Conference trick: how to choose worthwhile security and privacy events – and which to avoid

When I started out in my career, I always believed that speakers at conferences were ‘selected’ on the basis of their contribution to the profession. I believed that if someone was on a stage speaking to an audience, they had something important to say – and it was important for me to hear it.

I went to lots of conferences and yet sometimes came away with mixed views about the content I heard. Some conferences, like COSAC, British Academy of Management, ISACA, CSX, and RSA, left me feeling satiated by the latest from the greatest. Other events left me feeling robbed, empty, with no new insights.

At the time, I wasn’t aware of a piece of the jigsaw that would explain this disparity. I was just a little young and naïve back then to know the full picture about conferences. Now, as a more frequent speaker, I recognise the trends and patterns, and why I had this mixed view.

I decided to write this post with the intention of reaching a younger audience who have recently entered the security or privacy professions. I hope to share some wisdom on how to evaluate the quality of a conference before signing up to it.

Types of conferences

Although conferences can appear similar on the outside, they are dramatically different on the inside. The quality of their content is the key. In my experience, there are four distinct types of event:

  1. Those with many sponsors. The organisers of these conferences typically make their crust from vendors who pay a sponsorship package and in return get a half-hour slot on a stage – and they profit again from the ticket charge for attendees. Sponsors can pay in excess of €25,000 for a key half-hour on a stage. Some conferences can charge even more for a keynote slot.
  2. Those with one or two key sponsors. Typically, these sponsors cover the cost of a dinner or drinks reception and receive a slot in the agenda in return.
  3. Those who have a ‘call for papers’ and blind review the submitted papers. A committee typically selects the best papers and invites speakers based on their selection. These conferences profit from either annual membership charges, or tickets, or both. These types of conferences can also frequently have a key sponsor also, who may sponsor a drinks reception or a key event. These conferences tend to attract high-quality speakers, with practical and thought-provoking presentations. Conferences such as IAPP, ISACA and COSAC fall into this category, as do almost all academic conferences.
  4. Those who do not have a call for papers and do not have a sponsorship programme. These conferences tend to be not-for-profit and are typically run by expert groups. Speakers will be invited by the chair of the group.

Conferences in the first category can often leave you feeling robbed. These events don’t often expose you to thought leadership, leading-edge practices, or even lessons learned from projects ‘gone wrong’. The speakers can frequently be focussed on selling their product, their brand, or their company. (There is one exception to my rule on this, which is RSA. It has many sponsors, many invited speakers, and a substantial call for papers. By its sheer volume of numbers, it still has some great presentations.)

In the last number of years, I have seen more and more conferences fall into the first category – that’s what prompted me to write this blog post.

Conference filter rules

I developed these rules to guide my choice of conferences and events I want to attend. By following these steps, hopefully you won’t waste days sitting in conferences that are essentially large advertising forums.

  • Consider who profits from your attendance. You, as attendee, should be the chief benefactor.
  • Consider the motivation of the organisation arranging the event. If their motivation is profit, then they may not have your best interests at heart and the speaker list may reflect that.
  • Before going to the conference, write down your criteria for how you will assess the success of your attendance.
  • Consider diversity not just in terms of gender, but in terms of speakers. A truly diverse conference will have speakers from all backgrounds, calibres, ages, genders and cultures. There won’t be a cohort of boilerplate speakers but instead a list of people who all have a contribution to make.
  • Look at advertising about the event. Heavily advertised conferences typically need ‘numbers’ to become more attractive to sponsors.
  • Look at the speakers list and determine if there are a lot of vendors (who are sponsoring) also speaking. Being a vendor does not necessarily mean they are a sponsor, and often vendors will be working on some innovative solution they would like to share. So, where a conference has many speakers who are sponsors, I advocate avoiding those.
  • Ask colleagues who are in the industry a long time if they have ever been to the conference-in-question and elicit their feedback.
  • Check the speaker biographies in advance. Are the speakers known within your industry? Have they authored books? Have they written or published papers in peer-reviewed journals? Are they suitably qualified? Do they have a reputation in your profession as an expert in a particular domain? Does their bio reflect a high-calibre individual who is frequently asked to speak on their topic? Where else have they spoken?
  • Sometimes people aren’t great speakers. They can be monotone or unpolished, or just nervous. Be kind and see beyond their social skills; try to determine from their slides and their content whether they have a contribution to make. I would rather see a bad speaker deliver great content than see a good speaker deliver weak content.

These rules are not fool-proof by any standards, however they will help reduce the number of lesser quality conferences you attend.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.