• United States



Security vendor briefings have become a waste of time

Aug 22, 20122 mins
IT LeadershipTechnology Industry

Security journalists have always been expected to sit through vendor briefings. Why the practice has become a waste of time.

As a security journalist, I’ve always gotten better stories from talking to IT admins, CSOs and the like. They tell me about the issues causing them the most butt ache, and I go from there. Contrast that to vendor briefings. I’ve sat through thousands of them and have walked away with a useful story for my readers maybe 15 percent of the time.

This year, that percentage has been steadily shrinking to zero. I’ve done a number of briefings where the content was so old, so uninteresting that I tossed down the pen and stopped taking notes. Every time I see a slide where there’s a bunch of computers on one side, a bunch on the other side and your product in the middle doing something, I want to shove a letter opener through my left ear.

I’m not seeing anything fresh and eventful. It’s always the same old product presentations.

Your product protects users in the cloud. Awesome.

Your product will defend my smartphone against hackers. Good to know.

Far as I can tell, everyone else’s products do the same. The success rate varies wildly from one vendor to the next, but the intentions behind the technology are about the same.

This isn’t about bashing the vendors. I have many friends and colleagues in the vendor community. Those who know me never ask me to do a briefing. Instead, they get right to the guts of what I’m interested in: Research they’ve done on attack trends and user behavior based on careful study of their customers. I also believe that cyberspace is a lot more secure because of the Symantecs, McAfees, Tripwires and Kasperskys of the world.

This is really about working harder to make your presentations interesting, and proving that yours is truly the first technology of its kind — or, at least, the best of its kind.

Don’t bring a marketing guy with a slideshow into the room. Bring along a couple of your customers to tell me about the troubles they’ve had in their environments and how you helped them where other vendors failed. Bring along the guys and gals in your labs to show me the attack trends and techniques they’ve been observing.

Don’t tell me how your products work. Show me the data your products have produced and what it says about the dangers out there.

Please do something, because I’m falling asleep.