Tuesday, August 6, 2013

Blackhat 2013 -- A Vendor's Perspective

Immunity was a Blackhat sponsor again this year, potentially our last outing for a while. Thanks to everyone who came by our booth! It was fun to meet customers face to face and friends we don't get to see that often.

Things I observed

- Let me define booth babes as someone you short-term hire specifically to work your booth to attract people's attention based on their looks. I only saw one vendor, ironically an educational vendor, who had staff that fit this description.

- I made it a point to talk to some women who came through our booth about booth babes and I found some very different definitions as to what would qualify someone. The most liberal definition was the babe in question could be a full time employee but if they got especially "tarted up" for their booth time then they qualified. By this definition there appeared to be significantly more booth babes in attendance.

- One vendor who put up an enormous booth near the front had, and I'm not kidding, a grandpa doing a magic show. Later their PR person came over and introduced himself scouting for business. I wish I had the presence of mind to ask how that decision happened.

- Did Randy Couture count a male booth babe or as a celebrity endorsement? If he is a booth babe he's the only one who can easily get me in a rear naked choke, so he's whatever he wants to be.

Things we Learned

- The big buzzword this year was "managed", manage your VPNs, manage your logs, manage your certificates, manage your ssh keys (?!), manage your life!

- Nico and I both walked around and didn't see any new products that blew our minds.

- Immunity went with no dedicated sales staff and I think it worked out well. People were pretty surprised when they talked to someone who knew what was going on with their product. Is it worth taking technical people off of other projects to staff a booth? I think regarding reputation it probably is, regarding revenue still remains to be seen.

- I saw a bunch of vendors with six figure booths setting up seating and making people watch movies. I didn't see a lot of butts in seats. What did work surprisingly well was a trivia game the Venafi folks set up where you could win an Apple TV. Every time they did this they had a pretty sizable crowd and they were nice guys to boot.

- When Nico approaches your booth where you're advertising a product to implement "zero day protection" to ask some very pointed questions, that's an intimidating situation. But these folks weren't intimidated. Why? Because they were marketing and sales engineering people who had no idea how their product actually worked to survive any level of professional scrutiny.

- Almost all of the material I demoed for SWARM was stuff I found the day before the sponsor hall opened. David A. and I put in a crap ton of work getting the SWARM set up working in a laptop powered VM but not so much on what we were going to show. It created the opportunity to find something new in our dataset and get excited about it which made a really effective demo.

- We had a bunch of grumpy old men approach our booth this year. They all seemed to respond well to me giving it right back to them. Perhaps a winning strategy?

- I saw folks throwing out some guesses about the number of women present. I saw 1:15 through 1:30, I wasn't keeping count (that would be creepy) but it seemed like more than last year. I chatted with @Tardissauce a bit about this at hackcup. Her thought was that Blackhat tends to attract attendees higher up the corporate ladder than DefCon, there are more women in these positions now and therefore that ratio is going to start to even out. It's odd since the talks are normally highly technical. It is the rare manager who can appreciate a talk on double-fetch bugs in the Windows Kernel.

Booth stuff

- Investing in carpet and padding underneath is completely worth it, my knees and feet were saved

- If you're going to buy labor, buy tear down labor rather than setup labor. You'll want to get your booth set up just the way you want it initially but by the end of the conference you're so tired you just want someone else to pack everything up. We waited 3.5 hours for our pallet and supplies to come to our booth at the end of the conference. Things got weird.

- In our 3.5 hours of time I did a lot of walking around the vendor hall as it was being packed up. I counted about 5 servers or devices I could've made off with without anyone being the wiser. If you're bringing that type of gear secure it yourself before tear down.

- I think our booth looked pretty good but we did have a lot of people asking us "so what do you guys do?" If we were going to do something like this again we'd want to put some kind of sign up like: "Pen-Testing Tools for Professionals". It was pretty liberating to repeatedly tell people that I didn't give a toss about configuring a firewall though.

- Invest in shirts that are not black. Everyone wore black shirts.

- I can almost guarantee your sales slicks are too wordy. I ain't reading a white paper here.

- There needs to be a medical reason for you to wear sunglasses at your booth, which is inside.

Vendor Freebies

- Best Overall: Again Qualys wins with their red freebie bag. As soon as you walked in the vendor hall you saw Qualys' booth and had the opportunity to get a reasonable quality bag for all your freebies. Everyone had one and everyone put all the other vendor freebies into their Qualys bag, reducing the exposure of other vendors and limiting the impact of their marketing investment. WELL PLAYED QUALYS >:[

- Best Shirt: Spider Labs' mall-airbrush-kiosk style graffiti on a bright orange shirt
- Shirt Runner-Up: Splunk "Taking the sh out of it"
- Shirt honorable mention: Core Security, faux-tux shirt

- Worst Overall: I didn't like the light saber thingies at all and no one I talked to about it did either. I guess the hook was that if you took this training it turned you into some kind of hacking Jedi? Brotip: if you're turning people into Jedi's you should at least be able to talk about your syllabus without referring people directly to your website :P

Shameless plugs

You can read my 2012 vendor perspective blog post here.