Security conferences, to me, are all but one thing… networking events.
This wasn’t always the case. The early years of my security career conference were a way to learn about new technology, what people were doing, issues companies faced, and maybe take a few tips back to the office. I attended all the talks I could go to. Every year, like clockwork.
As time passed, I found that many of the speakers were the same as the previous year and giving the same talk! I remember one managed security service provider gave the same talk three years in a row, almost word for word. This was when I started to deviate from my game plan. I would look at the three or four speaker slots, and if I had heard them before or nothing interested me, I stayed in the vendor hallway. I would like to say that’s when I started getting the most out of these conferences.
Sure, I didn’t have as many stories to share with my colleagues when I got back, but I started to make those connections with people all over the state. These connections are how I helped the company I worked for get their first security program stood up. After a local security meetup, I learned about one speaker and their company. After the talk, I introduced myself and got more details about what they did exactly. I found out that they did what my company needed, taking a company from zero to having a complete security program. After the meeting, I introduced him to my manager, and we worked together for the following year. The next year I worked very closely with him and his team, and I have to say, that year was the most informative and best training a security person could ever have. To this very day, I refer back to that experience. It would have never happened if I didn’t network.
Recently with the pandemic, I haven’t attended as many conferences. This was for two things. First, there’s a pandemic, so I wasn’t just going to a conference; many were just canceled. Second, although many companies started virtual conferences, it wasn’t the same. That social interaction with other people was missing. I could always watch the talks later at my leisure (2x them, haha). Still, I could no longer stand in a hallway and listen to somebody else’s conversation with a vendor over a product or a group of people just chatting around local pubs. That aspect was lost, and though several tried to incorporate it more, it never really took off for me.
As I write this, conferences are again starting to have in-person attendance. Based on what I see on Twitter, people are excited to meet in real life. If conferences were all about the talks, people wouldn’t have minded having virtual conferences. I wonder if things like meta-universe and gather.town took off if people would be as quick to get back in person. They allow for that social interaction that conferences are all about, but it’ll take years if it takes off.
One of my first tips about conferences is don’t avoid the smaller local ones. These are people in your area who can help build some great relationships. Smaller conferences typically need volunteers even, so just another great way to get to know people. I’m not saying don’t go to more prominent conferences because you can make friends there as well, but you’re not going to run into them in the streets. Second, even smaller security conferences are recorded and put on services like YouTube. My tip is to look at the conference schedule, and if one talk interests you, go and see if you can find if they did the talk before; you’ll be surprised how often this is the case. This will leave you for other activities like visiting another talk or my suggestion networking in the hallway.
Networking is one of the most significant benefits of a conference. They can help you land a new job, find somebody that can help you with a security struggle, or just somebody to bounce ideas off of. And that is one of my biggest take-aways to getting the most out of conferences is making sure to use your time wisely and not be scared to skip a few talks to network, even if you’re just starting in the field.