Perimeter

2/24/2013
02:18 PM
Mike Rothman
Mike Rothman
Commentary
50%
50%

You're A Piece Of Conference Meat

Every year folks get hacked off about seeing booth babes at big industry shows. Yet it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics

It's always entertaining to see the outlandish attempts that companies make to get some attention at big trade shows. This week at the RSA Conference, I'm sure you'll see a bunch of banners in the airports and BART around San Francisco of security companies trying to get attention. You'll see box trucks circling the Moscone Center also. All of these tactics have one (and only one) objective: to get you to the vendor's booth on the trade show floor. Being a former VP of marketing, I'm all too familiar with the seedy underbelly of a big-time industry trade show.

RSA Conference 2013
Click here for more articles.

Once you are in the exhibit hall, the real fun begins. You'll see magicians, be served cappuccino, and receive free T-shirts and squeeze toys, You can even gawk at the Soup Nazi. You may also ogle at some lovely young ladies in skimpy attire. Evidently, no one has a problem watching some shlep in a tuxedo do card tricks, but everyone has a problem with a model in a mini-skirt trying to get you to sit down and hear a boring pitch about a product you don't want.

Well, it seems the days of the booth babe are numbered. Recently, the Infosecurity UK conference organizers banned these kinds of displays at their show. That's a bold step, and I'm sure it will be well-received in the security echo chamber (though probably not at the modeling agencies that make a ton of money from these events).

To be clear, I don't have an issue with models making a few extra bucks by showing up at a trade show, though I'm with Marcus Ranum in that I don't know how that helps these companies sell security products. But these ladies have as much a right to earn a living as you or I do. It's not like they are doing anything illegal. But what most folks forget is why the booth babes are there in the first place.

As much as we think trade shows are about education and networking, someone has to pay the freight. And it's a lot of freight. Thus, each vendor needs to scan your badge, so they can have a sales droid call you incessantly after the conference to see if you want to buy its product or service. You may not want to hear this, but that makes you a piece of conference meat. Maybe you work for a big company that has a huge security budget, and then you are Kobe beef. Folks see the name of your company and start salivating. Or maybe you work for a small company or are a consultant, and then you are ground chuck. But either way, you are a piece of meat to these folks, and they'll do whatever they need to scan your badge.

The tactics will change over time -- ultimately because Mr. Market demands it, or Ms. Market, since we don't want to be discriminatory, now do we? Ms. Market, in her skimpy dress, scrutinizes the investment of being at the RSA Conference (or any conference, for that matter) versus the return she gets. That return may be quantified by scans, which represent suspects for the droids to chase. Or they may be very sophisticated and track whether you actually buy something from them. Either way, the process starts with scanning your badge.

Even if it's objectionable to you, Ms. Market says booth babes still work in getting badges scanned. Or else they wouldn't be on the show floor. Again, that's not the message that many folks want to receive, but money talks. Unless the company is stupid and acts irrationally (which is a possibility for some vendors out there), they staff their booths with babes because that tactic generates more meat than the alternatives.

You want to get rid of booth babes? Then don't let those vendors scan your badge. Don't be enticed by the pretty lady asking you to sit for a short presentation. Even if she offers to sit on your lap. And tell all of your friends to take a stand against blatant sexism and not use products from companies that engage in that behavior. It's no different than advertisers sending spam. As long as those campaigns provide positive return on their investment, they'll keep doing it.

And given the preponderance of young males that attend security conferences, I'll bet we see booth babes for a long time to come.

Mike Rothman is President of Securosis and author of The Pragmatic CSO Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
iNtHEmACHINE
50%
50%
iNtHEmACHINE,
User Rank: Apprentice
2/26/2013 | 7:10:34 PM
re: You're A Piece Of Conference Meat
Seriously off topic:
I would think the disintegrating inkless pens deserve more wrath than a poor booth babe.
Perry..2
50%
50%
Perry..2,
User Rank: Apprentice
2/25/2013 | 4:09:09 PM
re: You're A Piece Of Conference Meat
Oh course this relates, have you never had to purchase a security solution in your job?
BSintel
50%
50%
BSintel,
User Rank: Apprentice
2/25/2013 | 3:06:55 PM
re: You're A Piece Of Conference Meat
Isn't this a security forum?- Please provide more useful content in the future.
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10743
PUBLISHED: 2019-03-23
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2019-9947
PUBLISHED: 2019-03-23
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.2. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string or PATH_INFO) follo...
CVE-2019-9948
PUBLISHED: 2019-03-23
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.
CVE-2019-9945
PUBLISHED: 2019-03-23
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...
CVE-2019-9942
PUBLISHED: 2019-03-23
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.