Hot off the press from Patrick who sent me this one: Telstra distributes malware-infected USB drives at AusCert.

Thanks to all the people that have been reading my posts on AusCert and those people who have been sending me emails about the posts and their AusCert experience. I was going to close it off with yesterday’s post but I’ve been asked a few times now to add some final thoughts. So here we go:

I think this article by Bruce Schneier and the references to conferences themselves (not the rest) is a good start. I don’t agree with all Bruce says.

I don’t know how close I am, but to me AusCert looks something like this: 50% Product vendors, 30% on holiday and party, 10% new and/or keen to learn and 10% passionate industry professionals. Bruce’s comments below ring so true:

“The booths are filled with broad product claims, meaningless security platitudes and unintelligible marketing literature. You could walk into a booth, listen to a five-minute sales pitch by a marketing type, and still not know what the company does. Even seasoned security professionals are confused.

Commerce requires a meeting of the minds between buyer and seller, and it’s just not happening. The sellers can’t explain what they’re selling to the buyers, and the buyers don’t buy because they don’t understand what the sellers are selling. There’s a mismatch between the two; they’re so far apart that they’re barely speaking the same language.”

One of the biggest complaints I heard from people was that when talking to people in most of the stands, they were talking to sales people and not security people from the vendors. Once talk got past the sales waffle, there was nothing left of substance that could be discussed. Give people some credit please. This makes the 20% who are there to learn and serious about seeing what is on offer cynical about all the stands. Thus the few guys who actually were serious about informing potential clients about their business offering were tainted themselves with the big dumb sales paintbrush used by the others. I doubt any of these guys will return. I know personally, because of this, I have no intentions of having a Securus Global stand next year either. (Not that that is going to cause any major concern to the AusCert organisers). :-)

I’ve talked before about the presentation content. 2 vendor streams, 2 non-vendors streams (though you could be confused and thinking; really?….looked like almost 4 vendor streams intermixed with a few other presentations). I have no idea how the organisers choose the content. They mention it supposedly is based upon a theme but I couldn’t really see it and nor could anyone else I spoke with. It’s a shame because as I mentioned, there’s such talent here in Australia, yet very few locals got a shot. I have nothing against overseas presenters. Bring them on if what they present is going to be good. David Rice (Geekonomics) was my favourite session. John Stewart…loved his openness and content was good. William Cheswick made a boring topic interesting….all really good sessions! But good sessions were few and far between across the conference.

Is our industry so fragmented that we don’t know what each other is doing? I think so (and more of that in another post soon). Do the organisers really have so little idea of what we want to see and hear about? Do they truly believe that 70 odd percent of presentations being vendor driven marketing is what attendees want? Do they overly rely on thinking that attendees will be happy regardless, given they’re on the Gold Coast and the location and evening entertainment will outweigh the negatives of the very ordinary daytime conference?

Hey if you go by the 80-20 rule, and see my previous estimates/percentages on who attends, then there is no problem and I am a minority here voicing these opinions!

If we didn’t have Ruxcon and Kiwicon, we’d be in a pretty sorry way in regards to IT Security conferences here and local guys being able to present their research. Then again, that’s just my opinion and I welcome yours.



  1. Mark Buttler says:

    Today I was thinking that the AusCERT08 headline could have been “Vendor dribble force IT elite to sunburn and stripclubs” or “AusCERT 2008: At least you didn’t have to sit through the PatchLink presentation this time”.

    You see I was feeling very negative about the lack of substance but I was so wrong. Telstra came to the rescue with their impromptu Malware analysis & Incident response tutorial – saving face for the whole conference ! Not many organizations of their size and stature would be willing to publicly demonstrate their security polices and staff ability with such detail.

    Unfortunately everyone with any idea about malware analysis had to give up their budget to attend so the sales and marketing team could play golf, get drunk and tee up their next big money position at their current organizations competitor.

  2. [...] Hat tip to Drazen Drazic of the Beast or Buddha blog. [...]

  3. Big Galoot says:

    Malware giveaways ?? For free ?? At AusCert ??

    How on earth, I ask, did BG happen to miss out on a free giveaway at AusCert ?

    Its scandalous, I tell you.

    I confidently thought I’d vacuum-hoovered *everything* on offer. And was quite proud of myself for doing so.

    I was obviously, sadly, mistaken.

    BG.

  4. cmlh says:

    @Drazen Drazic,

    I don’t know if you have seen this yet but Roger Grimes believe SellOut[Aus]CERT2008 is the “Platinum” Event of Australia:

    http://weblog.infoworld.com/securityadviser/archives/2008/05/notes_from_ausc.html

  5. @Mark, LOL.

    @BG, No doubt you’ll be better prepared next year mate.

    @cmlh, I note your interesting response to Roger’s article. :-)

    It’s interesting to see other people’s take on this.

    End of the day, as I have mentioned a few times, my thoughts here are just my personal opinions and they centre around the fact that it [Auscert] could be so much better I believe. Others may feel otherwise and I respect everyone’s thoughts. As I said above, using the 80-20 formula (very loosely), I/we may probably be in the very small minority of people who attend Auscert (along with yourself and the many other people who have taken the time to post here).

    Others may well dislike the conferences I like.

    As I note in the BorB description in the top right of each page:
    “The ramblings in the Beast or Buddha IT Security blog are predominantly focused around IT Security topics. They are just my own takes on the industry and comments from industry peers. I don’t profess to being able to solve the world’s problems but happy to open myself up to criticisms and debate.”

    I love the debate and banter from all so keep ‘em coming!

    DD

  6. Big Galoot says:

    @cmlh,
    thanks for the link mate… I’ve posted some comments on that site too.

    @dd,
    re your statement: “I don’t profess to being able to solve the world’s problems…” Hang on a minute, DD. This is a different philosophy to the one I’m accustomed to from you – especially when the sun goes over the yard arm, and robust discussion is engaged in, over the odd glass or two of frosty amber fluid. The world’s problems are always solved !
    :-)

  7. cmlh says:

    @Drazen Drazic,

    This was published after my comment on Infoworld: http://asert.arbornetworks.com/2008/05/auscert-2008-wrap-up/.

    I haven’t commented on it yet.

    @Big Galoot,

    Infoworld e-mailed me a reminder when it added your rebuttal to Roger Grimes.