RSA 2006 is coming soon and so I am being literally barraged by security vendors hawking their wares. How do we sort the chaff from the wheat?

Here’s a hint: there is nothing more annoying that someone dangling an iPod in front of my face and asking me to tell them whether I am able to comply with some regulation. “Tell us if you violate the GLBA and we’ll give you an mp3 player” is downright insulting. It baffles me that someone who is basically anonymous would even ask that question and expect to get accurate data. And putting a picture of some cute person in front of me doesn’t improve things. Appropriate response: ignore or, if pressured, present bad data and walk away.

If you represent a security company, please help stop the madness. Random drawings based on contact information alone, for popular electronics, is one thing. Overtly saying “we’ll pay you to give us dirt on your employer” without establishing any modicum of trust should be grounds for being barred from security conferences.