The importance of smaller infosec conferences.


Last week I had the privilege of speaking at Security BSides LA.  First, what a crazy cool venue and total Sothern Californa uniqueness.  We had our talks in a community center (very nice one) right on the beach.  Later that night, open talks were presented next to fires on the beach.  Second, being so laid back that speakers were encouraged to present while wearing beach attire made everyone very approachable and a completely friendly atmosphere was quite refreshing.  

Some key rules that make these conferences seller opportunities for your infosec team:  No advertisements, you can't mention brand names in talks nor are there vendor booths.  There are sponsors, but they have their logos on the banners and that is it.  Frankly, I was quite happy my company gave sponsorship money to help such a great organization.  It's free, yea attendance is free.  I know, it's kind of shocking.  But for the cost of mileage you can send your entire team to a quality conference where some of the best security researchers are presenting.  They even have a track dedicated to security management e.g. non technical.  Networking - if I were hiring I would be attending these looking for local talent.  What a great resource.

The format is an open forum, so while you are presenting questions are being asked.  This is intimate, energizing and more of a classroom setup vs. a conference hall filled with hundreds of people mostly tapping away on their phones and laptops vs. paying attention.  

Great speakers and researchers are flown in from all over the place.  This was one of the best parts.  While many of the speakers were from the greater Los Angeles area, there were a handful of people I would normally have to fly hundreds if not thousands of miles to see at a larger conference.  And these weren't simple talks... reviews of secure USB based computing, weaponizing telephones, lessons learned while being a professional spy, etc.  

Honestly, start to follow @SecurityBSides and find out when there will be a conference in your area... or better yet, make it happen and hold one yourself.  The BSides shows are completely volunteer based and they happen because local infosec people make it happen.  

All that said, I have added a few new friends from the conference to my tweet feed (See Security Tweets for that) and you should probably follow them if you aren't already:  @j0emccray (Joseph McCray) @shpantze (Gal Shpantze) @mattjay (Matt Johansen) @rogue_analyst (Derek Klein)  @kizz_my_anthia (Kizz MyAnthia)


The importance of smaller infosec conferences

Excellent write up. Totally agree. However, as an organizer of such events, the first of it's kind in quaility and content in Colombia, S.A, I have to tell you that it is necessary to rely on vendor sponsorship to put such an event. At least, for the first version of the event.
As long as you are clear with the vendors upfront, that they can show their products in the vendor booths, and they can't do a sales presentation, then everything is fine.
There is a need to support infosec events, as long as they provide quality presenters and quality, up to date, information.
I invite you to visit the event's page:
A littlebit more mileage for your typical event, but I'm sure it's worth it thanks to the quality of the presenters.
Thank you,
Ed Rojas
Security Zone 2011

In the case of BSides, at

In the case of BSides, at least from what I have seen, the arrangement is a bit more interesting.  Major vendors will sponsor, and while they have some ad placement, they then send some of their key public figures to speak at the conference.  This, in my opinion, gives a bit more credit to the company.  I think the tables are turning from the times of "silver bullet" solutions and as the InfoSec world matures it is coming down to "who do you have working on your team."  This builds trust in the product, not from a marketing perspective but more from one that is based on actual recognition of the people working on it.  
RSA is a vendor driven show, and really it reeks of that.  BlackHat allows some vendors to have booths yet not do product demos on stage.  They keep it small and make up the difference in charging a lot for participation in the conference.  
Good luck with Security Zone 2011!  

Just Think Security!


Now that I re-read my post, I apologize for not asking permission first to put the website address. Did not mean to use your blog as a commercial for the event.
Ed Rojas

No worries...

I should post a AUP, but I am totally okay with people posting links to conferences, other blogs, etc. that perpetuate good information security and supporting our community.  It's what the site is about.  

Just Think Security!