Burton Group: is this thing on?

Is it just me, or has the Burton Group gone dark?  Outside of twitter, I haven’t heard anything from anybody on anything.

Are they publishing somewhere else now and just haven’t bothered to update their old blogs to help existing followers to make the move?  Or maybe now that they are part of Gartner, we shouldn’t expect any kind of presence, just a set of reports in the mail and a webinar every so often?

It’s a bit of a boggling strategy, really.  If there was any time for them to be pushing into the public eye, I would have guessed it to be now.

Canadian IAM Community

Are you a Canadian member of the identity or access management community?  In case you don’t know already, there are a number of new venues evolving to service this community, and I’m really excited to be a part of them!

  1. The CanadIAM Blog – this blog is dedicated to the Canadian take on Identity and Access  Management, thanks to the organizing efforts of Mike Waddingham over at Code Technology.  It’s just getting off the ground, but I think it will attract a very strong community — make sure you add it to your blog reader!
  2. The ICE Conference — this will be the very first Canadian tech conference that I’ve spoken at, I can’t wait to actually meet folks from my own backyard and compare notes and experiences!   The conference is in Edmonton on November 2-4, 2009 – the only sad thing is that it happens to conflict with the Internet Identity Workshop;  as a result I’ll have to split my time between the two rather than getting the full benefit of either, which is such a shame!IAM Canadian

It is great to see these kinds of resources evolving, and I think it speaks to the maturity and growth of I&AM practices in Canadian organizations.   I believe that the best way to be successful in many of these ventures is to share – and what better way than to do so than with a group of people who have strong common interests.

Photo credit: http://www.flickr.com/photos/michael40001/1828017204/

Catalyst 2009 Ponderings

Catalyst North America 2009 was a fascinating conference – but maybe fascinating to me for different reasons than it might have been fascinating to you.

The logistics summary is short: Burton Group has just plain gotten it right.  Good food, free, reliable internet access even in the room, power for laptops, nice hotel.  They even arranged an airport shuttle discount.  They paid a lot of attention to the cost incurred by their attendees, and it was appreciated.

I’ll tell you the truth.  I’m not going to particularly talk about the content of any given presentation.  After 8 years, a large portion of the content is pretty well ingrained in my head, and while I learn new things every time, each little twist and turn has really become a single data point contributing to an overall set of trends.   I think of the following points as indicators – but you be the judge of the truth of that statement.

1. Presentations fit to take home to Mom

This is literally the first year of all the years I have been attending Catalyst that I have downloaded presentations and recommended them to those that could not attend; that’s how good some of these presentations were.   The speaker notes were critical in being able to pass these presentations on, so thank you to the speakers who took the time to be sure that their presentations were consumable after the fact.

2. Cloud Track

The cloud track presentFrank on the Rocksations I saw this year were fantastic, but I hope that this is the first and last time that  Burton focuses primarily on “Cloud”.  Why?  Because I hope that after this year, everyone will be savvy enough and discerning enough to get past such a broad topic rollup.   A lot of attendees I talked to had been sent to Catalyst with the mission of  “understanding this cloud thing”, and I think that the Burton Group very astutely served the needs of their attendees – but while general education is important,  there were people there who were frustrated because they wanted to talk about actual concrete things that Enterprises might want to do in the cloud.   You can only start with the layered diagram of SaaS, PaaS, IaaS, and SIaaS (Software Infrastructure as a Service, newly defined by the Burton Group) so many times.  Unless you were interested in virtualization, which seemed to be covered very thoroughly, I don’t believe that many of the cloud sessions put a targeted group of people with a common business goal in the same room,  however I also don’t believe that this would have been a realistic goal for this year anyway.

This track is going to be very popular and profitable for Burton Group – it is a great team, producing great content.  I look forward to seeing how it evolves & matures in the next year.

