InfoSec 2007 – London

Note: This entry has been restored from old archives.

[Written mostly after I left InfoSec on Wednesday, but not cleaned up and posted until Sunday — no rest for the restless.]

Phew, I just escaped from InfoSec. I have serious respect for the sales and business guys who manage to make these conferences a productive experience. I come at these things from a technical perspective and there just isn’t a good mesh between me and the “guys in suits”. Mostly because they want to try and sell me things and as soon as they realise I’m not in the business of buying things and, worse, work for a company that might want to sell them things they squirm. Of course, I’m “just a developer” so I guess I shouldn’t feel bad about this, at least I had some good discussions with people we already know.

In general InfoSec was an interesting show, there’s a heck of a lot to take in there but it’s all very high level (i.e. kindergarten-like talks on rootkits and malware by people I know would like to get into the details but have to tailor for an audience wearing suits). I think that overall the most useful aspect of the show is that you get a very good view on who’s out there, what they do and what their associations are. There’s also a lot of good indicators of what the business-mass is thinking. Right now it seems to be UTMs/Appliances — seriously, every damn company seems to have a range of security appliances these days. If they don’t have their own appliances they line a wall with all the appliances they OEM to. The other thing is a sudden proliferation of web/mail-security-as-a-service businesses. Hosted secure mail solutions everywhere (where we mostly just saw MessageLabs a few years ago). There’s an upwelling of external secure-web-proxy services too — essentially taking the technical overhead of Web/Mail security maintenance away from businesses.

On a work front I met some new developers from companies we’ve had dealings with. In fact, for me this was the most productive element. I learnt some things about people’s first impressions of our stuff, some thoughts worth feeding back to Sydney but nothing we’re not already aware of. It’s also great to meet people you’ve exchanged emails/IMs with but have never met, sometimes just for the surprise of how much they do not match the mental image you have built up! And then there’s the long conversations about search algorithms, and analysis, and similar fodder for geek conversation — something I don’t have as much opportunity for these days. But I must try to remember to keep away from topics along the lines of nuclear powered bicycles and zombies, even most tech geeks aren’t prepared for that stuff.

There were “booth babes” in abundance, so much for PC. The problem is that, while it’s all very well having an attractive woman handing out brochures and the like, it all falls apart if you try to discuss the products/technology with them. Initially I was naive enough to try this (hey, I haven’t been to many of these things), but gave up fairly early on. And what does this lead to? You begin to look at any female at a booth as little more than a pamphlet-stand, most likely including several who are actually sales/tech people representing their companies. I can’t say I have anything against a veritable suffusion of babes, but there is a time and a place for these things and I don’t think a security conference is it. I don’t even think that having to make up for large numbers of fuzzy to semi-fuzzy geeks and large Americans in suits is a good enough excuse.

I was feeling rather drained by about 16:00 so headed out to Seven Dials for a couple of double-espressos at Monmouth… ahh, great coffee. Now we’re having a decent feed at The Wellington on The Strand (they deep fry a good fish, and the Aberdeen Angus burgers are sufficiently meaty though a little plain). After this time to head home, report, then collapse.