Friday, March 18, 2011

BSidesAustin slideshow

In case you hadn’t noticed, I like Animoto…


This is what you missed if you weren’t there.

The music is from Lisa Marshall, she entertained us on Hackers on a Duck II and played all over Austin during SXSW.


BSides Austin Job Board

It looks like the security biz is doing OK. At Security BSides Austin companies were trying to fill several positions- so I thought I would list them here.  Not turning into a job board, this is not an endorsement of anyone (although companies involved in BSides are pretty cool in my book).

Trustwave – junior and senior app pentesters needed

AlientVault – Pre- and Post-sales tech

NetWitness - SE and services positions

Atsec – Software evaluators and seasoned pentesters

AlertLogic – Security Analysts and Developers

Denim Group – All kinds of cool stuff

No links, Jack?  You could look at the jobs board pics on the BSides Austin Flickr set.  Or maybe as the Google, that dude knows everything (and some of it is even correct).

Oh, yeah.  BSides Austin rocked.  It was a BSides, in Austin, what did you expect?



If you aren’t doing THIS, you aren’t doing your job.

Ever heard that from someone?  It doesn’t really matter what “this” is, “this” is always a critical component of your job which you are foolishly overlooking.  Curious, really.  It turns out that many people are actually too busy doing their jobs to be bothered with doing what other people think their jobs are.

If you say this to someone, or to an audience, be prepared to be shut down.  I am not saying never do it, but you need to consider the risks of alienating your audience.  Sometimes people need a wake up call, but know that this, or similar statements, can lose people- it gives them an excuse to ignore you.

Flip it over:

If I were in your situation, even with everything you have to deal with, I would be very concerned about THIS, and making plans for it, because…

There, make the point, avoid getting rotten fruit thrown.



Thursday, March 3, 2011

That conference and the façades of vendors


There was this Really Big Security Conference a couple of weeks ago.  Actually, it appears that there were a few Really Big Security Conferences a couple of weeks ago based on the bewildering array of opinions about it/them.  I liked Zach’s take on it, but some folks really disagreed with his sentiments. I think this was my fourth of these things, and I was more depressed than usual after the event.  There appeared to be more good talks this year, but without a reduction in the number of obvious sales pitches or old-news talks.  But everyone knows where I go for content and conversation, so let’s skip that part.

While others saw it differently, to me the vendor area was ugly.  People I used to respect were screaming not-quite-truths over PA systems, vendors were giving away cars while screaming errors-of-omission, booth babes (including at the NSA booth), all of the usual stuff, only more and louder than normal.

What really depresses me is not just the screaming lies, but it was who was skirting and subverting the truth.  Brilliant people, respected in the industry, reduced to sleight of mouth to pitch their wares.  Another things which disgusts me is attacking competitors.  There is a big difference between promoting market differentiators and trash talk, a lot of sales folks never learn this.  No, I will not name names- I feel guilty for not calling them out publicly, but at least one was a direct competitor and there is no way to call them out professionally.

But that’s sales, build a pretty façade and hope people like it.  Unfortunately, they can be problematic in architecture; they require a lot of support and add weight that can actually detract from the structural integrity of the building if not planned into the design.

The façade of perfection and overstatement of features in security systems is not “built in to the infrastructure”.  As with some inappropriately adorned buildings, the hype usually just adds a burden to a otherwise solid products.


Let’s assume the vaguely-resembles-the-truth sales pitch delivers a customer and closes a deal, what happens when they discover the actually-is-the-truth about the product?  Disgruntled customer, high support costs, low customer retention rates.

Here’s my crazy idea: sell what you are selling based on its strengths and key differentiators. Of course you will promote it positively, but don’t lie about it, and do not trash the competition. Sales is not athletics, but I would really like to see more of the attitude good athletes have- the way to win is to win, not to make others lose.

Note: No, I’m not new at this, nor am I naïve.  I have decades of auto industry experience, and I assure you that as scammers, liars and frauds the security industry are a bunch of amateurs.  That doesn’t mean I have to be content with the crap.