The Hidden Benefit of Security Conferences

The Hidden Benefit of Security Conferences

The Hidden Benefit of Security Conferences 698 262 TorryCrass

By Torry Crass.

I’ve been going to security conferences for a while now, a bunch of them; BlackHat, DefCon, RSA, and a smattering of BSides and various other conferences in my area. Sometimes I present, others I volunteer at, and the rest I’m simply an attendee. Conferences are a great resource in the security community and I would encourage everyone involved in security to attend them.

There are three main reasons why you should attend a security conference:

  1. The talks; to learn something.
  2. The networking; to share experiences and valuable tidbits with others in the field (or even folks on the fringes, these could be lawyers, audit folks, communications, business leaders and definitely newcomers to the field).
  3. The vendor areas; this is often a hidden gem of information for anyone who either has a part in running, or wants to run a security program someday.



Talks at conferences vary in topic and quality from event to event. The goal of most talks is to share new tools, methods, and experiences that the audience can reflect on or take home and apply to their own shop. Depending on the presenter and the style, you may end up in a talk that is simply informative, maybe presenting research results, and sends a lot of data your way that you need to boil up to find out how it fits in your knowledge space. Some of the best talks are more interactive and might even require crowd engagement (hard to do, but some of the best I’ve ever attended).

Through all of these talks, there is one very important thing… they’re likely being recorded.

This is important because most people, including me, attend conferences for the value of learning what is presented in the talks. That’s important, but talks being recorded is also important, especially for larger conferences where you may have conflicting tracks and you may have to choose between multiple presentations.

I recommend checking the schedule early and identifying the must attend talks and keeping the rest flexible. Especially since the next two reasons, are often of greater value than the talks themselves.


“LobbyCon” as it is so endearingly referred to, is the human networking aspect of conferences. I’ve attended a few conferences with intent to make it to several talks and in the end realized that I’d not made it to a single talk.

If this happens, there’s often a good reason, you ran into one or more social situations during the event that engaged you so well that it exceeded your drive to break away and enter a talk. Don’t fret, networking is a HUGE part of the security industry. Why? Because there are not enough people in it, everyone looks at things a little differently and sharing those perspectives can sometimes be more valuable than attending a talk. Maybe the person you’re talking to has the in on a cool job opening, maybe they can help you out, maybe they’re a role-model… maybe the folks you’re talking to look up to you?

The community, even for as large is it may be, is tiny and getting to know people is a great way to understand the industry, how it works, who’s a part of it, what challenges exist and ideas for solving them. You might even walk away being able to call someone a friend.

And LobbyCon is not recorded, as far as we know. 😉


SWAG! Need I say more? Seriously though, how many more black logo t-shirts can you fit in the closet? While people tend to highlight the run on vendor swag, there’s another, often overlooked aspect to the vendor areas.

I tend to plan time into my conference schedule to visit, even briefly, as many vendors as I reasonably can (at RSA or BlackHat this can be a hefty feat since they boast hundreds of vendors). For those involved in running or building security programs, the vendor area can be a gold mine of useful information; your one-stop-shop to look at the security marketplace. This is an opportunity for you, as a program leader to find and lightly review the technology and solutions on the market today, maybe some up-and-coming groups that are doing something different, maybe better, than the other guys. I remember first seeing Crowdstrike in a small booth off to the side of the vendor area and watching over the next few years as they’ve become a dominant force in the industry moving into the big-booth space.

For a program leader, sacrificing your visit to the talk on the latest assembly level techniques to embed malware into vulnerable driver software may translate to time well spent human networking and reviewing the current solutions market. With this information, you may also be able to make some general inferences as to what problems other people are having and gauge your risk management to see if you’re already covered or need to make some adjustments.

Not to mention, now when you talk to vendors asking for your time on a “15 minute demo” you may already have an idea of whether or not that activity is worth your time.

Utilizing the vendor area, with other security program management aspects can help you to plan out your security program for years to come. It might even give you an edge because you’ll be able to modify strategically and tactically where needed to get the best tools and resources in place for your company and level of risk.

Now you can explain your roadmap to the vendors instead of the other way around.