I attend a lot of conferences. I mean a LOT of conferences. There has been a growing theme at all of these events among practitioners...
Firewalls are dead. Anti-virus is dead. IDS/IPS is dead. [insert security product X here] is dead.
Meanwhile, all of the presentations at these conferences tell us why product Y is garbage and company Z is incompetent and how to break SSL into tiny pieces.
Where have all the defenders gone? Is it a lost cause? Are we well and truly hopeless and defeated?
Absolutely not. In fact it is one of my favourite reasons to attend a Security BSides event. Real local IT people sharing actual techniques that are helping them defend their organizations...