Even though the annual RSA Security Conference is owned and operated by Bedford, Mass.-based RSA Security Inc., it has, through astute marketing, moved steadily away from being a corporate conference and toward being an industrywide event for the world of data security. From humble beginnings in 1991 as a meeting for fewer than 100 cryptographers, the RSA Conference has grown to become what Andy Briney, editor-in-chief of Information Security magazine, calls “the most important and most hyped conference in our growing industry.” At its U.S. meeting, held April 8 to 12 at San Francisco's Moscone Center, more than 10,000 attendees and 250 companies were on hand to participate in more than 200 breakout sessions. The meeting drew an audience far more diverse than the original group of cryptographers. “Everyone from politicians to IT professionals attends,” says Sandra Toms-LaPedis, who organizes RSA conferences worldwide. “It's not just scientists.” And, as of last year, it is no longer just a U.S. meeting.

Toms-LaPedis, who admits that her job title — area vice president of Americas marketing, tells little about what she actually does, says the impetus for creating European and Asian versions of the conference was based on attendance (many attendees were coming from Europe and Asia anyway); a need to localize content (the U.S. meeting has tracks specifically addressing U.S. law and policy issues); and a desire to create overseas the same “glow” of industry leadership that the company derives from the U.S. conference. “The RSA Conference makes us look larger than life,” she says. “We wanted to take that feeling to Europe and Asia.” (To learn more about how RSA moved its conference from corporate to industry status, see the sidebar, below.)

After seeing greatly increased international attendance at its 1999 meeting, held in San Jose, RSA held its first European conference in April 2000 in Munich, Germany. It drew 820 full-conference attendees and more than 50 exhibiting companies. In summer 2001, RSA launched its first Asian conference at Suntec City Convention Centre in Singapore. This conference drew about 300 full-conference attendees as well as 800 exhibitors, speakers, and exhibition-only attendees.

Hot Topics, Smart Marketing

How did RSA draw so well overseas? First and foremost, remember that computer and Internet security is quite possibly the hottest topic in the tech world right now. Attendance at the U.S. meeting has skyrocketed since 1998, when there were a mere 3,000 participants. Other factors have helped, too, including sensitivity to local cultures and informational needs, and smart marketing.

“We try to be sensitive to issues that are important to these particular geographies,” says Toms-LaPedis. “For example, there's not a whole lot of work done in the science of cryptography in the Asia-Pacific region, so we don't have a crypto-track as we do in the U.S. and Europe.” There were other content changes unique to the Singapore meeting. “Individual privacy issues basically don't exist there, due to the culture,” she says. “It would be inappropriate for us to talk about individual privacy in a keynote speech.”

There was also customization of content for last year's meeting in Munich and this year's European meeting. (The European event, scheduled for October 15 to 18 at the RAI Congress Centre in Amsterdam, was quickly changed to an online meeting after the September 11 terrorist incidents. See box, next page.)

“In Europe, they're very advanced about laws and regulations regarding individual privacy — the ability of conferences to sell attendee names, for example, is an issue,” says Toms-LaPedis. “We need to incorporate that into the conference content.”

Similarly, parts of the U.S. conference having to do with the National Institute of Standards and Technology, the National Security Agency, and the Federal Bureau of Investigation were scrapped for the European and Asian conferences. “The point is not to take an American point of view, but to reflect the concerns of the region,” she says.

The Singapore meeting presented two special marketing challenges. One was the selection of the host city, because travel time and expense loom large in the Asian region. “The countries are so spread out, it's more of a challenge to do a conference in the region,” says Toms-LaPedis. “RSA has a lot of activity based in Singapore, but we had to ask ourselves about Australia [where RSA has a major research facility in Brisbane] and Hong Kong. They're all healthy flights away from each other. It changes the way you market the conference. We had to be careful to market to people we really thought would attend — although we did draw some attendees from Australia, which is a six- to eight-hour flight away.”

The second challenge had to do with pricing. “The relative strength or weakness of currencies can really make a difference in your budget and how you manage things,” she says. “We priced the Singapore conference in U.S. dollars, which made it very challenging when the dollar became so strong against the local currencies.” To soften the financial blow, RSA offered a deep discount for early registrants and extended the early registration period.

