Seven years ago I had recently started blogging and emailed a few other bloggers to see if we should get together at the RSA Conference. Some of these people I knew, many I didn’t, and I thought it would be fun to have face to face arguments with a beer in hand, instead of behind a keyboard (with a beer in hand). Very very quickly we received offers to sponsor, and we turned it into an actual invite-only event organized by myself, Martin McKeay, and Alan Shimel, with Jennifer Leggio doing, literally, all the hard work.

This year I’m missing the event (and the Securosis Disaster Recovery Breakfast tomorrow morning) since my wife is about to have a baby. Maybe; these things seem somewhat unpredictable.

A lot has changed about the Meetup. The RSA Conference itself is an official sponsor thanks to Jeanne Friedman. There is a waiting list for sponsors. And the number of attendees is now hitting a couple hundred, not the few dozen of that first year when we hopped cabs to a dodgy part of town for a nice dinner. We have entertainment, an effectively unlimited beverage budget, and the Social Security Awards.

What hasn’t changed is what this event is all about, and based on feedback we are getting, a lot of people miss the point.

The SBM is by security bloggers for security bloggers. This isn’t merely another RSA event that anyone can get into if they know the right person. The only people admitted, to the best of our ability to manage, are bloggers. No plus-ones, no friends, no marketing managers (even if they manage your blog). It doesn’t matter if you do a lot for the blogger community – you need to be a member of the community. That means someone who writes (or podcasts) and is a subject matter/technical expert (and yes, we use that term loosely) and contributes to the security community dialog. Your ticket is your name on a byline of a security blog (not a security company blog, depending on the content).

Look, those of us running this thing for the past 7 years are volunteers. We do our best, and that means we sometimes make mistakes. But this isn’t run by a company or even the sponsors – it’s run by the handful of people who started it out of nowhere.

We are going to make some changes next year. A bigger venue, some changes in sponsorship, and maybe a few other tweaks (like letting spouses in, which we can’t do this year due to capacity). But the one thing that won’t change is who this event is for, and why we hold it. It is the Security Blogger’s Meetup, and those words pretty clearly define the event. You can get into a lot of RSA parties based on who you know, but this one is based on what you do, and the choice is yours.