So it's Friday, and the week has once again run away from me... but as I sit and look at my notes from InterOP Las Vegas, I have a few short comments on the trade show, and some of the large shows in general that I've attended or spoken at lately... since I'm seeing trends, probably many of you are too.
Attendance at the "Big Trade Shows"
The "big trade shows" (RSA, InterOP and others) have hit an interesting point. Over the past several years many of the speakers I've had conversations with have commented that the specific level of knowledge at these shows is dropping.
What this means is that the people who are coming to a talk on "cloud security" for example are less and less knowledgeable about the topic they are going to hear and learn about.
I think there are a few reasons for this, namely, as the economy has tanked and these trade show have struggled to keep the large numbers of attendees of years past they have to invariably attract more and more people from all spectrums of knowledge in technology.
The more educated you are on a topic, like security, the more likely you are to go to a specific conference that addresses that topic - which is why you've seen conferences like OWASP flourish while the larger generalist trade shows have been anemic... at least that's what I think.
While this isn't necessarily a bad thing, after all we do need to educate as many as possible, it's harder to recycle our old presentations because they go over most new attendees heads.
Not every speaker can make the adjustment both in planning and on-the-fly to meet the education and knowledge level of the audience. Without that capability, what you have is a lost audience and a frustrated speaker.
Getting 'em Talking
So I will admit that over the last year or so it has become incrementally more difficult to get an audience more engaged and talkative. The case where people stare at you speak, hopefully don't snore, and nod their heads and clap then leave when you're done is more common than ever before... at least in my experience... and that's what really worries me.
The conferences I speak at deal in software quality and security... so I don't expect many super-generalists in the audience. I also expect that if you're coming to hear about the KPIs of Software Security Assurance you're relatively interested in the topic and not just looking to kill time.
I'm not saying that this doesn't reflect on me as a speaker... but I've seen many of us struggle to engage our audience and it's hurting both the presentation and the message if we expect our attendees to "do something" with what we're teaching them.
Breaking is Still Sexier
Yep... if you've got 2 competing talks and one is a "how to fix it" and the other is an "0-day" talk guess which one gets most of the attendees.
I mean... I totally get why this is the case, right, we all want to hear the next cool thing but don't you go to a conference or trade show to learn something and bring it back to your office and use it? Isn't that why your management approves your time off and pays your way?
Maybe I'm missing something here, but there aren't enough "how to fix it" style talks at the conferences out there... OWASP is the closest thing to that - and even that's not enough.
The Niche Cons
Finally, we come to it ...the niche cons. The BSides, the THOTCON, ATLSECON and others... these little cons that attract more people from out of the woodwork than you'd ever expect.
Why are they so wildly successful? Why do over a hundred people show up in a town like Halifax, NS Canada where you'd never believe there were that many InfoSec practitioners total?
The secret is the "small-con feel"... laugh all you want but it's true. The reason that BSides and smaller regional conferences have seen a new life recently is that people like to feel a sense of community, belonging, and intimacy that you just don't get when 3,000 people show up to a trade show.
In the end...
In the final analysis, the small cons are thriving, and the big trade shows are left trying to keep their attendance levels. Each attracts their own crowd, their own 'niche' and support -but we like it that way.
We like it this way because at the end of the day, people like me who are out there trying to educate prefer to preach to the crowd who hasn't heard the message yet - and really needs to - over those that already agree with us.
If I want a sense of community I'll hit one of the niche cons (coincidentally, I'll see you guys at BSides Detroit soon!)... where I'll be among friends and share conversation without the 'vendor marketing' push.
Yea, I think I like the way this is all evolving very much.
Go learn. Go speak and teach others if you have something to say.
But don't just sit there "doing your job" and thinking that you don't need to participate - because this isn't a career for armchair quarterbacks.
Cross-posted from Following the White Rabbit