Rebooting Infosec Cons

Tuesday, July 31, 2012

Dan Klinedinst


I just got home from the "Vegas week" of Black Hat, BSides Las Vegas, and DefCon.  I love many things about each of these conferences; and each has things I wish they'd do better. 

This is true of all the conferences I've attended, presented at, and organized, which run the gamut from hacker cons to academic, government and Gartner cons. 

Overall, though, any of these conferences follow a similar pattern:

  1. Go to location of conference
  2. Sit through talks that were submitted months beforehand and vary wildly in signal-to-noise ratio.
  3. Get burned out on PowerPoint and go to the bar (or the Executive Dinner, depending on your job title) to network, socialize and sometimes learn more than you did in the presentations.

(Vendors: please note there is no appreciable amount of time set aside for visiting your booths.)

I'm not saying this is a bad format.  I always learn a lot, make new connections, and have fun.  However, a few questions are lingering in my mind after Vegas, possibly due to the effects of sleep deprivation:

  1. There are too many conferences in too many different places to see even 1% of the presentations.  Some speakers "make the circuit", but a lot of conferences want new material that hasn't been presented previously.
  2. Whether you see or meet the right people is largely a matter of luck - Are they even at the same conference(s) as you? Will your schedules coincide? Can you guess who they are?
  3. The more cons you attend, the less time you spend at presentations and the more time networking, because it's more efficient. 
  4. How do we get more people talking about what they're doing?
  5. How do we reach outside the echo chamber?

I'm not going to claim to have all the answers, but I have some thoughts (as always.)

1.  As a counterpoint to the standard con, look at hackerspaces.  They are even more local, but are ongoing, highly interactive and hands on.  They typically cover a much broader range of topics than information security, and that's a good thing: most intelligent people are interested in a lot of different things, and spurring creativity and conversation is worthwhile for its own sake.

2.  What's an alternative to local or "destination conferences"?  Could we have a traveling conference, like the hacker equivalent of the Warped Tour? (The DirtySec crew are almost a de facto example of this.)  Could we have a conference that spans multiple cities on the same day, with high speed network connections between them?  (Many of them already stream talks in real time.)  Could we have an entirely virtual conference, either with collaboration tools or in a virtual 3D space? (As many of you know, I'm a fan and sometime creator of 3D interfaces.)

3.  What are alternative ways to exchange information?  An example is the PXE concept at which seeks to increase the number of "nodes" (people) you interact with.  Other examples would be more tailored conversations, like the ability to look up attendees ahead of time who are interested in similar things, or more ability to create ad hoc discussion groups or BOF sessions.

4.  What is a better way to generate content?  I really dislike having to submit talks months in advance.  Can we do more hands on / interactive / workshop learning and less lecture-style? (Come on, we all hated lectures in school.)  Should more people contribute in smaller time slices, a lá Lightning Talks?  

5. Can / should we expand the content beyond just traditional computer security?  How do we spread the word to people who don't do security every day?  Does a "good hack" have to be technically complex or can it be something nifty my mom could learn to do on her smartphone?  Should we try to integrate hacking, developer, and web conferences?

6. How do we get more people DOING at the con? Writing code, working on devices, creating documents, solving problems?

7. How much ability should there be to converse outside of the conference itself (e.g. message boards, social media.)

8. Why does Internet access inevitably suck at technology cons and how do we fix it?

7. Who wants to work with me on NewCon?

I'd like to see a con that takes place simultaneously in different places and includes the ability to really participate virtually.  I'd like a robust social web site that can actually be hosted and run on the con network.  It needs a badass network.

Maybe talks should be 15 minutes, with small audiences, and be repeated several times.  I want people sitting down building stuff, people arguing, people breaking in to subgroups and being given assignments. 

I totally want remotely controllable webcambots, or, "cybernetic attendees".  I want every attendee's badge to broadcast their location and profile.  I want hacker-ish games that get people meeting each other.  I don't want egos or wallflowers, but I do want n00bs.  I want vendors to send their A teams, not booth babes or sales droids.  I want to regain the playful atmosphere.

These are just off the cuff ideas of mine.  I want to hear yours!

@dklinedinst or dan -at- bizling ^dot^ com

Possibly Related Articles:
Security Training
Information Security
Training hackers Information Security Infosec Black Hat DEFCON Presentation BSidesLV NewCon
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.