3. Lightning Rounds

(Lightning rounds are a series of extremely short on-stage spots given to vendors who have product announcements to make: 4 minutes & 4 slides, if I recall correctly)Frank at the Hospitality Suites

The lightning rounds started in 2008 and were expanded this year.  I believe they were very well received, in fact I heard people say that they were the best content of the day.  I hope Burton Group thinks long and hard about what that means.   For a very long time, ‘vendor’ has been a dirty word at Catalyst – with the result that attendees can only find out about products through the sanitized views of the analysts or the drunken haze of the hospitality suites.  Granted, the analysts are smart and make great points, but – the danger is that the whole experience becomes homogenized, and no matter how great the quality is,  homogeneity is boring.   Looking at the neat pastel-colored items on the agenda this year, that’s all I could think.  Oh, yet another customer use case.  Oh, a panel.   All fitting into a certain template.

The lightning rounds were refreshingly template-free, but more importantly, they let the attendees make a direct connection with the vendors.  Some vendors did not use their time wisely, some did, but no matter what the attendee could be the direct judge, and in the worst case the suffering was short.  I’d like to see more of that, and I think it benefits everyone, assuming the goal is to create a thriving identity ecosystem.

4.  Where are “The Regulars”

My recollection of the early part of 2000 was that there was a set of non-Burton people who could always be counted on to further the discussion.  Frank and the Booth Babe Burton analysts provided the meal, but ‘the regulars’ provided the spice, both in the blogosphere and on stage.   I haven’t seen very many recurring spots given to regular non-Burton speakers any more, and I think that’s a shame.  I’m not sure if it is because these people have different jobs and focuses, because the space is simply more commodotized and the characters have moved on to more interesting new problems, or because Burton has abandoned the policy – but I think the conference is the poorer for it.   I’d like to see Burton take a chance and try to cultivate a new breed of thought leaders, agitators, and characters in this space, who can grow with the technology and help attendees gain multiple and growing perspectives over time, rather than only hearing from yet another different customer who took on and solved one task one time,  in one context, and who you will never hear from again.

Why are the regulars important?  Because they represent a growing trusted relationship that engages people.  We need those trusted standouts who can transcend vendor allegiances, who can tell the truth not only from a neutral standpoint but also sometimes from a decidedly non-neutral standpoint.  We need people who can bridge gaps and serve as public touchstones for the topics of the day.

I have a list of people I think would excel at this, but it would be much more interesting to see who Burton Attendees would nominate for the job.

By the way,  Frank (shown here) really enjoyed the conference.   Especially the hospitality suites with the icy martini bars… if you were at Catalyst you have probably already met Frank, otherwise you’ll be seeing more of him as I travel around.

Glue 2009 – Conference Wrapup

Glue 2009.  Where to start.   This is the conference entry — learnings and philosophical interpretation to follow separately :)

My impression of the group was that it consisted mostly of the “maker” community — developers, entrepreneurs, and funding bodies working to create solutions in the cloud.   Everyone was bound by a common philosophy driven from a common business model and delivery mechanism.  I loved the esprit de corps that I saw among this diverse group.

Most vendors were new to me, and walking the booths was anything but humdrum. Given that so many of the attendees also had services of their own, I would have loved it if Eric and Kimberly could have set up some kind of fun elevator pitch or Pecha Kucha session where each of the attendees could run up and explain what they were up to, in the constraints of a social, time-boxed, creativity-encouraged event.

Speaking of Kimberly and Eric (the organizers of Glue) — bravo.   This was not a case of catering to a community.  This seemed to me to be a case of creating bonds aneCreating new bondsw.  It is really easy for conference communities to become inbred – eventually it becomes the same set of people viewing the world all in the same way, and agreeing and disagreeing in unison as if the “truth” was universally obvious.  The great joy of this space is that there is no universally accepted “truth” yet — but the danger is in repeating historical mistakes.   I think that Eric’s agenda choices were calculated to do two things:  to introduce those on the front lines to the cautions of the past but also to introduce those who make their livings through cautionary tales to the infectious optimism of this new generation of solution providers.   The best part about it was seeing just how much fun Eric and Kim have working together to make it happen – it was smooth, but still personal.

