InfoSec Europe 2007 – Thoughts

Yesterday, I went to InfoSec Europe at Olympia in London. I have been to this event for the passed few years and as usual, I spent about 5 hours walking round, talking to people and listening to seminars. I only have one word to describe the event overall:


Here’s a breakdown of my thoughts on the various areas:

As per usual, there were a lot of the familiar vendors there with their huge stands (Symantec, McAfee, RSA to name but a few). However, across the board there seemed to be a lot of similar themes running through the event. Many stands seemed to be pushing products to deal with threat and vulnerability management (anti-virus, web filtering, email filtering etc). Not that there’s anything wrong with that, but its stuff that we see year in and year out. There seemed to be very little real innovation and cutting edge stuff. For example, RSA were still showing the SecurID tokens on their stand that I have been dealing with for around 5 years. I thought these events were supposed to be the exhibitors chance to really show off their new gadgets and gizmos.

From walking round and looking at badges, I am sure that there was probably an equal number of both exhibitors and visitors there. Each stand seemed to bring more and more people which gave the impression that the event was extremely busy but in reality just meant that you got stopped more frequently. When I go to an exhibition, if I see something that interests me, I will stop at that stand and show an interest in what they have to offer, possibly even asking someone for some information. Been stopped in the middle of the aisle and almost man handled onto a stand is not an indication that I am interested in their product or that I would like my badge to be scanned so that I can be bombarded with email that doesn’t interest me.

Whilst there I took in two presentations.
The first was by Dave O’Brien (VP of Corporate Development for Courion Corp). I felt that this presentation lacked any real content. It was very high-level and a bit too brief. For me, I felt he was just stating the obvious and providing information which should be common sense. For example, one of his main messages was to start with your pain points and not from a fixed perspective when looking at roles. Is this not obvious?
The second was by Colin Robbins (Principle Consultant with Siemens Insight Consulting). He was talking about the National Identity Infrastructure (i.e. ID cards) and how businesses can use these to their competitive advantage and to save costs. The main point of the presentation was that ID cards are going to happen anyway and since someone else will be paying for them (i.e. the taxpayer) why not use them to realise cost savings within your organisation. I felt the talk itself was very biased towards the NII scheme and the underlying message (to me anyway) was that ‘Siemens think its a good idea because they are going to make loads of money out of it’. It didn’t cover any of the issues with the NII scheme that I would have liked it to cover (what will be stored in the backend database, how will access be controlled, how will the enrollment process prevent fraud etc etc)

Bruce Schneier
The highlight of the day was listening to Bruce give a presentation on the BT stand. He was talking about the whole Web 2.0 revolution and how we have a generation gap at the moment which will cause businesses to re-think how they handle/embrace the new generation of employee due to the new and different ways in which they interact and live their lives (Facebook, MySpace etc). This is the first time I have heard Bruce speak in person (I have read his blog for some time and have read his books). I found what he had to say a refreshing and an interesting perspective on this security issue. Unfortunately, I didn’t win the bun fight at the end to try and get one of the 100 autographed copies of his book which the other 300-400 people were also fighting for.

Future Thoughts
One of my main observations about the event was the lack of ‘Identity’ related technologies from the main vendors. Sun, Oracle and CA did not have a stand at all. IBM had a stand but were only pushing ISS on it. HP were the only ‘big’ vendor that I saw who were pushing Identity Management on their stand. I didn’t get to the Microsoft stand to see what they were pushing. There were a number of the smaller players there (Courion, ActivIdentity etc) but a distinct lack of support from the big fish. This does lead me to wonder whether there is a bigger question about the usefulness of these events from a lead generation point of view. My previous company have been on a number of different vendors stands over the years and I don’t remember one sale that could be attributed directly to a lead generated from the exhibition. I wonder if the bigger vendors are also thinking the same thing and therefore staying away and thinking of better ways to spend their marketing budget.

To me, it does question the future of these big, generic events and whether the trend will be to have more area focused events such as Digital ID World where you have a better idea of who your audience are and your audience have a better idea of what to expect from the event.

I am finding myself questioning whether I will bother going next year. I suppose it all depends on whether I run out of pens and stress balls before next April. Also, if I win one of the many PS3 or Wii competitions that I entered, then I might be inclined to go back next year. Otherwise, I can think of better ways to spend a day.

One saving grace is that my youngest daughter (3) does love the mini etch-a-sketch that I got from the SurfControl stand 🙂

Technorati Tags: , , , ,


One thought on “InfoSec Europe 2007 – Thoughts

  1. Pingback: Identity, Security & Me » Blog Archive » InfoSec….I’m not alone

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s