It is that time of the year, we are back in the office, and people start to think about what conferences and technical sessions they feel would bring value to them in their current roles and careers.

Last year I attended a few conference, and wanted to share some thoughts on my experience of InfoSecEurope in London back in March.  I usually write up a debrief of my opinion on the event, but this year I focused on a key note by Microsoft, which you can read here.    My write up of the 2018 event is also here.

Low expectations.

However, back to the main show itself.  I must admit I was attending InfoSec for one reason alone, which had nothing to do with trade stands or presentations.   I receive lots of calls every week from vendors, I try to filter as many as I can but there are always those that get through.  Every major vendor attends the show and many minor vendors also.  I can in a couple of days meet all the vendors I work with and also walk the floor to see what my vendors are pitching and how it compares to the competition, but my main goal is to arrange to meet my current vendors all in one location and save me time overall.

I’m not interested in sales pitches from vendors I don’t currently work with, and don’t want to be sold anything I’m not currently planning for.

I do want to meet my vendors, and friends in the industry.

However, that is not how it transpired.  Whether it is because my expectation was lowered from previous events, and in particular the GDPR hangover from 2018, I didn’t expect much from the trade floor.

I did meet all the vendors I arranged to meet.   I did meet all the friends and contacts in the industry that I did wanted to meet and had mostly pre-arranged to meet. But I also spent some time walking the trade stand aisles, more time than I expected in fact.

Who’s the customer here anyway?

I was actually pleasantly surprised, as there was little mention of the 4 letter word, GDPR, and each vendor seemed to be back selling their products, and pitching the value proposition for their products, and those that had no value proposition were easy to filter out so I could move swiftly along.

I could see differentiation between major players narrowing, less swag just to get you to stand still and stop walking to the next exhibition, and generally the event allowed me to pursue my interests in my own time, on my own terms – as it should.

The big let down – Vendors strike again

But, the one single thing that really annoyed me about vendor stands, which also leads me to believe that the GDPR smoke and mirrors from a year earlier was well forgotten,  multiple vendors attempted to take a scan of my badge, not with the official badge scanner, which is a condition of entry – and one I have no problem with once they ask permission, but instead they tried to take a photo their personal phone (personal or business phone I could not tell but it doesn’t really matter) of my name tag.

Vendor takes photo of my name badge.  Photo gets synched to their personal photos.  Personal data name, employer, and other data is copied without me having any understanding of how it will be protected or giving my consent.  I’m sure when vendors sign a contract to exhibit they must give assurances around data protection, and I doubt very much this is an accepted method of capture.


Apart from this, which I hope the organisers will try to stamp out in 2020, I recommend the event more than I’ve ever done in recent years, it should be on every infosec pros diary.  You can find out more information here.

Here's my top 4 checklist for a successful InfoSecEurope

1) Arrange to meet your contacts and friends over the event, you learn a lot from your peers and this makes the even much more enjoyable.

2) Give yourself time, rushing from one presentation to another, and trying to maximise presentations is not good, you need time to absorb the event as well as just the content.

3) Be selective in the presentations you attend, remember many speakers are getting opportunities to speak because they have paid large exhibition fees. Less presentations that you can take away useful lessons is better than back to back sessions you cannot recall afterwards.

4) Go to lunch outside the venue with at least one of your contacts, even if it is a 20 min walk, you will get more time to learn and share industry information with your industry contacts if you have prearranged this.