Some of us had to work so AusCERT was out of the question this year for me as I mentioned. Well actually, I had made my mind up a long time ago that I wasn’t going to go this year. A personal choice based solely on the fact that while I have a great time at each AusCERT (from a catch-up/networking perspective), I am left feeling a bit flat after the event. I’m not the only one – many people tell me the same but, I also acknowledge that for many, they’re feeling the exact opposite.
The reason I do feel this way post event is that it’s a downer seeing that we’re not progressing much as an industry (in terms of what we’re in this for). You walk out of a great presentation, excited by what you’ve heard, straight into a wall of vendor stalls, most filled with sales people who have little interest in our industry and whose only focus is to flog their products – generally not really caring or knowing themselves much about those products. It’s a case of extremes at events like this and you wonder when things will start to make some headway into actual value and improvements from what we as an industry are trying to accomplish.
A typical scenario as told to me this week by a delegate at AusCERT;
“I was really interested in learning a bit about Company X’s product Y. Why can’t these guys put some techos into their stands that can actually do their products justice? The sales guy had no clue about anything. He just wanted to get my details and sell me the product. I couldn’t get any substance from him to my questions. All he could tell me was how good the product was and that I needed it. What value for me? Oh, It’ll protect me from x,y,z threats!”
Maybe a lesson to some of the vendors; playing the numbers game probably works for you but stack a few technical guys into your stand who can do your product a service when talking to potential leads and you might be even more successful. Maybe..maybe not.
But anyway, it is what it is. AusCERT is something like; 50% vendors, 30% junketeers (nothing wrong with that 
), 10% new people and those with a bit of interest and 10% (if that), those that have a passion for the industry and change. So I suppose if 80%+ are happy with it, the conference organisers have a successful formula. It’s just not for me…..maybe I take things too seriously. As usual, if I am upsetting someone with my thoughts, well….you can always respond. Far smarter people than I have said many times before, “If you are trying to make change and if you’re not upsetting people, you’re doing something wrong!”.
AusCert was a lot better this year than previously. I suspect they’re finally listening to the punters about what we want. For example this year, AusCert also offered everyone who wanted to speak – an opportunity to say their bit – in 5 minute turbo presentations. A great idea.
There was also a marked improvement in the numbers of quality presenters.
As to the vendors, what do you do ? Ya get rid of ‘em, ya don’t have a conference. My approach is to treat them like used car salesmen.
Don’t bag used car salesmen. They have more credibility. While their tactics may be deemed questionable to some punters, they generally at least understand the products they sell. Your typical security appliance vendor in many cases can’t understand more than the broad “security” title. A bit like a used car salesman only understanding what “car” means.
Ho Ho. Happy Monday.
As a vendor who was on a stand at AusCERT I can appreciate where this article is coming from. Also as a techie, I spent a fair amount of time waiting in lines for coffee, or on the phone to customers. I would have preferred to spend time dealing with queries from conference attendees.
I reckon AusCERT is a great conference, but companies do try to use it as a selling opportunity. I like to take the view that it’s a branding exercise – you get your name out there, and if you have half a clue people remember you for the right reasons and come back to you when they want to buy something.
If you go in there expecting nothing then good things come to you. And you know what, AusCERT was a great conference for us, because that’s the attitude we took.
I’m not going to blatantly promote which company I work for, but people should realise there are companies out there who have switched on people, who are in the business to sell products that are based on strong security principles and enforce industry best practices, and will not cut the lunch of any consultant who knows their stuff by telling customers “if you buy our product you will be safe from x,y an z and automatically compliant”. We enjoy what we do and hope to be doing it for some time into the future, because we well experienced in the IT Security field.
And sometimes it can be tough – just check out this YouTube video if you don’t believe me: http://www.youtube.com/watch?v=R2a8TRSgzZY
Thanks for the response Andrew. You should have given yourselves a plug. I enjoyed the video link.
What’s unsettling is this link was sent to me only today by a rather large customer who is about to start wrangling over pricing for new products and upgrades.
I wonder if he’s telling me someting ….
Ahh well – better role up my sleeves, see what he wants, and then go ask my manager for approval as all good used car salesman do!
LOL. Time for some creative sales and marketing.
Andrew,
One for you from before:
http://beastorbuddha.com/2008/03/04/not-too-dissimilar-to-security-consulting-jobs-being-negotiated/
DD
Well he might save some money, but the impending divorce is going to cost him a bomb!
You know, I think people forget they get what they pay for. Cheap and nasty is just that, plus the future headaches that nobody tells you about.