The RSA keynotes: a cautionary tale

This year's speakers aren't hackers, but they play them on TV.

On Feb. 29th, thousands of cybersecurity professionals will flood San Francisco's Moscone Center for RSA Conference, one of the security industry's largest and most authoritative events. This week, RSA announced its 20 keynote speakers, and if you heard a weird noise coming from Twitter, that was the InfoSec community releasing an exasperated collective WTF.

In a plot twist predicted by no one, three of RSA's coveted keynote spots have gone to two actors and a producer from the TV show CSI: Cyber.

One security researcher suggested the decision shows that RSA is out of touch. Another was annoyed that RSA went the route of "I'm not a doctor but I play one on TV" for its keynotes.

The blowback is understandable when you consider that attendees probably expect keynotes that are indicators of trends, demonstrate insight into industry concerns and are pertinent to the conference's community.

So maybe RSA is simply trying to be provocative by featuring actors from InfoSec's most derided TV show. Hey, it's tough to top Black Hat's 2013 keynote coup, when it featured NSA Director General Keith Alexander right after the Snowden files hit the news (he was heckled during his speech).

And no, none of RSA's CSI: Cyber keynotes are Patricia Arquette. As we brace ourselves for a peek into RSA's keynote cabinet of curiosities, if they'd included an actress who happens to be female, it would have actually helped.

InfoSec community members were cranky about the keynote selections last year, too. The 2015 lineup only featured 5 women out of 26 speakers; many felt like the low number didn't speak to InfoSec's workforce. Nor did it touch on the year's impactful work by female researchers. It felt like a gendered pigeonhole that the three women actually talking about cybersecurity were on a mission to "protect the children."

Even so, Arquette might have been a welcome inclusion this year. There's only one woman in the 2016 lineup (and she works for host company RSA). It definitely takes balls to make a decision like that.

But let me be the first to applaud this brave decision and these three brave men. After all, InfoSec has had a lot of good times on Twitter, Facebook -- and yes, at security conferences -- making fun of CSI: Cyber. We practically need a running facepalm counter for the show's inaccurate portrayals, farfetched and fake hacks, and bare-faced sensationalism. No one will ever know how many laptops were lost to authentic spit-takes when the show's real-life main character emerged in the press late last year to endorse the opportunistically invented field of cyberspsychology, based on the show's fake hacking crimes.

But none of this has to do with the actors speaking at RSA, who have been taking the brunt of everyone's facepalms -- and are now taking the heat for RSA's keynote choices.

The actors being blasted on Twitter this week about keynoting RSA have been dealing with hackers' complaints about the show for a while. One of them is particularly well aware of the problems and, as I found out, is sympathetic to the issues. Last March, CSI: Cyber actor Charley Koontz reached critical mass with criticism when I retweeted comments from a hacker exasperated with the show. Mistaking a retweet for a personal attack, Koontz wanted to know why he was being attacked about the show, and we hashed it out and resolved the miscommunication via email. We also discussed InfoSec's annoyance with the show, and he said he hoped they'd do better if it got renewed for season two.

All I'm saying is that putting CSI: Cyber on the docket doesn't seem to be elevating the wider conversations for anyone involved. After the DHS' keynote faceplant last year, where Homeland Security Secretary Jeh C. Johnson told attendees he was learning how to use an iPod and that his son was a hacker for using Yik Yak, it's safe to say that RSA's image as a hub for computer security thought leaders is fragile enough as it is.

But what if RSA's ongoing keynote stew of disconnect and incompetence is part of something way more thoughtful and complex than we're giving it credit for?

I have no idea what the actors will bring to the table as people who know nothing about InfoSec but whose jobs require that they act like they do. They may have more insight into things we've all been wondering, like why CSI: Cyber decided to make "evil" code the color red, or if cyberpsychology might find a cure for 4chan.

Maybe we're missing the point entirely. Maybe giving keynotes to actors who pretend to be RSA speakers is RSA's way of gently suggesting we do some soul-searching about the negative effects of stunt hacks that pander to the press and feed public fears about hackers. You know, attention-getting stunts that end up on shows like CSI: Cyber.