The Dos and Don’ts of Infosec Event Attendance: Maximise Value, Minimise Nonsense

We stand in the dawn of a new era as the mist of COVID lifts and in-person conferences and events triumphantly return. Yet, the thrill of being back in person is fleeting, as fleeting perhaps as the charge on an iPhone 5c.

With most infosec pros being time-poor, justifying time away from the office can be challenging. So, how does one get the most out of a cybersecurity exhibition or conference? Lucky for me, I’ve had the chance to attend infosec events as an end user, an industry analyst, and a vendor – so I am well-versed in the art of maximising value as an event attendee.

Each of these experiences has been unique and has provided me with a wealth of knowledge and insight into the industry’s inner workings.

“Do not be afraid to challenge the status quo; it is the only way to move forward and make progress”

As an end user, I experienced the feeling of navigating a minefield when choosing products and services. It’s hard to decide when you are bombarded with options – and trends can come and go faster than you can say “trendy”.

As an industry analyst, I had the opportunity to follow the money and innovation, identifying the key players and trends that are driving the industry forward. I saw how quickly new technologies can disrupt the status quo and how quickly the market responds.

Finally, as a vendor, I had the chance to showcase my products and services to potential customers. I experienced how important it is to understand the customer’s needs and tailor offerings accordingly.

Attending events with these three different hats on has provided me with a broad perspective on the industry and infosec events and has enabled me to better understand the challenges and opportunities.

Once you find yourself in the strange and wonderful weeds of a cybersecurity conference – filled to the brim with vendors, experts, and hackers – how do you make the most of the event?

1. Do your research. Look into the vendors who will be there. Read up on their products and services to see if they fit your needs. Also, look at the speaker list and the topics they will present.
2. Talk to people. If you want to get the lowdown on the vendors at the event, talk to those who have used their services before and canvas opinions. Discover who is attending, then grab a cup of java and have a 15-minute chat with them. You’ll be surprised at how much helpful information you can glean from a few short conversations. Go in with an objective, or you could find yourself being dragged into a vortex of negativity and complaints about the industry. Sure, it may be cathartic, but it will not help you make an informed decision.
3. Attend the vendor presentations. Most vendors will deliver a presentation at the conference, so take the time to attend them. This will give you a better idea of what they offer and how they can help you. These are also often more insightful than just a product demonstration, as you will get a more comprehensive understanding of the issues they are trying to address and their approaches.
4. Ask questions. Do not be afraid to ask questions…question everything. Challenge the accepted wisdom, the conventional approaches, and the accepted norms. Do not take anything at face value; question authority, question yourself, and never stop asking questions. Do not be afraid to challenge the status quo; it is the only way to move forward and make progress.

At the risk of sounding like Sun Tzu, it would be remiss to neglect ‘knowing thyself’. This is something I learned quite a few years into my cybersecurity career, but a principle that I have held onto. How do you respond when asked what the biggest threat to your organisation is? For years, I would cite something an analyst firm would say or re-hash some vendor stats. But when the numbers aren’t your own, they are less meaningful.

Before going to an event, I suggest this. Go through the last two years of incident logs and see the root cause of most of your troubles. You will likely find a handful of recurring issues. Those are the real challenges your organisation faces, and those will be your North Star(s) that should guide you in terms of what to focus on.

Our inherent biases will always make us see things through our own lens. We must not be fooled by the glitz and glamour of the world around us. We must be wary of the seductive words of the keynote speaker, the dazzling demonstration, and the false sense of security that comes from believing that our peers know what is best for us. We must be vigilant and challenge the status quo, for only then can we make choices that are truly in our own best interests. Do not let the world’s biases cloud your judgment – be brave and stand up for what you believe in.