Anyone who has been going to RSA year after year has seen lots of change.  Changes in the quantity of vendors, changes in the vendor types, changes in the booth personnel, even changes in the swag you get if you sit through a presentation.  I’m so glad we are past that dry spell of just pens and mints, we like t-shirts, USB-drives and remote control helicopter s!  This year was a great show and I’d like to share with you some observations. 

When I first started going to RSA, there were more vendors than there were customers.  It was a huge vendor boondoggle and while the business development people were having a great time, I was looking for customers to speak with and have a great conversation about what they were looking for at the show and what type of problems they were trying to solve. 

This year was great in terms of customers-to-vendor ratio.  We had a great turnout at our booth and I’ve almost lost my voice from non-stop conversations.  What does this change mean for future RSA shows?  I remember one year being at the show and having a customer tell me “You know what TK, this is a show of car parts, and frankly, I need transportation.”.  I’ll never forget this statement and I have a working theory. 

In the early days of the RSA show, the exhibitors sold all kinds of parts that when put together by a skilled craftsmen, created a powerful solution.  Composability was more important than Usability.  As the attendees change to more of a business level buyer persona, consumers that are not security subject matter experts, we move toward deeper solutions where Usability trumps Composability. 

When I hear those words “…this is a show of car parts, and frankly, I need transportation.”, I imagine a trend on the exhibit floor dominated by much more complete solutions.  Product designed for a persona that does not know how to fire up a debugger, does not know how to read a set of ACLs, but knows how to read market results and can use Excel to model any financial system you can imagine.  That might be a little extreme but nonetheless, the customers out number the vendors by a larger and larger margin. 

I predict that RSA next year will have less small highly technical one-trick-pony companies and more multi-product solutions and managed services companies.  To use that great quote, there will be more vendors selling cars and transportation services than there will be vendors selling parts. 

—tk

I buy lots of electronics and have been experiencing a trend lately with rebates.  It may be just paranoia on my part but thought I would post this blog entry to see if anyone else is seeing the same pattern.

I bought another LCD monitor and with it was a mail-in rebate for 30.00.  Like all of these, you spend time to gather the required information, sent it in, and after a good 6 weeks time, you get a check.  Done?  Not quite because the “Pay To the Order of” has misspelled my last name.  If this was the first time this happened, it would not be an issue but 3 times in the last 6 months, something seems wrong.

Could it be that there is a strategy out there to raise the cost of accounting on the payee so that they at some point think it is not even worth it to pursue?  I wish we could see the statistics of all the people who go through with the mail-in but because of the run around, end up ultimately not redeeming their rebate. 

This information is not available so all we have to go on are patterns and paranoia.  Is 30 minutes of sitting on hold and filing more paperwork worth $30.00?  At some point, everything come to a cost/benefit decision.

—tk

Call me paranoid, call me what ever you like but if you are going to download software to my system please offer me the chance to review the ingredients before I click OK.  Ultimately, it would be nice to know what I am about to approve don’t you think?

I wonder if I am the only one that feels this way.  Major application and OS’s do a great job at offering this review before a user approves the update but such is not the case in the land of the Xbox 360 game console.  Sure you could argue that console gamer is not going to know a DLL from LSD but nonetheless, offering optional information about what the update is going to do for them is good form.   In Xbox360 land, you get a screen that looks something like this

and it would be great if the X or Y button gave you information on what was about to change on your system.  And while your taking down my feature request wonderful product manager of the xbox360, it would be nice to see the update history of the machine. 

Does the information exist?  Sure it does but you have to really hunt for it and I’m not sure all the updates have made it to the web.  For example, http://blogs.msdn.com/xboxteam/archive/2007/11/30/december-2007-system-update.aspx

http://www.xbox.com/en-US/community/news/2006/1030-novemberupdate-completelist.htm

From a security stand point, it just spooks me out when I approve an update to my system and have no idea what has downloaded or what has been modified.  The number of independent game developers for Xbox360/Xbox-live are taking off and Microsoft has a solid program.  Lets just say that things will start to get very interesting.

—tk