By Katherine Teitler

January 5, 2017

Get the party started

In part one of this series on “Maximizing Your Security Conference Experience in 2017” we explored how preparing to attend an industry conference can yield positive results in terms of extracting value onsite. It’s not enough, though, to create a plan then sit back and wait for it to unfold. 

Imagine, if you will, preparing to run a marathon; you put in all of the miles on the road and pounds in the gym, moderate your dietary requirements, test the route, buy the right running gear, and get a great night’s sleep before the race. On the morning you’re scheduled to run, rather than putting all of that preparation into practice, you decide, “I’ve done all the hard work. I’ll just show up. No need to run. I can clock a good time even if I just stand at the starting line or walk through 26.2 miles.” Ridiculous? Of course it is.

Just as you wouldn’t expect to meet all of your goals for participating in a marathon—whatever they may be—by standing on the sidelines or meandering through the route, showing up at a conference and “going through the motions” won’t reap nearly the same benefits as if you actively engage.

(Needless to say, attending a security conference is significantly less physically taxing than running a marathon, plus you can usually eat muffins and drink coffee all day.)

ISW17 1Makin’ my connections as I enter the room

Engage more

We’re all busy and uber-connected, and the tendency is to constantly check emails, texts, and messages to ensure something important isn’t overlooked. The problem with monitoring our mobile devices continuously is that we miss what’s going on around us—an unrecognized connection, an important piece of advice proffered during a session, a schedule change. When humans spread our brains across multiple things at once, we‘re actively choosing to disengage from all of those things to a degree. “Multitasking” is largely a myth; while many people believe they are extremely good at doing a bunch of things at once, research shows that “multitasking” actually requires the human brain to switch between tasks, albeit very quickly. The net-net, however, is that performing/processing anything beyond a rote behavior means you’re going to lose information and accomplish less.

At conferences, spreading yourself thin frequently leads to disappointment. Very often attendees will sit through a speaker’s talk while glued to his or her phone then leave the session and complain either to anyone within earshot or on the session evaluation about (the lack or inaccuracy of) what was presented. As a conference producer, I sit through as many talks as is feasible, and I’ve watched people spend the entire session with his/her head down, typing away at his/her phone, then hand me an evaluation that reads, “The speaker was light on details,” or something of the sort. How would a person honestly know this to be true if he/she wasn’t paying attention?

Everybody’s chillin’ as I set up the groove

You can get so much more out of a conference (or any experience) if you’re wholly present. This isn’t to say conference attendees should or could power down phones from dusk ‘til dawn, but for 45 or 50 minutes, it’s more than possible to focus on the session/meeting/conversation at hand. You’ll get exponentially more out of your experience by engaging in one activity at a time. You might still miss seeing a particular person walk by in a crowded event hall, but you have a better chance of making those important connections if you’re on the lookout (rather than the half lookout).

Pumpin’ up the volume with this brand new beat

Even if you’re giving the conference your full attention—phone down, email off—it’s possible that a particular session you’ve chosen is light on details or serves up information contrary to your own. At that point, engage further by asking a question or pressing the speaker for additional details. Become actively involved in the discussion (politely and respectfully). Doing so will not only enhance your own experience at the conference, but will open up opportunity for more ideas, more sharing, more critical thinking. For everyone.

Top-rated sessions at conferences are always the ones where the audience is actively involved. Yes, every speaker prepares talking points for the duration of her or his time slot, but the best speakers understand that they are not the only experts in the room and, generally speaking, welcome audience members’ personal anecdotes—more often than not they try to solicit participation. Raise your hand, ask the speaker to dig deeper if you want to hear more; experienced speakers can deftly moderate activity in the room. And if there isn’t enough time to address all issues during the session, that’s precisely why breaks and networking receptions are built into every conference program. Bring your conversations out into the hallway. Invite someone new to lunch and debate a topic over a turkey sandwich.

Relying solely on presenters’ prepared remarks as your learning opportunity shortchanges your experience. Initiate conversations and test out your ideas in a safe environment. If you don’t feel comfortable raising your hand and chiming in in front of 100 other people, approach a speaker or fellow attendee after the session ends. Use your inquisitiveness as an ice breaker. You’ll exponentially increase the amount of knowledge and value you gain from the event, and perhaps develop a new contact who can be of assistance down the road when a sticky security situation arises.

ISW17 2Everybody’s dancing and they’re dancing for me

Reinforcing this concept, Michael Santarcangelo, CEO of Security Catalyst and presenter-facilitator of the InfoSec World 2017 CISO Leadership Summit, emphasizes that speakers at conferences are also attendees, just ones with an additional role (or two).

“Speakers are the draw for any conference. They extend an opportunity to share experience and insights connected to the topics and issues attendees want to learn about. Done right, talks are the start of productive conversations,” wrote Santarcangelo in a previous blog post and refined during a recent planning call for the upcoming InfoSec World. What this means is that speakers have the opportunity to encourage attendees to engage more. Speakers should “set the stage,” says Santarcangelo, and then make it their priority to connect with others off the podium (and not just the same, familiar folks).

Instigating an ad hoc conversation is a different skill than presenting, but speakers have a platform, and attendees love when they get to engage directly with a speaker. Start more conversations. Hear more ideas. Soak it all in. You’re attending an event—whether you’re there to officially present or not—and there’s always much to be absorbed. Everyone at the event has expertise from which you can learn, so engage with as many people as you can. Make it your mission to interact with new people every time you attend a security conference. I promise that this extra effort will pay off.

David Kennedy, who is already a very well-known and connected practitioner, considers his social engagements as he prepares for each conference. He says, “Networking aspects are important, and mingling with others to develop strong relationships is a bonus.” To engage more fully, Kennedy recommends that attendees, “visit any additional events the conference holds—for hacker conferences, things like the lockpick village are a great way to learn a new skill and meet other people. For corporate-type events, social gatherings help with networking and provide different perspectives on security topics.” He says that speaking with fellow attendees about a shared experience provides guidance or re-assurance in areas where he might be struggling or simply exploring new ways to tackle a problem.

Every conference attendee has something to be gained by meeting and talking to new people, but you can’t accomplish that if you’re a slave to your mobile device or sitting alone in a corner. Get out and mingle. The easiest opening line of all time is, “I saw you in that last session. What do you think about _(insert session topic here)_?”

I’ll be your connection to the party line

When it comes to engagement, though there are a few times during a conference when it’s best to sit back and soak it all in, you will learn more if you also actively participate—especially between sessions and during designated networking hours. A conference is the perfect opportunity to hear others’ perspectives, to bounce ideas off of colleagues, and to ask for help. No one is there to judge you (and if they are, a thousand other nice people are available to talk to instead). At an industry conference we’re all birds of a feather, so engage your community and leverage the collective expertise of the group.

As Auld Lang Syne, the traditional New Year’s Eve song, goes: And ther’s a hand, my trusty friend/We’ll tak’ a cup o’ kindness yet. Engage all of the resources available to you at conferences to expand your professional network, your knowledge, and your mind. This will make for a more productive and enjoyable 2017.

This article is the second in a series about “Maximizing Your Security Conference Experience in 2017.”

Click here to access part 1 of the series.

Click here to access part 3 of the series.


More Infosec Articles

Maximizing Your Security Conference Experience in 2017

The Best of InfoSec Insider in 2016

Security and Privacy in 2017 (+3)

Security Resolution: Better Communication for the New Year