By Katherine Teitler

January 4, 2016

Get the party started

Jumping back into work at the start of a new year propels many to evaluate plans and commit to better habits, greater value, and generally getting the most out of work and/or life. It’s good to take a step back and think through what worked during the past year, what didn’t, and muse on how to maximize one’s efforts. Self-reflection is an empowering tool, and though “be a better conference attendee” might not have made your list of New Year’s resolutions, security practitioners spend a lot of time at industry conferences; there’s much to be gained by attending conferences, yet most people don’t make optimal use of their own time (and possibly their company’s funding) during adventures out of the office.

With the 2017 information security conference season ready to kick into high gear over the next few weeks, here is the first of a few thoughts on how conference attendees can maximize onsite experience so as to work knowledge gained into—perhaps—a broader set of New Year’s resolutions regarding personal betterment.

Everybody’s waitin’ for me to arrive

Prepare to attend

RTG20160404 0353When evaluating whether or not to attend a conference, most prospective attendees peruse the event agenda, speaker list, and geographic location. Once they’ve decided or received permission to attend and booked flight and/or hotel reservations, it’s out of sight, out of mind until they arrive at the venue.  

Unfortunately, this tactic often means attendees haven’t thoroughly evaluated programmed sessions and thus make decisions about where to go and what to hear on the fly, based on the talk title listed in the onsite guide or on the event app. Because talk titles don’t always accurately reflect the content of the session or the intent of the speaker, it’s not unusual for an attendee of a cleverly-worded session to exit the talk and complain, “that talk wasn’t what I expected.”

Says Ben Rothke, Senior eGRC Consultant at Nettitude and InfoSec World 2017 Advisory Board member and presenter, “When a person goes on a vacation, they do a lot of planning before reaching their destination. So too with information security conferences. You can’t just show up; you must prepare.” Rothke advises prospective attendees to first determine his or her goals for attending, then align the goals with how time onsite will be spent. If you’re attending for the educational sessions, he says, “Check the agenda in advance and determine which sessions you want to attend.” Doing so allows you to know what you’re getting into and deters the disappointment of unmet expectations. For sure, every conference has a talk or two that runs off the rails, but if you enter a situation without a clear picture of what’s planned, there is higher likelihood that assumptions won’t match reality. 

David Kennedy, Founder and Principal Security Consultant of TrustedSec and fellow InfoSec World Advisory Board member and presenter, agrees: “For me, I look through all of the talks and choose different ones that address either research or areas in which I need to grow and mark them down as ‘primary’ and ‘secondary.’ This helps me pick what talks I want to hear and determine my objectives for a given conference.”

Sendin’ out the message to all of my friends

Not every attendee travels to conferences for the sessions alone; the infamous “hallway track” and networking opportunities are extremely important in the security space. (An equal number of attendees of MISTI’s recent Threat Intelligence Summit said they attended for “networking opportunities with industry peers” and “to participate in training and workshops.”) Expecting you’ll get the chance to speak with someone at an event without setting a meeting, though, can lead to frustration. Attendees and speakers are busy and often try to juggle onsite and offsite work. If you know another attendee or speaker is someone with whom you’d like to speak, reach out in advance and schedule time. It can be informal, “Let’s meet at 6 PM at the bar in the exhibit hall,” or, “Hey, let’s sit together at lunch,” but the key is proactivity. Of course, you’ll make a ton of unplanned connections during the event, too, but if you’ve determined in your head that you want to meet or speak with Jim, Jane, or Joe specifically, ensure he or she knows and sets aside time for you, as well.

Speaker Shot 3We’ll be lookin’ flashy in my Mercedes Benz

If you’re attending an event to meet with vendors, Rothke advises to similarly plan out a schedule. Research which vendors are participating, where they might be exhibiting or speaking, and reach out in advance if you have particular questions or issues. If you’re preparing a very technical query and only marketing representatives will be onsite at the vendor’s booth, you could be disappointed with your interaction…and that’s not the vendor’s fault.

Attendees need not pour days upon days into preparing for a conference, but an hour or two will provide a clear roadmap for the event and help you determine your best course of action. It’s better to spend a little time planning than waste several days feeling underwhelmed and unfulfilled onsite.

I can go for miles, if you know what I mean

No two conference attendees’ experiences at a particular event are identical, but the first recommendation, “plan ahead,” is a universally solid and applicable piece of advice. Just like you wouldn’t take off for vacation without a general understanding of your destination, where you might stay, and what activities you might enjoy, thinking through upcoming conference attendance guarantees a more productive and less stressful time onsite. With a plan in hand, you’re freer to experience the event instead of stumbling through it.  

There’s much to be gained by attending conferences; go out and take advantage of these opportunities and your 2017 conference-going will pay off better than that lottery ticket your sister’s boyfriend’s cousin gave you for the holidays. Now, that’s a resolution we can all live by.

This article is the first in a series about “Maximizing Your Security Conference Experience in 2017.”

Click here to access part 2 of the series. 

Click here to access part 3 of the series.


More Infosec Articles

The Best of InfoSec Insider in 2016

Security and Privacy in 2017 (+3)

Security Resolution: Better Communication for the New Year

Threat Intelligence Program Staffing Requirements