We stand in the dawn of a new era as the mist of COVID lifts and in-person conferences and events triumphantly return. Yet, the thrill of being back in person is fleeting, as fleeting perhaps as the charge on an iPhone 5c.
With most infosec pros being time-poor, justifying time away from the office can be challenging. So, how does one get the most out of a cybersecurity exhibition or conference? Lucky for me, I’ve had the chance to attend infosec events as an end user, an industry analyst, and a vendor – so I am well-versed in the art of maximising value as an event attendee.
Each of these experiences has been unique and has provided me with a wealth of knowledge and insight into the industry’s inner workings.
“Do not be afraid to challenge the status quo; it is the only way to move forward and make progress”
As an end user, I experienced the feeling of navigating a minefield when choosing products and services. It’s hard to decide when you are bombarded with options – and trends can come and go faster than you can say “trendy”.
As an industry analyst, I had the opportunity to follow the money and innovation, identifying the key players and trends that are driving the industry forward. I saw how quickly new technologies can disrupt the status quo and how quickly the market responds.
Finally, as a vendor, I had the chance to showcase my products and services to potential customers. I experienced how important it is to understand the customer’s needs and tailor offerings accordingly.
Attending events with these three different hats on has provided me with a broad perspective on the industry and infosec events and has enabled me to better understand the challenges and opportunities.
Once you find yourself in the strange and wonderful weeds of a cybersecurity conference – filled to the brim with vendors, experts, and hackers – how do you make the most of the event?
At the risk of sounding like Sun Tzu, it would be remiss to neglect ‘knowing thyself’. This is something I learned quite a few years into my cybersecurity career, but a principle that I have held onto. How do you respond when asked what the biggest threat to your organisation is? For years, I would cite something an analyst firm would say or re-hash some vendor stats. But when the numbers aren’t your own, they are less meaningful.
Before going to an event, I suggest this. Go through the last two years of incident logs and see the root cause of most of your troubles. You will likely find a handful of recurring issues. Those are the real challenges your organisation faces, and those will be your North Star(s) that should guide you in terms of what to focus on.
Our inherent biases will always make us see things through our own lens. We must not be fooled by the glitz and glamour of the world around us. We must be wary of the seductive words of the keynote speaker, the dazzling demonstration, and the false sense of security that comes from believing that our peers know what is best for us. We must be vigilant and challenge the status quo, for only then can we make choices that are truly in our own best interests. Do not let the world’s biases cloud your judgment – be brave and stand up for what you believe in.
Javvad Malik is the lead security awareness advocate at KnowBe4, based in London. With 20+ years of experience as an IT security administrator, consultant, industry analyst and security advocate, Malik is a multi-award winner and set the Guinness World Record for most views of a cybersecurity lesson on YouTube in 24 hours. He educates his audience through blog posts, videos, podcasts and public speaking events, and holds the SACP and CISSP certification.