The RSA Conference expo floor offended me - and why I blame the exhibitors

Share this article:

From "booth babes" to vapid marketing lingo to directionless conversations with vendor reps, one industry veteran wonders how information security professionals can take the RSA Conference showroom floor seriously.

Winn Schwartau
Winn Schwartau

I was highly offended by much of what I saw at the recently held RSA Conference in San Francisco.

You have to understand I've been a "security guy" since 1983. Plus, I am an itinerant geek for all technologies. Given that, I was highly offended at the conference in three fundamental ways, and anyone who knows me at all knows that offending me takes a fair amount of effort.

First, I do not think it appropriate that vendors of all shapes and sizes employ "booth babes" as a professional calling card. I use the term booth babes not in a misogynist manner, but only as a term commonly used within most industries and their conferences.

As a happily married man for 34 years, I am indeed married, not dead, and enjoy the sight of attractive women – but not as mere eye candy to solicit business. I am not a prude in any way; yet, I am offended that vendors can come up with amazing technologies but still find it necessary to resort to tickling the male amygdala to attract traffic to their booths.

Second, I am offended that the marketing people behind so many companies that might have awesome technologies, simply cannot market, position, brand or advertise their products and services worth a damn.  I mean, seriously. How many companies are “The Leader in… (technology of choice)”.  “The world's leading supplier of …” and “The recognized leader in…”. ? Please stop boring me and offending me with such clearly unsupportable swagger. Yes, there are a few leaders. We all know who they are and, at least, they avoid such public false bravado.

To continue, when I walk a show floor, I am sincerely interested in seeing new, cool technologies, especially those which have applicability to our field. But when I look up at the endless sea of overhead banners or towering booth pinnacles, all I see is more useless and meaningless marketing triteness. “All of your security problems solved.” “Best security solutions.” “Stop every attack… every time.” “Are you safe?” “APTs are coming.” “Premier security.” “Stop hackers cold.” “Unique security approaches.” Come on people.

Seriously? If you want me to stop by your booth, tell me what you have and what you do. We have become an over-stimulated, time-limited, instant-gratification society. I would have hoped that modern information security marketing would have at least listened to the well-documented lessons from the 1960s advertising industry and applied it to today's media. I guess I am wrong. (Think, “plop plop fizz fizz…”)

The marketing folks exhibiting at the RSA Conference are doing their companies and RSA Conference visitors a horrendous disservice by not telling us what they do. Please, serious geek companies, tell me about your tech and please stop allowing your marketing and PR folks to convince you that triteness is attractive to other geeks. It's offensive.

If you cannot create a sign, a headline, an architectural diagram or a few bullets that are real-world, operational and informative, then fire your marketing crew en masse. I should be able to stand in front of a booth, and “get it” in less than 30 seconds. If you can't do that, your marketing/PR group has failed.

The third offensive behavior I witnessed at the RSA Conference, which my colleagues and I complained about, is the "used car salesmen" who abounds with memorized buzz words that are not worth a penny's worth of context or value. “Are you interested in network security?” is asked by the pretty blondes with iPads, who then hand me over to glad-handing "Joe the sales guy," who wants to be chummy – but not informative.

I have no doubt that I and many of my colleagues were considered rude when we would interrupt Joe as he regurgitated the company's prowess and accolades, when all we wanted to know was the fundamental technology and applications.

The conversations often go like this:

“Oh,” says Joe. “I'd be happy to set up a WebEx briefing. Would next Tuesday at 3 p.m. be good for you?”

“No! I just want to know how your  technology works and what you do…”

“We have industry awards…”

“What do you DO?”

“Let me show you the demo…”

“What do you DO?”

“It all began on a dark and stormy night…”

“How do you interrupt the process to take control of the task and maintain the integrity of the profile?” The deer in headlights stares back at me.

“I'd be extremely happy to set up a WebEx for you…”

And off I trot. Or, Joe the Sales Guy is so insulted by my question that he turns his back on me to glad-hand his next victim.

This offends me and my colleagues. We only have a couple of days to explore 700 booths, and we don't have time for gaggling sales guys. Please don't waste my time. Don't waste your own time. Your marketing efforts are better served by filtering out non-customers rapidly. I am trying to help you save your valuable sales time by cutting to the chase. What do you do? How do you do it? In less than 30 seconds, I can decide if I want to hear or know more.

Vendors, either get Joe up to snuff or replace him.

Now, don't get me wrong. I am not indicting the RSA Conference, any specific vendors or my beloved industry of 30 years.

I am indicting clueless marketing groups, PR firms and executives for being unimaginative. I indict them for assuming that cute blondes, insubstantial puffery and glad-handing Joes have any place at RSA or any other professional security conference.

I am merely asking for some decorum, propriety and mutual respect.

We are security professionals. Treat us as such.

What do you think?

Share this article:

Sign up to our newsletters

More in Opinions

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.