Local Content, Global Theme

Even as RSA made great efforts to localize content and be sensitive to local economic issues, it was careful to preserve the overall identity of the conference. Each year, Toms-LaPedis, a self-confessed history buff, comes up with overall themes that extend across all three conferences. In 2001, for example, the theme is S.E.T.I., the search for extra-terrestrial intelligence. As the clever splash page at the RSA Conference Web site points out, if we ever get a message from beings elsewhere in the galaxy, the cryptographers of the world will be called upon. At all three conferences, the theme was carried out in ways large and small, from signage to “aliens” walking around at the opening gala. At past conferences, RSA has paid tribute to the Vikings, who used runes as secret codes; to St. Benedict, author of the first treatise on cryptography; and to the Navajo Indians, whose language proved an uncrackable code for the U.S. military in World War II. Next year's theme will focus on Mary, Queen of Scots, whose insecure use of encryption cost her life in the 1500s.

One other aspect of the RSA Conference remains constant across all the events: San Francisco-based LKE Productions, the event production company, and Oakland-based Coda Creative, the agency that designs the RSA Conference Web site. “We've used LKE for a number of years, with phenomenal results,” says Toms-LaPedis.

Up Next: Japan, in Japanese

In 2002, RSA plans to hold its Asian conference in Tokyo, where the company has had a major corporate presence since 1998. In a sign of what's in store, the conference Web site is in Japanese. “This will be the first of our conferences not conducted in English,” says Toms-LaPedis. “It will present a whole new host of challenges, which I'm looking forward to.”

The 2002 European conference is tentatively set for Paris. That conference will still be conducted in English, although the “glow” is likely to be at least partly in French.

How to Be Larger Than Life

How did a corporate conference that in the past was admittedly long on product and vendor promotion become an industrywide must-attend event? The answer has to do in large part with RSA Security Inc.'s unique position in the computer security industry. The company, headquartered in Bedford, Mass., has yearly revenues of around $200 million. It's a healthy sized firm, but hardly in the billion-dollar league of other software firms with high-impact annual conferences, such as Computer Associates International (CA World) and SAP (Sapphire).

So what's the secret? It's in the name. The R, S, and A stand for Ron Rivest, Adi Shamir, and Leonard Adelman, three professors at MIT's Computer Science Lab. In 1977, they developed a security algorithm for encoding messages sent over networks. In 1983, they received a patent; ever since then, companies from Apple to Xerox have been paying royalties to use their code. Until very recently, if you wanted to play in the computer security arena, you pretty much had to buy a license from RSA. To some extent, that's why so many vendors attend its conference, and that's why so many computer executives concerned with security make the annual pilgrimage.

Patents, of course, aren't the only factors. RSA has been astute at marketing the conference as an industry, rather than a corporate, event. For example, it takes booth space in its own exhibit hall. It gives an award in recognition of work in security public policy. It gives prizes to scientists who show leadership in cryptography. And it gives awards to companies that have created superb security products, even if those products haven't used RSA-developed technology.

Working Around Terrorism

On September 23, just 22 days before RSA Security Inc. was scheduled to open its second annual European conference, company executives made the decision: The show must go on. But not in its original form. Shaken by the tragic events of September 11, it was time for Plan B. The October 15-18 show would convene in cyberspace rather than at the RAI Congress Centre in Amsterdam.

“I always wanted to bring the conference online, but I never imagined I'd have three weeks to do it,” says Sandra Toms-LaPedis, RSA's area vice president of Americas marketing. The live event was canceled, she said, over concerns about the safety of people traveling to the event, particularly employees traveling from the United States. Several RSA employees were stuck in Europe after the terrorist attacks, and no one wanted that scenario repeated. “We didn't want to put people in harm's way or make people uncomfortable.”

On the other hand, she says, “The need to learn doesn't cease because of terrorism. I think it's really important that we changed it to an online format.” With many conferences canceling outright, it's important, she feels, to find ways to keep business going. “This is a way that people can participate in the conference at home or in the office.”

Toms-LaPedis was expecting more than 1,000 attendees in Amsterdam and hopes to get about that same number online. She won't, however, be expecting a similar revenue stream. While the face-to-face conference would have cost attendees close to $1,400 apiece, the Web version is free. Exhibitors will pay a nominal fee.

To get the show online, Toms-LaPedis is working with San Francisco-based LKE Productions, the same production company hired for the live event. LKE is helping them produce as many as seven webcasts and 30 audioconferences for the 3½-day event, as well as chat rooms with threaded discussions. At press time (10 days before the show), RSA had just selected its vendor for the online trade show.

While some might hesitate when faced with this fast-paced transition from live event to online event, Toms-LaPedis is clearly in her element. “I'm excited about the challenge,” she says. However, there is a note of relief in her voice when asked about the February 2002 event in San Jose, Calif. It's a go.