As a long-time attendee, spearker, and volunteer are a large number of conferences, I say that you get what you go after out of most conferences.

While there are a lot of content-free events out there, a little bit of research will show you which ones have content and which ones don't.

I'm out at Black Hat this week and for anyone to say that there is not practical knowledge here for non-researchers would be absurd. Even the obscure research topics are useful, the vendors are useful, and the networking is great. However, you have to look carefully to find the golden nuggets. For instance, there were two, simultaneous keynotes today (the first day.) One was given by Tony Sager from the NSA. He is the Chief of the Vulnerability Analysis Operations Group in the NSA's Information Assurance Directorate. He talked about their work on the Security Content Automation Program that is just now becoming visible as Government, industry, and academia increase their involvement and support. He talked fast and many people missed the point: now we have a way to share infosec information between tool, people, and organizations. To get the whole story, you had to step out of that keynote and over to the Mitre booth where you could talk to Bob Martin and get a look at all of the tools that they have and the projects that they have in progress. Things like CVE and OVAL are just the tip of an emerging meta view of the infosec management problem that we are all mired in up to our ears. While this keynote had everything to do with tracking, reporting, and fixing vulnerabilities, you might have missed the whole picture unless you came to the conference with an open mind and were flexible enough to go with the flow.

I was at NetSec in June and for anyone to say that there was not practical information there is absurd. However, if you went there expecting a bunch of bit-fiddling, you would have been dissappointed. Still, there was practical, technical information there. I do know some technical types who were bored out of their minds at this event, but even they said that the networking was great. Even though the display floor was sparse, there was still great information to be had from speakers, fellow attendees, and vendors alike.

I was at RSA earlier in the year and for anyone to say there was not practical knowledge there is absurd. To the casual observer, it may look like just a bunch of marketing. In fact, this show has always been all about RSA marketing itself to the world. However, a careful look around reveals much practical information and RSA does a fine job of hosting this industry get together. With the hundreds of vendors on the display floor, it may have seemed that it's all marketing. However, there was a lot of practical information to be gathered from them. And, this is a great show for networking. After all, it is the meeting place of the industry. The variety of sessions was great. However, you had to do some work to sort out the inevitable chaff.

And, there are a ton of technical conferences sprouting up. Each has a unique flavor and each offers much practical information and a unique set of networking opportunities.

The thing to do is to set an agenda for yourself that is not too restrictive so that you can experience some of the things that are well hidden at most conferences. You know, those session titles and abstracts that don't tell the story well.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/449/34654#34654