Although the quality of the sessions picked up a lot during the
last two days, I was still disappointed with the content of this
conference. There is a great quantity of material (14 concurrent
tracks, 4 sessions per day, for 4 days; about 200 sessions in all),
the quality is generally very poor. The content has often been
trivial and obvious, and the technical level has been very low, despite
the self-assigned ratings. About 10% of the conference seems to be
pretty good, but even then, the technical level is usually pretty
low, and the material covered is often handled better at other
conferences.
The “keynotes” were disappointing, too. Very few of them were
actually the kind of general, thoughtful talks that I’d call a
keynote. Most of them seemed to be very similar to what was in
the breakout sessions, but presented by a “platinum sponsor” of
the conference. And, like many of the breakout sessions, some of
them were pure marketing. Others were interesting, but not
relevant to the conference (like Cokie Roberts’s opening talk).
Finally, the exhibit hall was quite good. There were a lot of
vendors, and you could examine a lot of products. I didn’t see
any breakout new ideas there, but you can’t blame that on the
conference itself. That seems to be nature of the security
marketplace now.
Positioning the conference as a general security showcase looks like
a mistake to me. I was hoping for a strong focus on cryptographic
tools for secrecy, privacy, and identity. Talking about managing
spam and intrusion detection tools seems more suited to system
administration conferences.
I don’t think I’ll attend in the future, unless there are some big
new ideas in the marketplace I want to learn about, or I’m in the
market for specific technologies.
Charles Engelke's Blog 