Tips for Attending a Security Conference

| Comments

If you’re in the InfoSec industry and haven’t attended a security conference, you simply aren’t taking your career seriously. Attending one will inspire you and motivate you to learn new things, meet new people, and find new solutions to your problems. There are so many conferences now that there is about 2-5 every month! A realistic goal could be to attend one security conference a year.

Types of Conferences

There are two different types of conferences: community driven and vendor driven. Community driven conferences are like DefCon and BSides. These have speakers from the InfoSec community and very little corporate vendor booths. Vendor driven conferences are like RSA Conf or Cisco Live which has a massive vendor floor and almost all the talks are given to vendors to either pitch their solutions or talk on something else.

If you’re in a management or in a leadership position, you may prefer the vendor based ones to learn what solutions vendors have today that can solve your problems.

If you’re highly technical then a community based one will help you solve problems you may be facing by getting in the weeds and getting technical with others.

Tips for Getting the Most Out of a Conference

Meet people

Meeting people who have the same problems or passions than I do is the most important thing on my agenda when attending these conferences. Finding new people to share ideas with, solve your problems, or teach you how to improve is a resource you can use for years. Having a secret weapon of someone you can ask tough questions to outside of work will make you look like an endless fountain of information.

A few ways to meet people:

  • If you’re active on Twitter, find out which of your tweeps are attending and make time to meet them.
  • Join a team event with people you don’t know, such as a workshop or contest.
  • Be a speaker! You’ll have many people wanting to talk to you after.
  • Ask a ton of questions. See something you aren’t familiar with? Don’t be afraid to ask what it is or how it works. See someone else asking smart questions? Talk to them about your thoughts on the questions.
  • Go to after parties where the conversations keep going.

Adrian Crenshaw from IronGeek has attended dozens of conferences. When asked about what he suggests doing at conference he wrote:

Don’t neglect hallway con.

He’s suggesting to talk to people in line, or in the hallway, or in the chair next to you as you wait for a talk to start. Getting to know people at these conference is an extremely valuable resource.

Talks

Talks are the main event of any conference. Often there are multiple talks going on at once so it’s a good idea to get the schedule before arriving so you can plan your day.

But you don’t have to attend the talks! In 2015 there were over 50 security conferences that recorded their talks and posted them free online. If your conference is recording them, feel free to skip the live ones and just watch them later.

If you watch a talk you enjoyed or agreed with, follow that speaker on Twitter. There is a huge Twitter community of InfoSec professionals and they’d be happy to answer any follow up questions you have later.

Don’t like the talk 5 minutes in? Don’t be embarrassed to leave. It’s your time and you should do whatever you want. This kind of makes it hard when you are attending conferences with friends or a group because if you separate mid talk it’s hard to find each other.

Watch your electronics

If you’re going to a hacker con such as DefCon, make sure to leave your work and personal electronics at home. Bring a burner phone and burner laptop. Stuff you won’t care too badly about if it gets hacked into. Bring a pad and paper if you want to take notes.

Participate

Some conferences have workshops, villages, contests, mini-breakout sessions, and more. If there is a contest, try competing. Your goal isn’t to win, it’s simply to not get last place. If you can achieve that, you’re a winner. As you participate in these activities, you’ll learn new skills and meet new friends. Doing hands on activities will likely help you learn a lot more than listening to a talk.

Vendors

Talk to vendors you don’t know and find out what they do. Often I learn that they solve problems I didn’t even know existed. This kind of information can help broaden your understanding of the InfoSec space. Often, vendors will give out free things like tshirts and flashlights you can take back for your friends in the office. Take as much of this as you want.

Secret stuff

Some conferences have hidden stuff that is hard to get into. Often there are exclusive parties for customers or friends. Once, I found a hidden party through a trick door inside a phone booth. There are sometimes even hidden talks. DefCon has a thing called SkyTalks which are smaller rooms, and not recorded. This intimate setting allows speakers to tell a little more than they probably should.

BSides

Many of the major conferences have smaller BSides conferences in the same city near the same time as the larger one. These smaller BSides conferences are a lot cheaper to attend and are much more community oriented. They are definitely worth checking out and there may even be one in your town.

Summary

I hope some of these tips are helpful to you and I hope to see you at a future conference. Do you have any more tips that are helpful for attending conferences? Leave a comment below to let us all know.

conference, infosec

Comments