Home > Uncategorized > Information Security Conferences Gone Awry

Information Security Conferences Gone Awry

I speak at more conferences every October than any other month. This month has been crazy so far, and I can scarcely remember being home more than two or three days at a time since mid-September. Many of the conferences at which I have spoken have had excellent presentations and panel discussions. At the same time, I fear that some of these conferences have gone in the wrong direction. Why?

  • Increasingly, vendors rule in terms of who gets speaking slots and who does not. Realizing that these are hard economic times, more vendors demand that their employees get speaking time–even the opportunity to deliver keynote addresses—in return. The problem is that vendors do not necessarily select speakers on the basis of their professional knowledge of information security as well as their speaking skills. Too often they select product managers who drone on about the need that their product is supposed to fill and how their product fulfills that need. Strangely, conference committee members too often sit passively while this travesty occurs
  • Vendors have infiltrated their way into panel discussions to the point that CISOs who have real-life lessons learned are being drowned out. Not too long ago there was a panel at a conference I attended in which practitioners were asked to what degree they used formal information security models to guide their risk management effort in their information security practices. The CISOs gave real answers based on their experience, whereas the vendor representatives skirted the issue at hand, instead focusing on all that security technology can do for information security practices.
  • An increasing proportion of conference presentations deal with cloud computing security. Lamentably, the speakers too often lack real experience with cloud security, so they ramble on, covering the same basic information. The audience merely relearns what infrastructure as a service, platform as a service, and software as a service mean. We should be past all this by now, but apparently we are not. Cloud security 101 talks abound. You would think that attendees would be saturated with such talks, but for some reason they keep attending, perhaps expecting to learn something new. Honestly, I have not learned anything new from any talk on cloud security that I have attended in the last one and a half years.
Not all conferences have gone awry, but some have gone more awry than others. With the current economic hard times driving conference organizers to give prime speaking slots to vendors, the trend towards vendor domination of conference is likely to continue into the foreseeable future. And as for me, I have over the years tried to attend as many presentations as possible whenever I have attended a conference. Too often I end up being frustrated. Hmmm, perhaps it is time to change my strategy and to be more selective in attending talks.

But most importantly, conference organizers need to regain some situational awareness concerning the impact of thinly-veiled vendor marketing attempts at conference. Here’s a new idea–how about including an item on attendee evaluations that indicates how free each presentation as well as the conference in general was from vendor marketing presentations? I have never seen this done, but there is always a time to try a promising idea out once…
Categories: Uncategorized Tags:
Comments are closed.