I have now attended eight “Infosecs” in a row. I refer of course to Reed’s Information Security Europe exhibition, a show that has been serving the IT security industry for getting on for 20 years. In my time I have seen the show expand enough to move from the relative confines of Olympia to the wide open spaces (sort of) of Earls Court.
Amid the glitz of the stands, the show girls (who were noticeably less ‘‘racy” this year due to new regulations by the organisers), the ear busting live demos and the catching up with old friends I wonder how much worse my knowledge of the state of information security would be if I didn’t attend. But perhaps I am missing the point of Infosec.
Some past major exhibitors have made their own minds up in recent years – Microsoft hasn’t bothered to exhibit for several years and this year McAfee failed to show up for the first time. According to a report in CRN, the Intel owned company would instead be focusing some of its sales and marketing on specific and targeted activity directly, and through its channel. In the same article however, Ian Kilpatrick, chairman of distributors Wick Hill, said it already booked its stand for 2014. “I’m a bit surprised at [McAfee not attending] – Infosec is the top European security show and we certainly see a lot of business from attending,” he told CRN.
Another big player from the global security industry, Symantec, took a relatively modest stand out on the peripheries of the show floor – is that a sign of things to come? German IT security firm, G-data, replaced its glitzy stand of the previous two years with a tiny outpost at the German Pavillion. Two years ago it used Infosec to launch itself into the UK market. On the other hand the likes of HP, Kaspersky and IBM obviously still see a prominent stand at Infosec as worth the effort.
That does not necessarily mean that they see the stand in itself as a good ROI, more of a flagship – as statement of intent. You can bet they they too are doing exactly the same as McAfee away from the untargeted hub-bub of the show itself – with marketing activities spread over the whole financial year.
Of course there is nothing like the buzz of a trade show to stir some excitement and I think the sheer scale of Infosec definitely does that – certainly if you compare it to the increasing number of micro events that now pepper the calendar, from some of the smaller media players. These all too often reinforce the feeling of IT security as an industry of nerds at play, rather than the economically important industry that it is – and one essential to the lifeblood of enterprises across the world. Other smaller events such as Security B-Sides, which has the cheek to take place on the second day of Infosec, have achieved a level of credibility with some branding from sponsors – but nobody goes there to do any serious business – but then that’s probably the point.
So that leaves us with Infosec, which according to the organisers attracted another record number of attendees (over 12,000) in 2013. Yet if you ask people if it’s worth it, you will hear some of the following: “Yes it’s very busy, there seems to be more people than last year, we’ve had lots of enquiries on the stand…” – but does that represent success? As McAfee has decided, it’s about reaching the right kind of people – not just the numbers. Yet few exhibitors will reveal the true quality of people or the ROI from exhibiting apart from rebooking which suggests some satisfaction.
What about the other side of Infosec – the education program and the keynote sessions? Here, I have always felt that Infosec has run a very poor second to the RSA Conference in the US. It isn’t helped by the fact that many of the track sessions are held in temporary theatres on the exhibition floor with the din of the show an ever present backdrop against which the speakers struggle to make their pearls of wisdom heard.
There is no doubt that as Infosec has matured the sessions have become much greater in number and depth but they still lack real insight – for example this year’s keynotes told us nothing new about fostering a risk based approach or why CISOs need to be business focused – even if they are on message with current thinking.
And the roll call of expert speakers still sometimes has the feeling of the old boys club – but that is not necessarily an Infosec fault – the industry as a whole still suffers from a lack of fresh new voices. But we did at least get Javvad Malik, one of the rising stars and one who is completely media savvy. After that the rest of the programme is pretty much filled with sponsor and exhibitor talks from which I learned little. In this sense Infosec still reflects current thinking rather than shaping it – it has yet to achieve that.
Press coverage is a good indicator of relevance. Certainly the press office seemed packed but the press office at Infosec has always been pretty much an open house – journalists are likely to be sharing the egg and cress sandwiches with virtually anyone who has registered for the show. Yet there is no doubt that IT security has risen up the news agenda in recent years with TV and national press now attending Infosec.
A quick Google news check reveals 1100 articles under the tag “Infosec 13”, which is substantial. On social networking sites such as Twitter it was less successful. The hashtag #infosec13 has generated only around 200 tweets – a poor return on 12,000 attendees. In the age of digital marketing, the organisers do not look to have grasped the mettle.
So let’s return to the title of this article: does Infosec matter? The other great cliche about Infosec is that everyone goes because everyone else does. That cliche is true. Despite the shortcomings, and Reed has worked hard each year to address them, it remains one of the few essential events in Europe for anyone involved in the IT security industry. It’s an event that has that aura of an industry getting together to catch its breath, take stock and look at itself. It’s very presence has spawned related events – McAfee may not be there but you can rest assured that they had people looking after people who were in town for Infosec. Will I be there this time next year? Of course I will.
About the Author:
Paul Fisher has worked in the technology media and communications business for the last 22 years. In that time he has worked for some of the world’s best technology media companies, including Dennis Publishing, IDG and VNU.
He edited two of the biggest-selling PC magazines during the PC boom of the 1990s; Personal Computer World and PC Advisor. He has also acted as a communications adviser to IBM in Paris and was the Editor-in-chief of DirectGov.co.uk (now Gov.uk) and technology editor at AOL UK.
In 2006 he became the editor of SC Magazine in the UK and successfully repositioned its focus on information security as a business enabler. In June 2012 he founded pfanda as a dedicated marketing agency for the information security industry – with a focus on content creation, customer relationship management and social media.
His heroes include David Ogilvy, Ludwig Mies van der Rohe, Ken Garland, William Bernbach, Andy Warhol, Richard Branson, Charles & Ray Eames, Steve Jobs and Paul Rand. And George Best. He comes from Watford but he thinks he comes from Manchester. If you came from Watford, you would too.
As an impulsive adopter of new technologies and an inability to stick to one ecosystem, he can be spotted around London’s finest WiFi hotspots variously sporting a Chromebook Pixel, an old Blackberry, Nexus 7 and a Nokia 920. He also has a Mac and an Xbox at home.