Hot off the press from Patrick who sent me this one: Telstra distributes malware-infected USB drives at AusCert.
Thanks to all the people that have been reading my posts on AusCert and those people who have been sending me emails about the posts and their AusCert experience. I was going to close it off with yesterday’s post but I’ve been asked a few times now to add some final thoughts. So here we go:
I think this article by Bruce Schneier and the references to conferences themselves (not the rest) is a good start. I don’t agree with all Bruce says.
I don’t know how close I am, but to me AusCert looks something like this: 50% Product vendors, 30% on holiday and party, 10% new and/or keen to learn and 10% passionate industry professionals. Bruce’s comments below ring so true:
“The booths are filled with broad product claims, meaningless security platitudes and unintelligible marketing literature. You could walk into a booth, listen to a five-minute sales pitch by a marketing type, and still not know what the company does. Even seasoned security professionals are confused.
Commerce requires a meeting of the minds between buyer and seller, and it’s just not happening. The sellers can’t explain what they’re selling to the buyers, and the buyers don’t buy because they don’t understand what the sellers are selling. There’s a mismatch between the two; they’re so far apart that they’re barely speaking the same language.”
One of the biggest complaints I heard from people was that when talking to people in most of the stands, they were talking to sales people and not security people from the vendors. Once talk got past the sales waffle, there was nothing left of substance that could be discussed. Give people some credit please. This makes the 20% who are there to learn and serious about seeing what is on offer cynical about all the stands. Thus the few guys who actually were serious about informing potential clients about their business offering were tainted themselves with the big dumb sales paintbrush used by the others. I doubt any of these guys will return. I know personally, because of this, I have no intentions of having a Securus Global stand next year either. (Not that that is going to cause any major concern to the AusCert organisers).
I’ve talked before about the presentation content. 2 vendor streams, 2 non-vendors streams (though you could be confused and thinking; really?….looked like almost 4 vendor streams intermixed with a few other presentations). I have no idea how the organisers choose the content. They mention it supposedly is based upon a theme but I couldn’t really see it and nor could anyone else I spoke with. It’s a shame because as I mentioned, there’s such talent here in Australia, yet very few locals got a shot. I have nothing against overseas presenters. Bring them on if what they present is going to be good. David Rice (Geekonomics) was my favourite session. John Stewart…loved his openness and content was good. William Cheswick made a boring topic interesting….all really good sessions! But good sessions were few and far between across the conference.
Is our industry so fragmented that we don’t know what each other is doing? I think so (and more of that in another post soon). Do the organisers really have so little idea of what we want to see and hear about? Do they truly believe that 70 odd percent of presentations being vendor driven marketing is what attendees want? Do they overly rely on thinking that attendees will be happy regardless, given they’re on the Gold Coast and the location and evening entertainment will outweigh the negatives of the very ordinary daytime conference?
Hey if you go by the 80-20 rule, and see my previous estimates/percentages on who attends, then there is no problem and I am a minority here voicing these opinions!
If we didn’t have Ruxcon and Kiwicon, we’d be in a pretty sorry way in regards to IT Security conferences here and local guys being able to present their research. Then again, that’s just my opinion and I welcome yours.