Everyone I spoke with that went this year noticed a difference. All the companies are still swinging for the fences with extravagant booth designs, gimmicks and giveaways, but the attendees seemed more disillusioned this year than in previous years.
Security conferences are a funny thing... almost fickle really. Also a complete catch 22: they're good, until they become big.
This is sad to me. The whole goal of security conferences are to bring people together to learn and share ideas on security. The more people who get to share, the better right? Unfortunately this is not the case.
I have been going to RSA since 2007, so I've seen alot. I've seen the birth of the 2 floor booth, the rise and fall of the "booth babe", and the giveaways go from remote control cars to real cars. As things started to go to pot, the constant refrain was "yea, RSA is more of a marketing event, the real show you want to attend is BlackHat." Anyone who's been to BlackHat in the past few years knows that this is no longer the case either. I read that in 2001 (before my time) RSA boasted 250 vendors and 10,000 attendees, this year there were over 600 vendors and close to 42,000 attendees registered. What's interesting is the number of attendees was actually down from around 43,000 registered attendees in 2017...which I found interesting. These numbers are difficult to gauge regardless because of what a sprawl the show has become (is this people who actually walked the floor or just registered for the conference?) Half of the hotels in the city are rented out for customer meetings, venues in surrounding buildings are used, etc.
Contrary to popular belief, there is still solid content at both of these shows. I have friends who have presented at both RSA and BlackHat with relevant and innovative research with great reception. There are also still ways that both RSA and BlackHat recognize trail-blazing new vendors to help them get noticed. For example, my company was part of the "RSA Innovation Sandbox" and it drove all kinds of attention to our little booth, and I know BlackHat has similar methods of recognition.
So why is everybody so jaded?
These conferences are "pay to play" to the extreme. EVERYTHING costs money. Do you want a 10x10 or a 10x20? That costs money. Do you want internet? That costs money. Do you want CARPET at your booth or do you want your customers to walk on hard concrete? THAT costs money!
When all is said and done, to have even a SMALL presence at RSA you need to shell out at least $50k. That is ABSURD. If a company makes a $5k investment in a conference, folks are comfortable having casual conversations with potential clients and discussing their needs before mutually deciding it makes sense for another conversation. When it costs $50k you are scanning anything that moves and hoarding leads like a chipmunk getting ready for winter.
It's a shame really... because nobody wants that. Because of how ridiculously expensive it is to even be at the show, companies need to do everything they possibly can to show a return on their investment, inadvertently turning these big shows into marketing conferences rather than security meetups.
The one saving grace (to RSA and BlackHat at least) is that all the vendors still go, which gives a great opportunity to reconnect with old friends, customers and colleagues. One such colleague, asked me why I don't blog anymore and hence... my first article in almost a year. So it's still good for that at least =]
No comments:
Post a Comment