Home > IT Perspectives > The good the bad and the nerdy (Hackerfest 2009)

The good the bad and the nerdy (Hackerfest 2009)

October 9th, 2009 Leave a comment Go to comments
Hackerfest 2009 Dox 8026

It's all about the pens

Every year Dox Electronics puts on a good sized trade show in the Rochester area called Hackerfest.  Although it is perhaps the worst name possible for what amounts to be a trade show of Dox security vendors, the name is what draws in the attention of area companies to attend.   The name is so bad, they even had a contest this year for people to pick a different name. Unfortunately this would ultimately destroy the marketing angle they have by using Hackerfest, as it sounds more like an open gathering of security professionals, which in reality it is not.

Hackerfest 2009 Dox 8007I have been to many of the Hackerfest events over the years, for one simple reason.  There is little going on in the area that gets me out of the office for a valid reason.  I sort of dissolved that reason this year, by being the wild card attendee without a company name on my badge.  I owe Maggie and the group at Dox for putting me in the attendance list, while I transition between companies.  It did however give me the chance to assess really who does come out to the event and what can be taken away from it.

The people who go to Hackerfest are not the people who need to be there.  The majority of people there are in the IT department by chance, have accepted their position of out inheritance or perhaps were absent that day when they drew names.  Among the crowd are a handful of actual IT professionals, not necessarily identified by title, but already know what they are doing. Whom everybody knows should be there are the layers of upper management of small businesses.  These would be the decision makers don’t have the time to hear that their laptop is a walking lawsuit, that they should just leave the door open and still find all of this security talk rather cumbersome if their password isn’t the name of their kid.  Without their understanding that security isn’t a single focus item or that the entire organization needs to be involved, even the best laid plan will fail.

The Good Talks

This year they had Chris Nickerson return to the stage by demand. He relates to that small piece of the audience that already knows what is going on and provides entertainment for the rest of the people who live with their heads in the sand. Give him a google search and watch some of the Tiger Team videos to get the idea.  Chris is easy to spot, as he looks like the guy who does not belong and has a permanent case of jet lag.  I caught him in the hallway, shook his hand with a thank you for showing up, and let the Dox officials take him away before he hit the stage.

So what is the large change in security and keeping the business safe?  I will have to agree with Chris’s keynote speech and say “nothing”.  I have always attested that security is like a large strategy game, with multiple layers in place to protect your key assets.  It is the companies who throw all their money into a technology to secure one door, yet leave another open that don’t quite get the game.

Screen shot 2009-10-08 at 9.08.48 PM

Schedule of Events

After the keynote, you must choose from 8 different presentations with 4 slots.  Sometimes you choose well and sometimes you don’t.  I met Todd Wilson from Cisco in the hall, and after knowing more about VOIP than most humans should be subjected too, I opted not to go to his seminar.  I know that was a good one to go to, without even walking in the room.  I have also known Todd since the lab days at RIT, making the conversations go beyond just a sales pitch into the technology behind the magic.  I would recommend if you ever want to talk about VoIP to insist to get Todd to sit down for the conversation.  Just remember he only wears a Cisco hat.

Hackerfest 2009 Dox 8016rs

Over Capacity Seating

The second seminar was saved by Sophos after a song and dance by Blue Coat. For some reason, Blue Coat and Sophos shared a booth, and we ended up seated in the room which turned into standing room only for the presentation.  The Blue Coat presenter was good, but danced around a myriad of higher

concepts that nobody really cared to hear.  The Sophos guys were a little more in line with the presentation, but were tight on time.  Offering some visibility of the methods to step through a website attack, with actually demonstration, it was a welcome glimpse at defining what the industry really needs to see.

The last presentation of the day, I sat in on the WhiteHat seminar, which turned out to be really good. While scripted with virtual servers running to do the background work, we were presented with a step by step sql injection attack, and the methodology behind making it happen.   I think I fell asleep after he handed it over to the sales guy, but he did a good job helping visualize how easy it really is.

The Bad Talks

Some of the vendors that they send in are not prepared to sit in front of a room of technical people and give a presentation they usually show off to corporate slugs.   My first seminar I sat in with was ZixCorp who were covering email encryption.  Before my unplanned exit from Rotork, I was working with the DOD to setup certificate based email encryption.  I am pretty sure nobody finished that after I left, but it opened a perspective into what I would need out an email encryption solution.

Unfortunately the presentation would lead you to believe that this is the only natural step other than establishing point to point network connections between corporations. Their client does not approach a complete client to client encryption model, does not integrate with native corporate servers, there is no client for groupwise.  It does however lock you into this “elite” group of 17 million clients (read users) who were bought into the proprietary solution like a bad time share scheme.  So the only reason you will be looking at this will be because the guy you are doing business with demands it.  They certainly threw out the HIPAA buzzwords enough to understand who does buy in. In fairness ZixCorp might have a better product than expected, but they sent the wrong team to deliver the message to a technically savy group.

Hackerfest 2009 Dox 8020

News Coverage at VMWare

The third seminar of the day I headed into VMWare.  I had a great experience talking to the VMWare experts years ago, and was ready to see them sit down and tear apart the new desktop virtualization approaches.  So was half of the attendance of the entire conference, as they packed the seats in tight.

Hackerfest 2009 Dox 8023

Unfortunately what I received was less than what I could have obtained on the website, delivered not by VMWare, but from a Dox employee.  The attendance was so large, that it drew in the news crew, and all I could think of was out out of his league the presenter was.  Too much time was spent on the why, what and perhaps who could use desktop virtualization that it never dug far enough into the “how” section.  It instead brushed off the top of the topic.  I spent my time taking random pictures of my neighbors taking pictures.

The Show Items

Hackerfest 2009 Dox 8032b

DOX Team handing out Prizes

People need to understand that this is a one vendor show, as competition to Dox in the area is not really invited. I like Dox as a vendor, although I am not sure I have actually bought anything yet.  Ken Michaels is a terrible presenter, but gets the concepts and roles of IT in the organizations and is genuine about his infatuation with the technology.  He walks around with a pocket full of lock picks and has more of a firm grasp on where corporations needs to be than most of the vendors I have spoken with. He also has a loyal team behind him, making it a positive experience to do business with Dox.

Dox and the subsequent vendors offered up a huge list of door prizes.  Ken broke tradition by handing out the XBox 360 first, which I really could have used.  I did walk away with a $50 price from McAfee, so I can’t complain.  All of the give aways are at the end of the event, compelling most people to stay.  I still think it would be more effective to have drawings throughout the day on the hour, saving the large drawings for the end.

My Suggestions

I would pay to sit down with Chris for a beer.  Have a limited sign up security round table, with Chris spending more than 5 minutes in town, offsetting the cost to bring him in by having a buy in to have that time with him.

Have round tables for lunches based off of discussion topics, perhaps planned ahead.  Sitting with my “appropriate Dox representative”, which didn’t actually sit with, felt pushed.

Accept submissions for seminars from non-vendors. I realize the Dox interest to keep other vendors out, so pay some of the professors from RIT to come in and talk, or involve the area user groups.  After sitting through the ZixCorp presentation, I was ready to offer a presentation on Email encryption options.

Keep the name.  I am afraid it is a curse, but also the only marketing hope you have of keeping the momentum you have.

Categories: IT Perspectives Tags: