Making Big Conferences Feel Small

Copyright CTBTO Preparatory Commission. Image cc license from Flickr user The Official CTBTO Photostream:

Rick El-Darwish is the blogger behind FAIL Tale.  A computer scientist, systems and networks administrator, and computer forensics and security specialist, Rick is also the Chief Technical Officer of St. Noble, a company that handles the IT and computer security needs of non-governmental organizations.

In early August, Rick went to Las Vegas to attend Defcon, a large annual hacker convention that has been running since 1993.  Rick has attended since 2008, joining a group of several thousand computer security professionals, employees of various government agencies, hackers, crackers, and security researchers. The convention takes place over several days and includes presentations, workshops, competitions and games, and social events.  Following the conference, we interviewed Rick about his experience and his advice for getting the most out of attending a conference.

KRED: Do you have a strategy when you go to a conference like Defcon and is this strategy different than one you’d use at a smaller conference?

Rick: I think my approach is pretty much the same for any conference, large or small:  it truly is what you make of it.

With the large conferences, people sometimes assume it will mean going to a venue, sitting in a chair, and listening to presentations. But particularly with Defcon, there are so many activities and so many ways in which you can actively participate that it’s a shame to just sit back and listen to people talk.

Defcon lasts four days, which sounds like a lot, but four days pass quickly and if you’re not careful, you don’t make the most of the time. Besides the presentations, there are competitions and “villages”, meeting areas where people can gather and talk about their projects or work on things together.  These villages sometimes host smaller talks and workshops.

The first time I went to Defcon, I didn’t have a strategy.  I didn’t know what to expect, so I visited everything to get my bearings and mainly stuck to the talks. The second Defcon that I attended, I was expecting to experience the same ambience and feel the same emotions, and I was disappointed.  This made it clear to me that I really needed some way to organize my time at this conference. For the third conference, I decided that I wanted to expand my experience beyond the talks, so I started going to the villages.  By my fourth conference, I knew exactly what I wanted to do. This time, I managed to balance talks, participation in the competitions, and time in the villages, where I could talk to people and throw ideas around.

When you go to conferences, before you go, you should know what topics are being discussed; you should prioritize those topics and plan out at least a partial schedule, balancing time between talks for more interactive stuff.

KRED: While attending a conference like Defcon, do you blog and tweet or do security concerns prevent you from taking advantage of these media in the same way you might at another conference?

Rick: Defcon is a hostile environment, one in which you want to be very careful what you access. You can’t trust the wireless access points and you have to make sure that you take the proper precautions so that your e-mails and messages aren’t intercepted.

Normally, I don’t post on my blog every week. I do read my Twitter feeds and my RSS feeds, and I will repost or put links with fair regularity.  Paradoxically, going to a conference like Defcon makes me wish I could post, tweet and share more, but security concerns severely limit the frequency of my posting and tweeting.

KRED: If participation in online fora or use of social media are not options, how would you enhance your conference-going experience?

Rick: Go to panels, working groups, and workshops. Find a cluster of people and work on a project together or brainstorm a solution to a problem. Find a stranger, grab a cup of coffee or a beer, and talk about your job, your frustrations, your experiences.  These things help make a richer experience than one would have just sitting there, listening to lectures.

KRED: For many, the primary barrier to following your advice is the challenge of talking to strangers. Any advice on how to overcome this obstacle?

I would say that in a conference where participants have similar backgrounds and work in the same field or related fields, where everybody is passionate about their work, you’re not going to have as much trouble striking up a conversation as you might in other social situations. You’re in a place that’s highly conducive to talking, but rather than running the risk of saying something dumb, you hesitate to say anything at all. There’s nothing you can do to make that step easier. However, you’re in a situation where everybody is really interested in what you do, because it relates to what they do and the reason they’re attending the conference in the first place. It’s a lot like the first day at school. Everybody’s starting at the same level.  Very few people know anyone else and nobody’s better than anybody else. So you might as well go out there and say, “hi, my name is Rick. I’m a security puke, and I’m happy to meet you.”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s