I’m sitting here in the beautiful Gaylord National Resort and Convention Center in Washington D.C., nice and comfortable as I look out over the cool little “town” they built inside this gargantuan building. While I enjoy the artificial scenery, I am also thinking about the week I just spent at the Gartner Security and Risk Management Summit that was held here at the Gaylord (it’s wrapping up now). And frankly, it kinda surprises me to think that this was my first Gartner event. I have been in the IT and Security industry since 1994, and this is my first one. Maybe it’s because RSA, BlackHat, HouSecCon, DerbyCon, and BSides events have been my focus because most of my friends are there (and because I spend a lot of time organizing HouSecCon). Maybe I view those as more meaningful as far as security tech goes (RSA might not fit in that category for some). But I think it is more likely because, over the years, I have often joined with others in viewing the analyst business with disdain (I’ve expressed some negative views over my career). I have only recently (in comparison to the rest of my career) started working for vendors. So combining that with some of somewhat – but not overly – harsh opinions on analysts in the past, and I think it kinda makes sense why this is my first one.
Saying all of that, I’d like to list out some quick impressions:
1. I found it to be a generally good event. Very well organized. Some of the sessions had some great info, though the ones I saw were mostly on trends versus anything hard-hitting. That is the nature of the analyst business, so that is fine. As a vendor, the info can be very helpful.
2. Almost all the talks were succinct and not laced with “here are my credentials and why I am awesome”. Some might chalk that up to arrogance of analyst, but I found it refreshing in comparison to some of the talks I have attended in other conferences. Look, you’re up there talking. I will pretty much assume you’re knowledgable in your field. I will judge your talk almost completely on the content of the talk, not on how long you’ve been working or your certs.
3. Every talk I saw was well laid out and logical and ended with either time to spare or right on time. Gartner has trained their folks well.
4. You don’t go to these talks for entertainment. You go for information. I can enjoy a good talk where someone is keeping me laughing, but I value a talk that gives me the information I am looking for and gets it done.
5. The information was valuable. That doesn’t mean you take the analyst’s word as gospel. In fact, there were numerous points with which I disagreed. It does mean you use it as a data points to make a decision (which is what Gartner and other analyst firms are there for).
6. The 1-on-1 meetings I had with analysts were very helpful. This is the first time I have worked directly with analysts as a vendor representative, and I was impacted by the difference in those talks. But my main point is that the analysts were all very… human. They weren’t stodgy or impersonal. The talks were enjoyable and professional.
7. The 1-on-1s were kind of like speed-dating. I’ve heard numerous people make that comparison as I have started learning this new area, and it is very true. Get in there, see if you like, them, see if they like you, make a future appointment to meet again if the talk went well so you can get to know each other better, then go meet your next potential relationship.
8. Gartner analysts seem to fall into very well-defined lines as to what areas of the industry they cover. It’s seems to follow the OSI stack verbatim in many cases, and that makes sense for the sake of organization. The problem is that my new employer (Alert Logic) doesn’t fall neatly in those lines. So we often find ourselves talking to a bunch of different analysts to get full coverage. Not necessarily a bad thing, but it can men even MORE meetings than the typical vendor has to go through. It will be interesting to see that unfold in the next few months.
So, that’s it. If you’ve been in the industry a while and have done a bunch of Gartner/analyst events, this is all probably old hat for you. Hopefully others find it helpful when making decisions on whether to go or not (as a vendor or just an attendee).
This is a Security Bloggers Network syndicated blog post authored by Michael Farnum. Read the original post at: An Information Security Place