Gartner IT Security Summit: Needs More Cow Bell?


So, I'm back from a couple short days as a "booth babe" for BT at the Gartner IT Security Summit. It was quite interesting, though underwhelming. I sat in on one session on Monday and of the couple hundred seats, maybe 1/8th were filled. The exhibit floor was very large, which seemed nice at first, but in walking around and talking to other vendors, it became clear that nobody was getting much foot traffic, especially the farther back you went. The layout didn't direct people down rows to look at everything, but was instead a well-spaced matrix that, while aesthetically pleasing, did not result in driving traffic to booths. It also seemed a bit nuts to me that the exhibit floor was only open for 2 hours over lunch all week, plus a single 2-hour evening session on Monday night. That's 8 hours of available exhibitor time that overlapped with email catch-up time for what is presumably targetted to the very busy CIO/CISO market.

Overall, there did not seem to be too much new information to gather. BT's Risk Resilience theme is a nice strategem (if I do say so myself), but we're a services org, so that can be put aside. In terms of vendors, it was pretty much a considerably smaller subset of the RSA vendors, more localized to the east coast, and with not a whole lot of apparent newness to offer.

I did see one interesting vendor, mainly because a friend does sales for them: Veracode. They do application security testing, but do not require source code (just need a binary). Their reporting is very nice, and includes specific tests and results for PCI as well. Their binary analysis seemed particularly interesting. Moreover, they're in a Software as a Service (SaaS) model, so their price point is much lower. They seem like a potentially nice alternative to the static code analysis companies out there (like Fortify and Ounce Labs).

Other than that, it was a fairly quiet, somewhat sad conference. It really made me wonder "Is Gartner relevant?" In this day and age, where you can glean lots of information from the Internet (blogs, in particular), do we really need these big analyst firms that increasingly seem abstracted from reality? I would not be surprised to find that, as the younger generation(s) take over management responsibilities from the baby boomers, these analyst firm shrink and and begin to disappear. Innovate and evolve, or die, right?


Your comments on Gartner miss much of the behind the scenes action that goes on there. I don't think of it as a trade show with an exhibit floor like RSA. I think the action goes on elsewhere at this show, but there is still a lot of movers and shakers there.

You could be right. If you are, then they shouldn't waste money on the exhibit floor at all. There weren't too many vendors there, and overall the content seemed worse than at RSA, which was itself pretty thin. I still think it begs the question "Is Gartner relevant?" They seem to get a weather forecaster's free pass for being wrong all the time.

About this Entry

This page contains a single entry by Ben Tomhave published on June 4, 2008 9:08 AM.

Published in BT Initiatives was the previous entry in this blog.

Obama NoVA Rally Tomorrow (Th 6/5) is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives


  • about
Powered by Movable Type 6.3.7