I’m really excited about the new people I’ve met, please don’t be strangers, you are are sharp and you are pursuing some incredible opportunities.  I can’t wait to see where you go.

Mr. Alex Kirschner Speaks

Thank you for responding to my blog post Alex!  I believe that you have missed the point of my rant — but you have given me a little insight into your goals and attitude.

You do not need to take my advice that your registration form is poorly written and your PFO letter extremely confusing. You can also gloss over my question as to whether Identity Management is even on your team’s radar as a valid subsection of Information Security.  If all you want is massive quantities of copy going into your registration processes with an expectation of massive quantity of copy coming out the other end,  you can stick with your mathematical formulas, page ranks, and technorati rankings.

If however, you grok the idea that sometimes,  one person talking to 100 people can mean more than a broadcast blogger talking to to hundreds of thousands, maybe you’ll understand why I think your formulas are wrong.   In my mind, bloggers are not just about publicity.  The are about starting and continuing conversations,  of all sizes and all impacts, with insights unique to their community.   If  you want to properly use bloggers in your conferences,  you can’t look for the cost centers.  You need to look for the hearts.

At least, that’s my belief.  I’m sure you won’t take my word for it; perhaps you’ll find someone who matches your strict journalistic standards who thinks so too.



Alex’s comment is printed below, dear readers, so you can see what I’m replying to.


I’m Alex Kirschner and I wanted to respond to your post about RSA Conference. In registering the 300+ media that attend RSA Conference over the years, we have put a standard process in place that encompasses bloggers, traditional media journalists and industry analysts. Anyone receiving a press pass must be able to demonstrate that they are being read by an audience invested in information security. Because we are making a significant dollar investment in each press person who attends, we are committed to reviewing each request with equal scrutiny to ensure those receiving a pass meet our strict journalistic standards.

Therefore, bloggers that are registered as press must meet the same criteria as traditional media. If an IDG publication is responsible for several stories a day while attending RSA Conference, we expect our bloggers to have the capacity and editorial focus to do the same or similar. As a blogger, the direct link you provide the press registration team will in fact be reviewed for its information security content and frequency of posting. We also use additional information, such as Technorati ratings, number of hits/page views and comment history to verify the credibility of the blog.

In reviewing your blog, we did not see enough posts regarding information security, a high enough number of comments, track backs or page views that would have qualified you for a press pass.

Please let me know if you have any further questions regarding our registration process.


Forgot Something

Thanks for your analysis of my blog post on RSA James – I have the greatest respect for all of the things you do in this community, and for your work with OWASP!

That being said, in this case I’m going to have to go right ahead and quote Marge Gundersen on you:  I’m not sure I agree with you a hundred percent on your police work, there, Lou.

Everything you said in your analysis was correct.  Yes, conference pass revenues are tiny next to vendor booth revenues.   Yes, the conference makes the same amount of money regardless of whether the sessions are brilliant or they show the same rerun of the Muppet Show in every room.

It is absolutely true that fiscally speaking the conferences are all about the vendors and the movers and shakers.  Except that the only thing that can ATTRACT the vendors and the movers and shakers is the plentiful plankton in this economy: the attendees.

Most attendees don’t get to expense airfare to San Francisco just to walk the expo floor.  They aren’t chosen from their department to attend parties.  They don’t know the phone numbers of all the “right people” to text them and get them to meet at the Thirsty Bear for a drink.

The attendees are the ones that care whether they can go home to their managers and say that they professionally benefitted from the week.  They are the ones whose interest convinces the vendor to spend money on a booth next year.   They are the ones who have the problems that all of us really want to help to solve.  And when they can’t find solutions to their problems at RSA,  they will simply stay home next year, and the entire value proposition will collapse.

Until you I read your piece James, it hadn’t occured to me what price I paid for staying off the conference floor – I did not meet any attendees.   What a price to pay, but what a price for RSA too.  Perhaps not in an immediate, punch in the wallet way,  but instead,  in a slow, painfully diseased way.   When the plankton are gone, the whales move on.  So I strongly suggest that the best way to keep the plankton around is to value the quality of the sessions, find ways to keep people who are engaged in the quality of the content inside the building, and to do whatever it takes to ensure that even someone who did not walk the expo floor or go to a single party can still take a positive story home to their bosses.

