Security journalists have always been expected to sit through vendor briefings. Why the practice has become a waste of time. As a security journalist, I’ve always gotten better stories from talking to IT admins, CSOs and the like. They tell me about the issues causing them the most butt ache, and I go from there. Contrast that to vendor briefings. I’ve sat through thousands of them and have walked away with a useful story for my readers maybe 15 percent of the time. This year, that percentage has been steadily shrinking to zero. I’ve done a number of briefings where the content was so old, so uninteresting that I tossed down the pen and stopped taking notes. Every time I see a slide where there’s a bunch of computers on one side, a bunch on the other side and your product in the middle doing something, I want to shove a letter opener through my left ear. I’m not seeing anything fresh and eventful. It’s always the same old product presentations. Your product protects users in the cloud. Awesome. Your product will defend my smartphone against hackers. Good to know. Far as I can tell, everyone else’s products do the same. The success rate varies wildly from one vendor to the next, but the intentions behind the technology are about the same. This isn’t about bashing the vendors. I have many friends and colleagues in the vendor community. Those who know me never ask me to do a briefing. Instead, they get right to the guts of what I’m interested in: Research they’ve done on attack trends and user behavior based on careful study of their customers. I also believe that cyberspace is a lot more secure because of the Symantecs, McAfees, Tripwires and Kasperskys of the world. This is really about working harder to make your presentations interesting, and proving that yours is truly the first technology of its kind — or, at least, the best of its kind. Don’t bring a marketing guy with a slideshow into the room. Bring along a couple of your customers to tell me about the troubles they’ve had in their environments and how you helped them where other vendors failed. Bring along the guys and gals in your labs to show me the attack trends and techniques they’ve been observing. Don’t tell me how your products work. Show me the data your products have produced and what it says about the dangers out there. Please do something, because I’m falling asleep. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe