On Skipping Security Cons

by Bill Brenner on June 15, 2015

On Twitter last month, friend and fellow infosec professional Marcus Carey suggested industry peers place too much importance on conferences:

One can take the tweet several ways.

Mood music:

Some might say he’s criticizing conference organizers for roping in people who spend all their time speaking at and attending conferences and too little time in their organizations working on the daily challenges the bad guys throw in front of us.

Others might say he’s picking on people who attend a lot of conferences simply to be seen. I don’t think he is, especially since every time I’ve seen him in person, it’s been at a security conference. The conferences I attend have a lot of repeat speakers who I’ll never get tired of listening to, such as security pioneer Dan Geer. (Watch him speak at Black Hat 2014.) Other famous speakers have done a lot of important work over time but have become less relevant lately. I won’t name names here, but yeah, I’m tired of seeing them as keynoters.

The debate over security conferences will go on into infinity. Carey’s soul searching sparked something within me, though, and it’s unlikely it has much to do with his intent.

I love security conferences. I love traveling around the world to attend them. I’ve made countless connections that have taught me many lessons in how this industry ticks. It wouldn’t be a stretch to say my conference attendance led to my current job.

But I have to admit that as the years have gone on, I’ve become almost obsessive about getting to conferences. To skip them is to be invisible and irrelevant. To stay away is to no longer be respected.
That’s how my mind presents it, anyway.

In an earlier post I called it the security rock star mentality — the notion that you had to be seen to be relevant and that by getting around a lot, I thought I was somehow better than I really was.
Early on, as a journalist, I had to attend as many conferences as possible to generate content and feed the needs of a daily news machine. In my current role, the mission is more about promoting what my company does and collecting research I can bring back to base for future use.

My current job also involves less frequent travel. Some of that is because I can easily communicate face-to-face with colleagues around the world through Skype and other video-conferencing programs.
But I’m also traveling less because there’s a lot going on in my family right now. My kids have a lot of activities I want to be there for. My father has been in hospice and I’m trying to get in all the time with him as I can. And so it goes.

I’ve noticed something since grounding myself, however: My absence at security conferences hasn’t hurt my career or workmanship. Not one bit.

The people I like to see at conferences are all available to me on Twitter, Facebook, and increasingly on Skype. Most talks are recorded and end up on YouTube within hours of being delivered. And most importantly, less travel has meant more time immersed in my company’s research. I’m working with some of the best researchers in the industry, learning more from them than I’d learn from a hundred conference keynotes.

I’m not retreating from the conference scene forever. I still get too much value from events like DEF CON, Black Hat, RSA, ShmooCon and BSides to completely stay away. I expect to travel more frequently next year.

In the meantime, I’m staying home, being around more for my family and constantly working to improve my craft.

RSA 2015 Crowd Shot

{ 2 comments… read them below or add one }

jonee June 15, 2015 at 9:40 am

Sounds like you’ve got a life – unlike some people I know. ACK

GP July 28, 2015 at 7:55 am

To conference or not.. that is the question! I often find myself asking that question from a Marketing point of view ( or can i say that on here?) . The shear number of choices is mind boggling and as an attendee I would be asking “What’s the right choice?” . Another key point about some conferences is that some have grown to large scales and you have to wonder if quality was sacrificed for quantity. It’s not easy at the end of the day and with budgets tightened up one must choose carefully.

Leave a Comment

Previous post:

Next post: