Last month, we hosted our monthly #SecChat on Security Conferences – what makes them worthwhile and how they can be improved. We wanted to gain insight from you, the attendees and presenters, into what conference organizers are doing right and wrong, and how mainstream security events will need to evolve in order to stay relevant in a web 2.0 world.
To begin the conversation, we asked if our participants thought that security conferences kept up with the latest trends, and if not, what should be added or updated. @JGamblin responded that large security conferences have a natural tendency to be behind the curve 3-6 months due to the CFP process, an observation supported by several participants, including @chort0 and @msarrel. @SecRunner and @gattaca also pointed out that larger conferences tend to have too many vendor-focused presentations.
Many participants recommended smaller conferences for their ability to organize quickly, which in turn allows them to deliver more timely information. @gattaca recommended BSides, SchmooCon and DefCon as conferences that are more likely to have current information, while @danielkennedy74 noted that though smaller conferences have a community feel, they also tend to be quickly overwhelmed.
We then asked participants what the benefits were in attending large security conferences. The majority of participants believed that networking was the biggest draw, with @lewisnic, @chort0 and @SecRunner (among others) all saying that they looked forward to discussions with different people and being exposed to new views and approaches. Indeed, as @danielkennedy74 pointed out, “A strategic security person must be exposed to different things (like both vendors and hard tech), and be wary of comfort zones.”
@Wh1t3Rabbit then noted that a main problem of security conferences is the lack of audience participation, while other participants criticized conference speakers for failing to engage the audience. @gattaca asserted, “if you can’t tell a story without slides, you can’t tell a story.” Participants then offered creative ways for presenters to increase audience participation, such as through quizzes, polls and raffles, as suggested by @jtyrus. @JGamblin shared his creative way to increase audience engagement, by giving away boxes of movie candy at all of his talks. Overall, as @djbphaedrus put it, speakers must make their environment dynamic and give participants a chance to find and speak about their own ideas.
Another recommendation that cropped up was the idea that security conferences need to take better advantage of social media. As I mentioned during the chat, so long as an audience can connect to a channel like Twitter through a smartphone, laptop or other mobile device, a presentation can become instantly interactive through real-time polls and Q&A sessions. Many participants, including @danielkennedy74 and @msarrel, also suggested that conferences broadcast their talks live online. Speakers can then phone in or join the conversation through social media channels and, as an added incentive for organizers, @lewisnic noted that posting slides and content online is a great way for conferences to showcase their content and attract attendees.
In sum, many participants agreed that interaction and communication are crucial to the value of any conference, whether big or small. Stay tuned for our next #SecChat towards the end of August, topic will be announced soon. Feel free to tweet at @IntelSec_Biz with any questions/feedback in the meantime.