RSA 2009 – aka “Dear Mr. Kirschner”

Dear Mr. Alex Kirschner:

Every time I attend an RSA conference (or any other conference for that matter) I write up an analysis of the conference,  mentioning what I liked and did not like, what I found effective, what I found inspirational, what events were exciting in the Identity community, and what learnings I took away from the experience.

You won’t like the learnings I took away this time.

I didn’t purchase a conference pass — frankly, I couldn’t, I have just started a new business, and the fiscal reality involved in that activity forced me to be thrifty.  I thought that perhaps,  I could bridge this gap in my ability to be a paying member by applying for a blogger pass – after all, I have been blogging for a long time, and while I’m not exactly engadget-prolific, I think that my contribution is enough that the idea wouldn’t make anyone in the Identity community laugh out loud.

Let me be blunt: Your press registration workflow is a DISGRACE.  You should be ashamed.  You provided a single input box asking me to link to my most recent piece of writing, and then forced me to click on a radio button identifying me as a blogger (one of six generic types).  Within the text associated with that radio button, you informed me that I needed to have posted a minimum of 2 security articles a week for the last 3 months.

First of all, somebody ought to pull you aside and point out that not every track you offer is about security anymore.   Second, if you ask ANY BLOGGER to provide a single link to the most recent thing they have written, they will send you to the front page of their blog.  What else would they do?

As such, I was pretty surprised to receive the email I did (shown at the end of this post in its entirety).  My favorite part was the part that said:

PLEASE NOTE: You have been asked to provide a direct link to your latest written article or report. The press team will not search a Website for your article and publication home pages will not be accepted.

So.  Let’s get this straight, shall we? You have rejected my blog URL  without ever visiting it, but expect me to produce a single URL which will allow you to determine that I have written 2 blog posts a week for the last 3 months. About security only.  Without searching the website.

Right.  How could I have presumed to inconvenience the team so? Obviously I was barking up an empty tree.  I registered for an expo pass and shrugged it off.

Here is the part that you really won’t like however, and it is the true reason I’m writing this.  Obviously you have the right to choose who you waive fees for at this conference.  Being on the outside, however, taught me that while the tracks were inside, the PEOPLE weren’t always, and that in fact by ditching any illusory pretension to  education, taking advantage of the Concordia workshop for which entrance only required an expo pass, walking the expo floor, and attending the parties,  I didn’t miss the expensive & time-consuming sessions.

I hope I don’t have to go into much further detail to have you guess just how dangerous my conclusions are for your organization.  I am usually the most avid attendee at these things, asking a lot of questions and generally participating enthusiastically (ask anyone).  I have to say that the chances of that happening in the future at this conference has lessened dramatically.  I’m sure this doesn’t have you crying in your cheerios at the thought of the loss;  but I suggest you examine the trend it represents;  it is why you want the movers and the shakers *inside* the conference hall, not outside, as often as possible.

Yours ever so sincerely,

Pamela Dingle

ps:  be sure to check out the continuing saga

PFO Letter

Now I can wrap up TEC 2009

You’ve already heard my thoughts on the value proposition for conferences like TEC 2009 – but I didn’t get into details of the conference itself.  Each of the tracks had a different feel – Directory Services was very mature, with most people in the audience having up close and personal experience with some form of the technology.   Federated Identity consisted of more forward-looking content,  and therefore the relationship between the audience was more theoretically founded.  The ILM track was by far the most complex audience-presenter relationship.  Some folks were diehard MIIS-era folks with already existing deployments.  Others were new to the technology and looking to learn prior to the release of ILM2.

When the news broke that ILM2 was no longer expected to go live in 2009 there was a lot of disappointment, but I think that the backlash was much more muted at TEC than it would have been had the news come out at any other time, because the attendees couldn’t help but see that the most disappointed of anyone was the ILM team themselves; at the same time you could also see that in spite of their eagerness to RTM the product, they felt it was the right thing to do to hold off.  Everybody was wearing their personal investment on their sleeve – the program team, the vendors whose dependent release dates were affected, and the customers who had rollout dreams for 2009.  The ecosystem can’t be any more rawly exposed than this – yet the spirit of learning in the sessions stayed positive.

I did a session called the “Survivalist’s Guide to Identity Management”, which went really well I think – there was a lot of spirited discussion at the end, which is always my metric for whether the topic was interesting.   I think this was my most popular slide:Top 5

Can you guess what #1 was?   Ah, but that is the topic of another post :)

I think the best session that I attended was put on by Patrick Harding from Ping Identity.  His presentation was an excellent big picture summary of federation as seen through the perspective of the different players – what the trends are, and also which trends had big red flags associated from various perspectives.  His big picture encompassed federated provisioning too – something I believe that more people need to start paying attention to, and fast.  For a first time TEC presenter, I think he definitely fell right into the spirit of TEC – digging to the heart of the overall problem with the belief that truth begets loyalty 100%  more reliably than marketing shlack.

Lastly, I can’t finish a TEC wrap-up without talking about the Wook Lee Pro/Am Memorial Challenge – last year was a visual challenge – this year, the challenge was auditory.  We chose to accept the challenge from Stuart Kwan to communicate the attendees’ top 10 feature requests for the next version of the federated identity suite – through the medium of an Elvis song.

Two days and a few alcoholic beverages later, we were ready – and the Quest multimedia gurus were there to make sure we could never ever live this down.  Just remember – these are all highly respected members of the tech community – make fun of us too much and your implementations might mysteriously develop problems :)  We had a blast putting this together, and we hope you all enjoy this in the same spirit as we did.

TEC and the Targeted Conference Value Proposition

I’m in the airport, exhausted after another fun-filled Experts conference.  TEC (The Experts Conference), formerly known as DEC (The Directory Experts Conference) is put on by Quest, focusing on Microsoft & Microsoft partner technologies for directory, email (new this year), identity and access.

I have a lot of positive things to say about the conference, the content, the people, and most importantly the shenanigans that we all got into (and yes, there is video), but before that, I’ve been thinking a lot about a conversation some of us had at lunch one day.  The topic came up of what it is that this conference delivers, compared to say a Tech-Ed.  My first reaction was to laugh – after all, the difference is so stark, that (as somebody else at the table said) you would have to be an IDIOT not to see the value proposition for TEC over Tech-Ed.  Still, in these economic times, travel budgets are shrinking, and travel cost must be strictly justified by return on investment, so I thought I would try to come up with my thoughts and reasoning on the exact value that conferences like TEC give over the Mega Monster conferences.

When you go to an OpenWorld, or a Tech-Ed, or an RSA, you can only be the recipient of a generic experience.   You assemble out of the dark swirls of a multitude of swarming faceless people to see a given session.  You may participate in a question and answer period.  After that however,  everybody files out of the room and disappears back into the faceless swirl.  You may have friends at the conference;  you may even meet new friends there.    Chances are, however, that the entire population of any given session are not going to file out of the room at the end and immediately all head to the bar to have a pint and debate the merits or disadvantages of that particular session.

Contrast this with TEC.  At TEC, you are riding elevators with people who are doing the same things you are doing.  You are eating lunch with them.  You see them over and over again in various sessions.  Every conversation you overhear is about something that matters to you.   You begin to recognize faces,  enough so that if you see somebody later that was at an earlier session, you can ask their opinion on it.   Small talk with strangers isn’t about the weather.  It’s talking about who you work for, and what kind of deployments you have under your belt, and what your horror stories are.

The vendor floor at a big conference is a disaster too.  You walk past aisle after aisle of things that won’t help you do your job.  Maybe you find the vendors you are familiar with, should you walk far enough – but how likely is it that you are going to differentiate between a vendor you are unfamiliar with because they don’t apply and a vendor you should be familiar with?  Maybe you’ll see a key word that brings you in.  If you happen to walk down that aisle.

