willing to put on their material what their products did and didn't do. I don't like it when I look at a booth and I see nothing that indicates what technology or technologies are being sold. If you're a VPN product, tell me you're a VPN product, don't advertise as "securing your remote users". It's way too vague, and on top of that, it's probably not true.

Tomorrow I depart for Blackhat and defcon. I expect to see no fluff, no vague promises of security as a service, or other over-generalized hogwash as an attempt to lure me in and waste my time on a product space that either I've already bought, already discarded, or have been told I have no budget to purchase. I do expect some vendors, providing parties (yay!) and useful information about their products. I expect some excellent talks (anyone that hasn't heard that Dan Kaminsky will be talking about the DNS flaws at blackhat has been living under a rock for too long) on a wide range of topics, some of which will not be of interest and some of which will undoubtedly be way over my head (but I like the feeling of drowning in information technology overload).

For the first time, one of my co-workers will be in attendance, and my boss. Oh joy.

My plan is to post some highlights of things that especially catch my attention. Hopefully you'll find them as interesting as I do or did when I see them. (What is the correct tense when talking about things in the future that will be in the past when you will be talking about them?)