The Much Needed Blog Post…
Between CanSecWest and then RSA a couple weeks after I have been way too busy to write a post so for that I apologize. So much has gone on in the last month that I probably have a half dozen posts and there is a lot I want to comment on but I will start with RSA and oh what a place to start.
If you ever have the need to drink on a vendor’s tab — RSA is the conference to do that. While the talks are not of the caliber of a CanSecWest or even a Blackhat the parties go above and beyond and why wouldn’t they? There are a plethora of “Security Vendors” both known and unknown looking for your security budget dollars and it seems that the best way to do this is by either hiring booth sluts or getting a bunch of IT Geeks drunk. Don’t get me wrong, I have been known to enjoy a booth slut or two, and even sometimes enjoy some free drinks. 😉
So to all the vendors that kept me nicely sauced for the week — Thank You!!!
I mentioned talks and how the quality of the talks is not as high as CanSecWest or Blackhat. I am sure some of them were but in general the technical level is not there and most of the non-technical talks were simply vendors talking about the same crap as the last ten years with no real solutions.
I should know, I participated in a panel that was supposed to be on the technical track but was nothing more than my so called colleagues in this industry saying whatever they could to try and make their product or solution sound like the way to go. At one point I was laughing inside wondering if any of the co-panelists actually believe the bullshit they were shovelling.
Apparently my honest opinions were not valued as anytime I attempted to make a statement that was not a thinly veiled product pitch I was quickly cut off. I suppose I could have been more aggressive but in my defense I was hopped up on cold medicine and suffering from a bad sinus infection.
The theme I was attempting to get across was; Stop spending your money on the latest security buzzword or gimmick. The problems you are facing today and the problems you will face tomorrow are simplyvariations on the problems that you faced in the past. So, if the crap you bought five years ago did not help you do not expect the crap you are about to buy this year to fix that. End users really need to start holding vendors accountable. Accountable for writing bad security products that actually increase their vulnerability, responsible for making claims that are not true, and responsible for cashing in on fear uncertainty and doubt.
Apparently, there is not any room at RSA for honesty, because if you listened to the other panel members, their products can solve any buzzword you can throw at it. sigh….
Not to sound bitter or burned out but security is a hell of a lot more than a check box on your <insert bullshit compliance or standard here> list or a stamp from your Final 4 Auditor. It is doing the right thing that enables the business while keeping “the bad shit (TM)” from happening — ask me for my definition of “the bad shit (TM)” later.
Some of you may be saying, yeah that is an obvious statement, but believe me dear reader you can be called compliant and still be as insecure as a chubby teenage girl. Anyways, I am starting to rant and rave so I will cut this post short.
It was great seeing my friends that I only get to see at conferences this year at both RSA and CanSecWest and I will see you at the next conference.
To my one or two readers, I promise to post on a more frequent basis.