July 31, 2012

BlackHat 2012: Vendor’s Perspective

Posted in BlackHat, Conferences tagged , , , , at 11:59 by Alex McGeorge

I was a vendor/sponsor at BlackHat 2012, here are a few things about the conference from my perspective.

Word Count: < 1000

If you pay attention to the infosec twitterverse you will know all about the recent outcry regarding the employment of booth babes and burlesque dancers to supplement a conference experience. Yes, it was there at BlackHat in the sponsor hall; RSA being a prime example as well as another educational vendor near the back. There were certainly other vendors with booth babes but I wasn’t paying that much attention to who. I found it annoying and I had a lower opinion of those vendors as a result.


I take a fairly libertarian stance on how folks run businesses and advertising. However, I also know what annoys me as a consumer. If I go to your booth and can only talk to marketing or sales engineering people, I’m probably not going to get much out of it. Booth babes typically know nothing substantive about your product, therefore I don’t like booth babes at technical conferences. I will say that it did draw noticeable crowds to those booths.


The biggest buzzwords for defense vendors were: Flame, Duqu, Stuxnet, Aurora, Conficker and APT. Everyone had a product they claimed would stop those threats. Here’s the reality: any team that can write those kinds of offensive tools can find the bugs in your software and exploit them.


There was a vendor right across from our booth selling data recovery services that I felt bad for because they didn’t get a lot of foot traffic. It seemed like an odd conference for them to attend because it didn’t have a direct security implication the way other products did. On the other hand they provided a service that worked.


BlackHat is one of those occasions where you can put industry rivalries behind you and be friendly. I had lunch with one of the guys from Core Security who was perfectly pleasant and we commiserated on common problems. It’s also a good opportunity to talk to industry people I had a really nice chat with three of the VUPEN guys, some folks from Tenable, Qualys, Oracle, etc. I also met some real dicks in the sponsor room.

My chat with a recruiter from Oracle was really interesting, she told me one of her big challenges was recruiting low level operating system developers. Folks capable of writing device drivers, file systems, kernel patches, groking assembly, etc. That’s not too dissimilar from quality exploit developers which tend to need that level of knowledge and are also hard to find.


I prepped other members of our technical team on how to work a booth and one of the things I always stress is never talk shit about the competition. There’s always someone on the other team who has legit skills that you can respect on a technical level or an interpersonal one. Not talking shit enables everyone to have a better time. That being said it’s fine to think and say that your product is better but keep it objective.


We went with zero pure sales people this year, I think this helped us in some ways and hurt us in others. On the one hand when folks came to speak to us about the products we could take a very deep technical dive. On the other we lacked a certain amount of polish. Our pitches weren’t quite what they needed to be to pique the interest of everyone they could. Some folks also came in expecting a sales team and were completely befuddled when they didn’t find it.

If you have a new product this kind of environment can really help you refine how you pitch it to different folks. Selling SWARM to corporate audiences was a bit of a challenge especially if they didn’t already know what CANVAS was. We got to try out a lot of strategies in rapid succession and hone in on what resonated with people. The trip investment was worth it for the sales/marketing feedback alone.


I learned that Blackhat is a significantly international event. Just through our booth we probably had 20+ different nationalities. The lesson here was to have something for folks who don’t have great English skills. I’m not sure what this will be but it’s definitely a need.


The best vendor freebie this year was the big red Qualys bag. You were able to get them as soon as you walked in the door and they held all your other freebies. It was an advertising coup, so cheers to Qualys. I think the coolest freebie were the Dell Yo-Yos and the best shirt was either from Splunk (Finding your faults just like your Mom) or Veracode (I ❤ Binaries).

General tips that we figured out:
1) Always have a table and chairs (preferably bar stool height) in your booth
2) Your booth will need its own carpet to really define the space, I didn’t think this would bother me but it did. Also if that carpet can have extra padding to help save your feet and knees that’ll be a winner
3) A lot of people only care about freebies, give them some and let them move on
4) Many people commented that they wanted one of our Yo-Yos for their kids, might be a fun freebie niche there in the future
5) Caesar’s is a huge fucking maze, get annotated maps and distribute them to your team prior to the event

General Impressions:
Most Blackhat attendees that came through the sponsor area were well groomed and polite. I’d estimate the number of female attendees we saw was around 1 in 30. The food provided by the conference was always really stellar, everything was very delicious.

This blog post brought to you by: Pygmy Children – Halo Effect

%d bloggers like this: