I was trying to figure out the mood at the RSA security conference. Due to the recession, attendance is down 30%.
First of all, it appears that the recession affects cybersecurity less than other parts of IT. I would personally describe cybersecurity as a luxury, but compliance (HIPAA, SOX, PCI, etc.) make it a non-luxury. Companies cannot cut back on security and stay within compliance.
Second of all, it seems there has been a shift from products to consulting/services. Companies are encouraged to shed full-time employees (which commit the companies to things like health insurance and severance packages), so they fill the gaps by hiring part time employees (aka. consultants). Likewise, companies may find that if they can’t hire more people to manage more firewalls, they will stop buying firewalls, so hiring freezes can indirectly freeze product spending.
Thirdly, it appears that federal government sales are up. It appears that government departments are flush with cash. Any company that does a substantial amount of business with the government is going to post good earnings this quarter.
Fourth, it seems that when analysts go up to a booth, they are looking for work ("can I advise your on your marketing strategy") rather than information ("tell me about your product"). I've heard about a lot of layoffs in the analyst community. This is part of the larger trend that companies are trying to figure out how to do more with the products they already have, rather than buy new products. I know from experience that companies only use 20% of the functionality of their security products. I'd suggest to analysts looking for work that they write reports on how companies can use that 80% of other functionality of the products they already own.