Perimeter
2/24/2013
02:18 PM
Mike Rothman
Mike Rothman
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

You're A Piece Of Conference Meat

Every year folks get hacked off about seeing booth babes at big industry shows. Yet it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics

It's always entertaining to see the outlandish attempts that companies make to get some attention at big trade shows. This week at the RSA Conference, I'm sure you'll see a bunch of banners in the airports and BART around San Francisco of security companies trying to get attention. You'll see box trucks circling the Moscone Center also. All of these tactics have one (and only one) objective: to get you to the vendor's booth on the trade show floor. Being a former VP of marketing, I'm all too familiar with the seedy underbelly of a big-time industry trade show.

RSA Conference 2013
Click here for more articles.

Once you are in the exhibit hall, the real fun begins. You'll see magicians, be served cappuccino, and receive free T-shirts and squeeze toys, You can even gawk at the Soup Nazi. You may also ogle at some lovely young ladies in skimpy attire. Evidently, no one has a problem watching some shlep in a tuxedo do card tricks, but everyone has a problem with a model in a mini-skirt trying to get you to sit down and hear a boring pitch about a product you don't want.

Well, it seems the days of the booth babe are numbered. Recently, the Infosecurity UK conference organizers banned these kinds of displays at their show. That's a bold step, and I'm sure it will be well-received in the security echo chamber (though probably not at the modeling agencies that make a ton of money from these events).

To be clear, I don't have an issue with models making a few extra bucks by showing up at a trade show, though I'm with Marcus Ranum in that I don't know how that helps these companies sell security products. But these ladies have as much a right to earn a living as you or I do. It's not like they are doing anything illegal. But what most folks forget is why the booth babes are there in the first place.

As much as we think trade shows are about education and networking, someone has to pay the freight. And it's a lot of freight. Thus, each vendor needs to scan your badge, so they can have a sales droid call you incessantly after the conference to see if you want to buy its product or service. You may not want to hear this, but that makes you a piece of conference meat. Maybe you work for a big company that has a huge security budget, and then you are Kobe beef. Folks see the name of your company and start salivating. Or maybe you work for a small company or are a consultant, and then you are ground chuck. But either way, you are a piece of meat to these folks, and they'll do whatever they need to scan your badge.

The tactics will change over time -- ultimately because Mr. Market demands it, or Ms. Market, since we don't want to be discriminatory, now do we? Ms. Market, in her skimpy dress, scrutinizes the investment of being at the RSA Conference (or any conference, for that matter) versus the return she gets. That return may be quantified by scans, which represent suspects for the droids to chase. Or they may be very sophisticated and track whether you actually buy something from them. Either way, the process starts with scanning your badge.

Even if it's objectionable to you, Ms. Market says booth babes still work in getting badges scanned. Or else they wouldn't be on the show floor. Again, that's not the message that many folks want to receive, but money talks. Unless the company is stupid and acts irrationally (which is a possibility for some vendors out there), they staff their booths with babes because that tactic generates more meat than the alternatives.

You want to get rid of booth babes? Then don't let those vendors scan your badge. Don't be enticed by the pretty lady asking you to sit for a short presentation. Even if she offers to sit on your lap. And tell all of your friends to take a stand against blatant sexism and not use products from companies that engage in that behavior. It's no different than advertisers sending spam. As long as those campaigns provide positive return on their investment, they'll keep doing it.

And given the preponderance of young males that attend security conferences, I'll bet we see booth babes for a long time to come.

Mike Rothman is President of Securosis and author of The Pragmatic CSO Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
iNtHEmACHINE
50%
50%
iNtHEmACHINE,
User Rank: Apprentice
2/26/2013 | 7:10:34 PM
re: You're A Piece Of Conference Meat
Seriously off topic:
I would think the disintegrating inkless pens deserve more wrath than a poor booth babe.
Perry..2
50%
50%
Perry..2,
User Rank: Apprentice
2/25/2013 | 4:09:09 PM
re: You're A Piece Of Conference Meat
Oh course this relates, have you never had to purchase a security solution in your job?
BSintel
50%
50%
BSintel,
User Rank: Apprentice
2/25/2013 | 3:06:55 PM
re: You're A Piece Of Conference Meat
Isn't this a security forum?-Š Please provide more useful content in the future.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web