Reflecting on InfoSec 2011

So the madness is over for another year. What did we learn? What was good? What was bad? Who were the winners and who were the losers?

I don’t know about you, but it took me three days to recover from InfoSec this year. And as I dangled my aching feet into a nice warm bath, I was struck by a number of things.

1. The industry is not helping itself

One of our biggest issues as a trade is getting those in charge to take the problem seriously and spend their hard-fought budgets on it. We all know what the issues are regarding IA, but our messaging ‘upstairs’ is not always the greatest. And this year we excelled at getting it wrong. We on the Sophos stand deliberately did a self-deprecating session called ‘Buzzword Bingo’ where we asked delegates to share the worst excesses of the IA industry in mangling the English language. Cloud, APT, win-win, best of breed etc. The winner came from a Firewall vendor (who I shan’t name) and was the genuinely shocking ‘Cloudeprise’ (I rendered my friend Kevin from MoD speechless when I showed it to him).

However, despite my chummy mocking tone, there is/was a point. Obfuscation is unhelpful as it doesn’t explain, it confuses our respective management teams, and to my mind demonstrates a real fear of coming clean. Say what you mean, say it in English, and say it often. We are a deeply geeky bunch in IA, we compound the problem by making up buzzwords. All we are doing is making the job harder, not easier. Stop it, right now

My second observation on this theme was the return in force of scantily clad young ladies parading around the place on behalf of exhibitors. I am no Germaine Greer and admire an attractively attired young lady as much as the next chap. But this isn’t a 70’s Car Show, and frankly, it demeans us all as exhibitors (and I’m deliberately ignoring the sensibilities of the girls themselves). The message it sends out is, we can’t entice you in with our important core messages, so here’s a bird in high heels to grab your interest. There is a scale that runs from a girl in hot pants draped over a Ford Capri to a dry, humourless show with painful levels of professionalism. We should be aiming for the middle ground, but we got it badly wrong this year. The worst offender was a company that is big enough and established enough to know better.

Those were the negatives. Here’s the good stuff:

2. The industry is healthy and full of innovation

The number of vendors graduating from their small booths of years gone by to stands this year was noticeable. The depth of vendors was also noticeable. Normally it’s the big two or three and the rest of us struggling for purchase. This year there was a decent spread of vendors doing genuinely new and interesting things, and they were the ones that were busy. Some people had gimmicky stuff to entice people in (and one in particular whose very flashy gimmick didn’t work – schaudenfreude is a terrible thing), but my impression was of an industry on the rebound from austerity and with something to say. Talking to delegates, I genuinely got the impression that they had found the show useful, which is reason enough for us vendors to attend.


3. The Sophos stand

OK, I’m biased. But we were flat out for three days and the team collapsed into local pubs and curry houses every evening happy and tired. On reflection, we didn’t have flashy gimmicks, we didn’t have half dressed ladies and we didn’t have an overly elaborate stand. I felt what we did was simple, free from silly buzzwords (except to ridicule them) and offered delegates some education/insight into what we do. The presentations were really well attended, feedback was positive and everyone agreed it was fun.

Maybe that’s the message from this year’s InfoSec? Don’t over complicate, don’t confuse but do offer education and illustration of the issues and what we are doing about it. Do recognise that people find the topic confusing and offer them a light to guide them through. Don’t take yourself too seriously but above all do it in a manner which is professional and fun.

See you next year!

Advertisements

About Graeme Stewart, McAfee

I work for McAfee as Director of Public Sector Strategy and Relations, UK&I
This entry was posted in Cloud, Cloud Computing, Information Security, InfoSec, Security, Sophos, Viruses. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s