Propriety Issues Concerning Vendors and Information Security Professional Organizations
Before I go any farther, I want to assure everyone that I have a lot of respect for every information security professional organization out there and I really have no gripes with any of them. But sometimes I wonder whether the relationship with vendors and these organizations has sometimes crossed the proverbial line of propriety. My musings are the result of attending meetings for which some vendor has picked up the cost of the meal or something else. I have no problem with the vendor doing this—after all, money does not grow on trees, especially with non-profit, volunteer organizations. And I also have no problem with the vendor being recognized and thanked for having picked up the cost. My problem instead comes from someone from the vendor’s organization getting up in front of attendees and hawking the vendor’s wares. In this case, the vendor has crossed the line of propriety. I consider this practice to be unethical as well as insulting to those of us who attend professional meetings.
For some reason, the worst offenders are product managers and those who work in product marketing. I have found that only on rare occasions do these people fail to cross the line! What is so disturbing is that the prevalent practice of professional organization chapter officers is to warn these people to not try to sell their product when they speak at a meeting. The ground rules are generally that they may mention their product and may even give examples of usage of their product to bring home a point, but they must not market and/or sell their product. More often than not, product managers and product marketing staff go way beyond the line that has been drawn for them.
By the way, I do not dislike these groups of people—in fact, I find them easier to get along with than most others. I just object to the fact that they too often fail to abide by the terms they have promised to honor when they are allowed to speak at information security professional organizations’ events. (I know, I know—they just cannot bridle their enthusiasm for the products for which they have invested so much time, effort, and ego!)
Another interesting thought—might the quality of a given information security conference be inversely proportional to the percentage of speakers who are from vendor companies? I attend and speak at a lot of conferences and I have the impression that the answer to this question is “yes.” One conference, Gartner’s information security conference, is heavily loaded with vendor speakers, something that should easily explain why I have not attended this conference since the late 1990s.
But the story does not end here. After a sufficient number of complaints about vendor speakers crossing the line, officers of local chapters and conference organizers tend to assume that the problem must be vendor-affiliated speakers, so employees of vendor organizations are denied the opportunity to speak, even if they have the reputation of not trying to sell or promote the vendor’s products. This has happened to me more than once. For example, I was once denied the opportunity to speak at a local ISSA chapter meeting because I worked for High Tower Software. I had spoken for this chapter numerous times before I worked for High Tower, but suddenly could no longer speak there because of my vendor affiliation. Interestingly, the board member who steered the opinion of the rest of the board worked for a High Tower competitor at the time—but that is an entirely different ethical matter.
I serve on numerous conference committees. In this role I have to decide whether to accept or reject presentation and tutorial proposals. One of the first things I try to find out is if the person submitting the proposal is a product manager or member of a vendor marketing function. If so, I look to see if the focus of the proposed presentation is that vendor’s product. If so, I reject the presentation—”once burned, twice shy,” after all. Otherwise, I read it carefully to try to decide if the proposal has genuine merit. I’d like to see other conference committee members take the same approach. And I’d also like to see more rigor on the part of conference committees and local chapter officers in enforcing the “no pitches, no marketing” rule. The result would be higher quality presentations as well as less annoyance among members of the audience.