IOActive Sales and Strategy vice-president John Sheehy said in a blog post that the company he works would not be attending from 2020 onwards and, instead, launching a series of events similar to those staged at RSAC each year.
Sheehy said in 2018, IOActive had noticed a drop in the quality of the attendance at the company's event, which goes by the moniker IOAsis.
"We discovered in talking to our clients, friends and peers in the industry that many of them no longer felt the ROI (return on investment) was there to attend, given the changes in the conference coupled with the significant impact to their companies’ limited travel budgets (with lodging easily averaging US$1000 per night before taxes and fees)," he said.
He blamed on this on poor design. "While RSAC has always had a heavy product focus with a parade of companies offering whatever marketing has determined to be the magic talisman du jour, it has moved to more of a focus on the acquisition and funding of the companies that make these talismans. This only further removes RSAC from a conference for security practitioners and managers."
Sheehy advised the organiser to find a more affordable venue for the conference from 2020 onwards and to shift the acquisition and funding focus to the week before the actual cyber security events, and start on the Wednesday or Thursday of the preceding week.
"Lastly, we believe RSAC should focus on cyber security rather than simply acting as a showroom for current cyber security products," he said.
"We appreciate running a conference of this size is not easy and these observations are meant to be help improve the quality and help RSAC stay relevant for many years to come."
This year's RSA Conference ended last Friday (8 March) and the major story that emerged from it was that the US Government had refused to renew a tourist visa for globally renowned cryptographer Adi Shamir. As a result, he was unable to attend a conference which he co-founded 27 years ago.