At TEC, the vendor area is right beside the session rooms, not on a separate floor of the building, a hike away.  People are in that room frequently, even if they aren’t looking to buy anything.   It’s easy to fall into a conversation with a vendor, because they are in a welcoming environment with snacks and beanbags; there isn’t a sense of ‘us and them’ like the one you get when you’re in a massive conference hall, looking down endless rows of flourescently lit, identically shaped sales boxes complete with flocks of marketing folks in identical shirts.  Additionally, many vendors at TEC have a long-standing relationship with the conference.  This means that the faces of the vendors at TEC are often as well-known to attendees as those of the speakers.   I don’t know any sales psychology, but I think that there is an obvious improved ability to speak with potential customers.

Then there are the speakers.  A lot of the speakers at TEC are polished and experienced,  but sprinkled in there are a number of technically astute speakers with little public speaking experience.   It sounds risky, doesn’t it?  After all, these kinds of speakers would never be accepted at the big monster conferences.  The reason TEC can safely find new talent and put that talent into the lineup, is because they attend their own conference year after year.  They find the outspoken folks and encourage them to propose talks for the next year, and they *remember* who has potential and give them a chance.  They can only do this because they take the time to truly know their attendees.  I was just such a person;  For 5 years I had hopefully submitted proposals to speak at tech conferences, and I had been rejected, year after year.  By taking a chance on me, and on others in this community, TEC acts to diversify the speaking pool, something that is sorely needed;  something the big “play it safe” conferences refuse to do.

Last, let’s consider the two primary vendors involved,  Quest and Microsoft.  This was the first meeting between attendees and most of the Quest employees that weren’t part of the NetPro acquisition, as such they are newbies in this community – but I think everyone’s first impression of Quest as the conference host was extremely positive, and I have to imagine that opportunity to expose all these people to their product must be a huge win for them.

For Microsoft – well they just win win win.   When MS sends their program teams to TechEd, the developers satisfy their mandated customer-facing activities, then go back to hanging out with each other.  At TEC, enough of the attendees are familiar faces that the urge to ‘stick with people you know’ ends up being a large and diverse group.  As a result, the program team appears to be and actually are much more accessible, meaning that people who are too shy to speak up right after their session feel comfortable enough to maybe share information and experience later, at a hospitality suite or in the hallway.  Is that a rare thing?  Oh yeah. The chance of running into the lead developer for the feature you’re desperate to give input on at Tech-Ed is slim to nil. The chance of it happening at TEC is pretty darn close to 100%.  TEC puts the teams into the soup with the very people who have the most to say to them, but without the confrontational setting of a client meeting; they get to hear and respond to questions, comments, kudos, etc – in a way that can never happen at a big conference.   The product team gets to talk to administrators of different sizes, in different verticals, not just the customers that account managers deem to be “worth it”.  They get to talk to partners and Integrators. They get to hear horror stories and success stories, and they get to hear suggestions about product that may never make it to an official list, but that can give the developer a sense about their product as a whole.  I believe the process of putting the product team together with customers in an environment like TEC humanizes everything — customers see the human beings behind the features (and sometimes the bugs) and the product team not only gets appreciation for what they have done, but hope and excitement for what they are doing now.   Perhaps the greatest benefit, however, is in the overall goodwill that this conference wins for the Microsoft Federated Identity group.  MS attendance at TechEd is expected.  Coming to TEC is a labor of love, and we can all see it.  It is the world’s most effective and sincere marketing campaign.

And the thing that ties this all together is the community:  The MVPs, whose onsite knowledge and product expertise help to bridge the vendor-customer gap;  The passionate advocates on the client side who really want the products to be awesome; The speakers, who are a great mix of all of the above.  And of course the rubber chicken and the Wook Lee Challenge and the legend of Joe and Dean, and all the other things that bring a sense of humor, and a thread of history to the whole mix.