I'm sitting in the Martini Monkey in San Jose airport, by far the best airport bar in history and possibly my favorite bar anywhere in the US. This place is a seriously funky oasis for those of us banished to the purgatory of airport terminals and solitary $10 crap beers in our hotel rooms.

Okay, I might be on my 2nd-ish beer.

I just spent the past two days working with clients out in the Valley area. Both are security startups, both are in pretty exciting markets, and I've worked with both for a while now. One is about to kick serious donkey, the other may fail despite possibly the best technology in the market. What's the difference? Giving the audience what they want.

Many of the vendors I've worked with over the years will probably tell you I'm a royal pain in the ass. I consider my objectivity to be the most important asset I bring to the analyst market and I do everything I can to protect it. You'll never see a custom quote in a press release out of me (any quotes are lifted from published research), I don't take gifts over $10 (which limits me to t-shirts I'll never wear or USB drives of dubious capacity), I rarely do dinners, and I tell all vendors, even the ones I like, that I assume nothing they tell me is true until I hear it from a client. I don't even tell vendors I have this blog, won't ever discuss a vendor I'm working with, and won't talk about this site with anyone I cover. But there's one way you vendors can influence me- it's by making a good product that meets customer needs.

Back to the two vendors (who hopefully aren't reading this). As egotistical as I am the one point I consistently emphasize with vendors I work with is shame on you if you don't validate every piece of advice I give you with your users.

End users are a mixed blessing. As a former developer, they either save you or destroy you; especially when it comes to interfaces. This is particularly problematic in the security market where we deal with multiple demographics- ranging from highly technical security experts to some dude that's just off the help desk. Users can drag you through development cycles where you're constantly adding features or UI widgets to meet the specific needs of one individual, that don't apply anywhere else. But the best product managers separate the wheat from the chaff, and rather than being distracted, focus efforts on those few fundamental features that appeal to the broadest client base.

Why is this important? Because UI is everything. Not just because it makes your product look pretty, but because a good UI increases the productivity of your users. A bad UI can add hours to someone's workday, hide the best features of your product, and banish you to the shelf. Not that some UI flash compensates for a lack of function, but a bad UI leads to an unmanageable product that's nearly useless no matter its core functionality. One of the biggest transitions a startup can make is from an engineering-driven product, focused purely on technical functions to a polished product that slides right into an enterprise security arsenal. From "cool" to "useful" to "operational".

I know some of you command line geeks disagree, but today's security professionals can barely keep up with enterprise demands and an effective management interface makes all the difference.

Besides, when you're looking at two nearly-functionally-identical products odds are you'll choose the pretty one. My wife is an extremely intelligent and amazing individual, but the fact that she's attractive sure didn't hurt. (if she reads this I might be in a bit of trouble- damn Martini Monkey).

Back to my vendors- what's the difference? One of the vendors today showed me the most significant UI advancements in a short time I've ever seen- and definitely the biggest advancement I've seen in the security market. Aside from making a more marketable product, I believe these changes will seriously impact their user base and increase the usefulness of the product. It's not perfect, but in one quarter these guys pulled off some hard core advancements- all validated with their user base. It's not just looks- they now have a serious competitive advantage because the product is more useful. The best function in the world is worthless if the user can't find it and use it effectively. And just think how much easier the sales cycle will be when clients see the first product demo and all the functionality is right in their face.

The other vendor? They've also made some very significant product advances and have one of the best technologies in the market, but the UI still needs some big work. Not only is it hard for the users to find all the functions, but the UI limitations make it seriously hard to pull all the value out of the product. My rough estimate is some operations take 2-3 times as long as they need to. It's an excellent product, functionally superior to most of the competition, but those functions are so hidden it hurts in both sales situations and day to day operations.

In rescue work we spend an obsessive amount of time packing and repacking our gear. Our goal is to optimize our ability to operate by making our tools an extension of our body. When I'm hanging off a cliff face 1000 feet off the ground at night I need to know, intuitively, where every piece of gear is hanging off of me and I need to use them effectively blindfolded.

Users shouldn't have to spend weeks in training, and months in operations, to figure out security products. A well designed user interface can hide reams of functionality while increasing user productivity.

It's about helping the users get their day to day jobs done as efficiently as possible. Nothing else matters. Listen to your users, validate with us independents, and give them what they want.

Time to see if I can get my beer through security...

—Rich

I have a love-hate relationship with Vegas.

As someone who's not the biggest fan of crowds (after way too many years of events security) this isn't exactly the most relaxing environment. As someone who hates to lose... well, if you think you can win here you're fooling yourself.

On the other hand I met my wife here (at a Jimmy Buffett concert); and as a security professional this is probably the most fascinating city on the planet (followed closely by Joha

esburg).

Vegas is a double whammy of security- on one side there's all the casino security. Cameras everywhere, multiple layers of guards and law enforcement, and the built-in security systems of the games. It's a great place to challenge yourself and try and find the holes (or catch something before the casino does).

On the other hand this is an entire city dedicated to nothing more than manipulating every man, woman, child, and sentient alien on the face of the planet. From the casino design, to the advertisements, to the very structure of the city there's no better place to come learn social engineering. Amazing. An entire city devoted to leaching every possible dollar out of your pocket through manipulation of every base instinct in your genetic code.

It's just fascinating- from the single deck blackjack tables that make you believe you're a card counter, to TV shows like Las Vegas that make casinos out to be some altruistic corporation run by locals who care. My favorite on this trip is the "ultra-lounge" here at the Rio (it's a regular hotel lobby bar with the occasional model posing on a platform). I didn't bother to check the drink prices. I was once comped a bottle of vodka at one of the lounges. We thought we'd order a second bottle, but I didn't think $300 for something you could get for $40 in the liquor store down the street was the best deal on the planet, no matter how many "actress/models" serve it.

You gotta love Vegas.

(Someday I'd love to check out the behind the scenes security- just in case any of you readers have connections.)

—Rich