Robert McMillan learns a couple of lessons in security at last week's RSA conference in San Francisco.
RSA security lesson #1
What happens when you bum rush conference security?
It happens to me all the time. I lose my conference badge and have to get past a couple of convention center security guards to cover a keynote. Lucky for me, computer security conferences tend to be run by geeks, and they usually have a casual attitude about letting uncredentialed people into sessions (tip #1: carry an old badge; most of the time, *any* badge will get you through the door; tip #2 if badgeless, position yourself in the middle of a group of tall people, and drift on in).
Unfortunately for me, the RSA Conference is a pretty tightly run ship, and yesterday they busted me. It wasn't really my fault. I was pre-registered for the show, and the convention people sent me my badge in advance, so that I could avoid the long registration lines. Unfortunately, they didn't send me a lanyard, so I put my official RSA Conference 2007 badge in some old generic lanyard that was lying around the office.
So, just as RSA's Cryptographers Panel was about to begin, my second-rate lanyard got me stopped.
"You have to have a red badge-holder," the security guard said.
"But this is what I was sent," I insisted, an image of the dreaded 30-minute registration lines upstairs popping into my head.
"I don't care."
All the while the security guard was checking badges of other people walking into the keynote hall, so he was firm, but a bit distracted.
I thought about it for a second and then, figuring that we both understood each other's position, I decided to call his bluff.
I slipped into the hall.
What would he do? A flying tackle? Panic button?
"Sir, sir." I heard him call from close behind me. But I kept walking and now he was getting further and further away from his post.
I kept walking.
I guess he eventually realized that his main job was to stand at the door and appear to check for badges because when I sat down he was gone.
From a security perspective, it was probably the best move to make. I was credentialed and posed no threat.