Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

2/24/2013
02:18 PM
Mike Rothman
Mike Rothman
Commentary
50%
50%

You're A Piece Of Conference Meat

Every year folks get hacked off about seeing booth babes at big industry shows. Yet it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics

It's always entertaining to see the outlandish attempts that companies make to get some attention at big trade shows. This week at the RSA Conference, I'm sure you'll see a bunch of banners in the airports and BART around San Francisco of security companies trying to get attention. You'll see box trucks circling the Moscone Center also. All of these tactics have one (and only one) objective: to get you to the vendor's booth on the trade show floor. Being a former VP of marketing, I'm all too familiar with the seedy underbelly of a big-time industry trade show.

RSA Conference 2013
Click here for more articles.

Once you are in the exhibit hall, the real fun begins. You'll see magicians, be served cappuccino, and receive free T-shirts and squeeze toys, You can even gawk at the Soup Nazi. You may also ogle at some lovely young ladies in skimpy attire. Evidently, no one has a problem watching some shlep in a tuxedo do card tricks, but everyone has a problem with a model in a mini-skirt trying to get you to sit down and hear a boring pitch about a product you don't want.

Well, it seems the days of the booth babe are numbered. Recently, the Infosecurity UK conference organizers banned these kinds of displays at their show. That's a bold step, and I'm sure it will be well-received in the security echo chamber (though probably not at the modeling agencies that make a ton of money from these events).

To be clear, I don't have an issue with models making a few extra bucks by showing up at a trade show, though I'm with Marcus Ranum in that I don't know how that helps these companies sell security products. But these ladies have as much a right to earn a living as you or I do. It's not like they are doing anything illegal. But what most folks forget is why the booth babes are there in the first place.

As much as we think trade shows are about education and networking, someone has to pay the freight. And it's a lot of freight. Thus, each vendor needs to scan your badge, so they can have a sales droid call you incessantly after the conference to see if you want to buy its product or service. You may not want to hear this, but that makes you a piece of conference meat. Maybe you work for a big company that has a huge security budget, and then you are Kobe beef. Folks see the name of your company and start salivating. Or maybe you work for a small company or are a consultant, and then you are ground chuck. But either way, you are a piece of meat to these folks, and they'll do whatever they need to scan your badge.

The tactics will change over time -- ultimately because Mr. Market demands it, or Ms. Market, since we don't want to be discriminatory, now do we? Ms. Market, in her skimpy dress, scrutinizes the investment of being at the RSA Conference (or any conference, for that matter) versus the return she gets. That return may be quantified by scans, which represent suspects for the droids to chase. Or they may be very sophisticated and track whether you actually buy something from them. Either way, the process starts with scanning your badge.

Even if it's objectionable to you, Ms. Market says booth babes still work in getting badges scanned. Or else they wouldn't be on the show floor. Again, that's not the message that many folks want to receive, but money talks. Unless the company is stupid and acts irrationally (which is a possibility for some vendors out there), they staff their booths with babes because that tactic generates more meat than the alternatives.

You want to get rid of booth babes? Then don't let those vendors scan your badge. Don't be enticed by the pretty lady asking you to sit for a short presentation. Even if she offers to sit on your lap. And tell all of your friends to take a stand against blatant sexism and not use products from companies that engage in that behavior. It's no different than advertisers sending spam. As long as those campaigns provide positive return on their investment, they'll keep doing it.

And given the preponderance of young males that attend security conferences, I'll bet we see booth babes for a long time to come.

Mike Rothman is President of Securosis and author of The Pragmatic CSO Mike's bold perspectives and irreverent style are invaluable as companies determine effective strategies to grapple with the dynamic security threatscape. Mike specializes in the sexy aspects of security, like protecting networks and endpoints, security management, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
iNtHEmACHINE
50%
50%
iNtHEmACHINE,
User Rank: Apprentice
2/26/2013 | 7:10:34 PM
re: You're A Piece Of Conference Meat
Seriously off topic:
I would think the disintegrating inkless pens deserve more wrath than a poor booth babe.
Perry..2
50%
50%
Perry..2,
User Rank: Apprentice
2/25/2013 | 4:09:09 PM
re: You're A Piece Of Conference Meat
Oh course this relates, have you never had to purchase a security solution in your job?
BSintel
50%
50%
BSintel,
User Rank: Apprentice
2/25/2013 | 3:06:55 PM
re: You're A Piece Of Conference Meat
Isn't this a security forum?- Please provide more useful content in the future.
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
Robert Lemos, Contributing Writer,  2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9351
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the application resides (the a...
CVE-2020-9352
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
CVE-2020-9353
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal sequences in the elem XML ...
CVE-2020-9354
PUBLISHED: 2020-02-23
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an XML comment and /.. pat...
CVE-2020-9355
PUBLISHED: 2020-02-23
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.