By Katherine Teitler
January 6, 2016
Get the party started
After planning to prepare to attend a security conference and deliberating your engagement strategy onsite, the next step in maximizing your security conference experience is thinking through how to get the most out of the information, ideas and advice provided during the event. Conferences can deliver an overwhelming amount of information, and it’s not unusual for attendees to feel sensory overload. Therefore, developing a method for handling all of that information is key to a better conference experience, both while onsite and afterward when you return to your office.
Pumpin’ up the volume, breakin’ down to the beat
Keep an open mind
Security conferences bring together a group of experts working in one functional area, but even within the classification of “security,” we have engineers, analysts, strategists, architects, administrators, etc., and each has a slightly different perspective on how to “do” security. Then layer on top the different industries, geographies, brand profiles, and public perceptions of the companies from which each practitioner hails, and you have more opinions than you can shake a stick at.
How can attendees take it all in without feeling inundated? Keep an open mind and don’t be too quick to judge. It’s inevitable that you’ll hear at least one presentation, opinion, or be involved in a conversation with which you disagree. Before dismissing the speaker’s point of view, however, realize that no two security programs are the same and that every organization has its own threat landscape, risks, risk tolerances, infrastructure, data, resources, skill sets, etc. Based on this, and because there are often more ways than one to solve most problems (security or otherwise) when someone has a different perspective, think it through. If you disagree, a conference is a very good place to ask questions and press the person for more information on why she or he feels or thinks that way. What experience(s) did they have? Were there extenuating circumstances that influenced the person’s security team to implement/integrate/manage a technology/incident/situation in a particular way?
Find out the reasons why before summarily writing off people and ideas. Unless someone is arguing for, say, never changing default passwords on administrative accounts or not testing patches before they’re rolled out, maybe there is something you can learn from that person’s perspective. Maybe you take away nothing beyond hearing someone else’s opinion. Either way, you’ve learned something new. And that’s the whole point of attending a conference.
Cruisin’ through the west side
To keep an open mind, you must first hear what the imparters of information are relaying. Quite often at events, I see attendees who’ve printed or are looking at download copies of presenters’ slides (if they’re available beforehand). Instead of listening to what a presenter is saying, what “color commentary” he or she is providing, the attendee is scrutinizing the presentation deck itself.
Understand that presentation guides are just that: guides. They are not meant to impart all of the wisdom the speaker has to offer, and should not serve as a standalone factual document. Sometimes speakers try to get around this quagmire and create text-heavy presentation decks. Doing so is not the solution and often proves distracting for the audience (i.e., decreasing the value of the experience).
What should be happening during presentations is active listening. This means focusing on what the speaker is saying and using the presentation deck as a supplement, not the other way around. About active listening during conference presentations, David Kennedy, Founder and Principal Consultant at TrustedSec says, “I usually write specific bullet points to research later and go back after the conference to try to learn more about a topic. I think it helps keep new topics fresh in my head and helps me learn a lot of the information that may be presented.”
Kennedy’s advice combines the idea of keeping an open mind (“go back … to learn more”) and engagement (mentioned in part 2 of this series). To truly hear what a person is saying, you must be both actively engaged and open to his/her ideas. Focusing on the deck alone, “might not be the best way to obtain knowledge from a presentation,” says Kennedy (who is also not for distributing presentation decks to those who have not attended his talks). If you’re too busy scrutinizing a PowerPoint deck to fully absorb a speakers advice, you’re not maximizing your experience; you’re inside your own head, which you can do perfectly well alone, in your office. We humans learn best from exchanging ideas, and this is the opportunity conferences offer.
We’ll be checkin’ the scene
As you plan out your security conference schedule and professional goals for 2017, consider how preparation, engagement, and keeping an open mind can aid your experiences. When most infosec practitioners think about attending industry events, they think about networking with peers and learning new information but don’t examine at a granular level what comprises effective or satisfying “networking” and “learning.”
Arming yourself with a plan for how to navigate the event, ideas on how to become more involved with fellow attendees and speakers, and the intent to remain amenable to new or different thoughts/opinions/concepts will result in an improved conference experience and provide more tools you can use in your day job. The more you know, the better security practitioner you’ll be; leverage something you already have in your professional arsenal—conferences—to grow your own skill set, increase your knowledge, and be more effective in 2017 (and beyond)!
This article is the third and final post in a series about “Maximizing Your Security Conference Experience in 2017.”
More Infosec Articles