Last week’s RSA Conference returned to San Francisco to inform and educate attendees on all things cybersecurity. But when Paul Grabow attended, he could sense a threat was lurking out in the open on the show floor: the risk of catching COVID-19.
“By and large, there wasn’t a whole lot of masking going on,” he said of the event, which was held entirely indoors. “If there was a viral load, then there was a pretty good amount of time I was exposed to it.”
Grabow, a cybersecurity consultant, is now among the growing number of attendees, who’ve reported catching COVID-19 at the show. The cases are causing many to wonder if the RSA Conference became a superspreader event, given that 26,000 people attended.
Mounting Evidence, But No Official Count
On social media, some conference-goers have been sharing(Opens in a new window) pictures of their positive COVID tests after attending the show. Among them is Chris Nickerson, CEO of cybersecurity firm Lares. On Monday, he posted(Opens in a new window) a photo of his positive COVID test on Twitter with the words “Thanks for the cool swag” in a nod to catching the virus at RSA.
In response, four other users replied with photos of their positive COVID tests. Nickerson told us he now wishes the RSA Conference had done more to prevent the spread of the virus.
“Better airflow, mask mandates, higher requirements for vendors throwing parties around the event,” he said. “While I was masked regularly, it was not all the time. So I take ownership of my choices there. I do feel that RSA could have been a bit more diligent in reminding people that masks save lives.”
The security researcher, who goes by the name Ray Redacted, also posted an informal poll(Opens in a new window) on Twitter, asking conference-goers if they caught the virus at the show. The results currently show about 21%, or about 160 respondents out of 770, say they came down with COVID-19 after attending. Another 40% say they’re unsure.
“Almost everyone I know who went to RSA this year got COVID there,” Ray Redacted tweeted(Opens in a new window). Although he didn’t attend the show, he told us he personally knows 30 people who caught the virus at the conference.
The RSA show, which lasted four days, would’ve been an easy place to spread COVID-19. We attended and noticed a startling lack of mask-wearing and little social distancing. At times, dozens or even hundreds of people were clustered together on the show floor, in conference halls, and around the bathrooms.
The RSA Conference has also been hearing about the rising COVID cases among attendees. But organizers have refused to conduct an official tally.
“RSA Conference 2022 has been made aware that some attendees have tested positive for COVID-19. We are, however, not collecting test results post Conference,” the organizers wrote in an online statement(Opens in a new window) on Wednesday, which was also sent to PCMag.
Instead, the organizers are shifting the responsibility to conference-goers. “We encourage anyone who attended RSA Conference last week continue to test for COVID-19, monitor for symptoms, and make responsible health choices, such as staying home if they feel unwell and contacting their doctor for guidance,” the post added.
The Bare Minimum
To mitigate the COVID risk, RSA Conference only asked attendees to show either proof of a vaccination—no booster required—or a negative COVID-test. Meanwhile, mask wearing was merely encouraged.
Jonah Kowall, CTO of Logz.io, called RSA’s statement “pretty irresponsible,” after citing how last month’s KubeCon + CloudNativeCon event in Europe went out of its way to track COVID-19 cases among attendees. In KubeCon’s case, the tally was at 121 positive tests or 1.7% of the total attendance.
“Now we come to RSA, they didn’t seem to care much beyond checking vax (vaccination) cards. Masking was about 10 to 15%. We are also in the midst of a spike in the Bay area,” he told us. “I know at least 4 people who caught it at the event.”
Meanwhile, Grabow claimed the RSA Conference did the bare minimum when it came to COVID safeguards to try and maximize attendance at the show. But the result likely created a superspreader event.
To protect himself, Grabow said he wore a mask during most of his six-hour visit at the show last week. He also took all his vaccination and booster shots. But none of it was enough to stop the virus from inflicting heavy symptoms on his body.
“I went down hard. I had chills, I had a fever. It was like a severe cold,” he said, also noting his age at over 65. “I’m definitely in the high-risk category(Opens in a new window), which puts me at high risk like the 81% of the people who died from this thing.”
Recommended by Our Editors
Grabow is now accusing RSA organizers of committing some bad cybersecurity practices by failing to do more to mitigate and monitor the COVID-19 cases at the show. “The risk is passed on to the attendee. It’s just like a supply chain risk(Opens in a new window). It’s passed along to the stuckee, who bought the code,” he said. “It’s not their problem, they (the vendor) just take the money.”
Lessons Learned or Inevitable?
Christopher Hoff, the Chief Secure Technology Officer for LastPass, said he also believes RSA was a superspreader event after noticing the rise in cases. In a bit of irony, he didn’t attend because he had already come down with COVID.
“At this point, they (The RSA Conference) do need to acknowledge, learn from and adjust based on the fact that what they did require was not sufficient to prevent people who decided to attend from becoming ill,” he said. “Maybe other conferences can learn from this,” he added, noting that Black Hat and Defcon, two major cybersecurity conferences, will be held next month.
Still, Hoff also recognizes that people are tired of the COVID restrictions. “Americans are most definitely in YOLO (you only live once) mode,” he said.
Others like Andrei Barysevich, CEO of Gemini Advisory, say it’s hard to stop the virus at this point, given its endemic nature. “I think that COVID is so prevailing in the society, mostly because it’s constantly mutating, limiting exposure at such a massive venue would be unrealistic,” said Barysevich, who suspects(Opens in a new window) he may have also caught COVID at RSA.
Grabow himself acknowledged that RSA likely rationalized that if attendees did catch COVID at the show, they would experience only mild symptoms, given the high rate of vaccinations. “Nobody has died from it as far as I can tell,” he added.
Nevertheless, he believes it’s time for cybersecurity shows like RSA to move beyond in-person events for online, augmented reality/VR-based experiences, making it easier for everyone to attend.
“I don’t expect RSA to jump on that kind of thing, it would collide with their entire business model,” he said. “If they don’t do that, then I hope someone else does and takes away RSA’s business because I think it just isn’t prudent to hold [an in-person show] in an endemic environment.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Click Here For The Original Source.
————————————————————————————-