Shostack + Friends Blog

 

Adam reflects on BSides SF and RSAC

Adam finally caught his breath and sat down to reflect on BSides SF and RSAC 2026. Conference attendees talk security in a sunny auditorium in San Francisco.

BSides SF

My BSides passed in a whirl and was heavy on collaborations, including potential future partnerships. Before the main events started, I had time for a long lunch with Bob Lord talking about lessons learned and near misses and secure-by-design story cards, then a great partner dinner with Stanley Harris and Dustin Lehr of Katilyst.

RSA 2026

Monday morning Adrian Sanabria and I kicked off RSA with “A Breach is a Terrible Thing to Waste” delivered to a full audience who raised several engaging questions at the end. (The video is posted, note that RSAC requires log in to view.) Afterwards we got to chat with Alex Pinto of the Verizon DBIR (Data Breach Investigations Report) team about data driven risk, a topic near and dear to our hearts.

Adrian and Adam in mid-talk Adrian, Alex, Kymberlee and Adam

On Tuesday, I attended Threat Modeling Connect’s RSAC 2026 Meetup “Tacos and Threats”, seeing the team and joining a panel alongside Apurva Mohan, Stephen de Vries and Sebastien Deleersnyder. The panel discussed AI's impact on threat modeling, including if AI will replace threat modeling (it won’t) and how to threat model AI systems. Angelika Szymanowska got us together for a pre-panel photo. We also had a brief chance to bring together Jamie Dicken, Kymberlee Price, Michael Novack and Shoshana Cox.

TMC RSAC Meetup panel in action Members of the TMC RSAC Meetup panel with Angelika

Also on Tuesday, one of my week's highlights is the RSA Scholar’s dinner, for students who won a scholarship to attend RSAC. It’s organized by Cecilia Murtagh Marinier and is a great opportunity to meet some of the next generation of cybersecurity practitioners, as well as see industry experts such as Alya Franklin, Bruce Schneier, Bryson Bort, Paul Kocher, and Whit Diffie.

Adrian and Bryson Group phot of RSA Scholar's dinner

The Hallway Track

As Vandana Verma pointed out in her Day 1 RSA post: the real conference happens between the talks. That held true all week, and I was delighted to meet up with Max Imbiel, Robin Basham, Jay Healy, Diana Kelley, Brian Silverstein, Tanya Janca, Olivier Bilodeau, and Vandana. Geng Yang put it well on Mastodon: the pioneers who built the security practices we rely on every day are still here, still in the hallways, still in the conversation. (Though I can’t help but add that many are not. Recent losses of Parmaster, FX, and more still hurt.)

Verdana Verma and Adam Shostack Jay Healy and Adam Shostack Diana Kelley and Adam Shostack Max Imbiel and Adam Shostack Robin Basham and Adam Shostack Geng Yang and Adam Shostack Brian Silverstein and Adam Shostack Oliver Bilodau, Tanya Janca and Adam Shostack

 

Living legend Whit Diffie

There’s also a lot of business that goes on, and sometimes that business overwhelms, with people who ought to be recognized and mobbed with adoring fans for their decades of contributions. Here’s living legend Whit Diffie, unrecognized on the far side of a room. Apparently... all the key exchanges were taking place elsewhere.

 

Image by Gemini: "san francisco on a sunny day. conference attendees talking security. zoomed out, less focus on people's faces."

Originally published by Adam on 14 Apr 2026
Categories:   conferences