Conferences are on my mind at the moment. Partially, it's because I recently attended the Open Source Summit and Linux Security Summit. I'm also in the process of submitting speaking proposals to various upcoming events and will be travelling to at least one more conference this year.* There seem to be four main conference types:
- Industry: These are often combined with large exhibitions, and the most prominent ones in the security space are Black Hat and RSA. Sometimes the exhibition is the lead partner: InfoSec has a number of conference sessions, but the main draw for most people seems to be the exhibition.
- Project/language: These meetings are often associated with open source, and examples include Linux Plumbers Conference or OpenStack Summit.
- Company: Many companies hold their own conferences and invite customers, partners, and employees to speak. The Red Hat Summit is a classic in this vein, but Palo Alto has Ignite, and companies like Gartner run focused conferences through the year. The RSA Conference may have started out like this, but it's now so generically security that it doesn't seem to fit into this box.**
- Academic: These mainly give academics a chance to present papers, and some of these overlap with industry events as well.
I've not been to many academic conferences, but I get to a smattering of the other types a year, and there's something that annoys me about them.
Why go to conferences, anyway?
- They're a speaker.
- They're an exhibitor with a conference pass (rare, but it happens, particularly for sponsors).
- They want to find out more about particular technologies (e.g., containers or VM orchestrators).
- They want to find out more about particular issues and approaches (e.g., vulnerabilities).
- They want to get career advice.
- They fancy some travel, managed to convince their manager that this conference was vaguely relevant, and got the travel approval before the budget collapsed*****.
- They want to find out more about specific products.
- They value the "hallway track."
A bit more about the last two—in reverse order.
The "hallway track"
I'm becoming more and more convinced that this is often the most fruitful reason for attending a conference. Many conferences have various "tracks" to help attendees decide what's most relevant to them. You know the sort of thing: "DevOps," "Strategy," "Tropical Fish," "Poisonous Fungi." Well, the hallway track isn't really a track; it's just what goes on in hallways. You meet someone—maybe at the coffee stand, maybe at a vendor's booth, maybe asking questions after a session, maybe waiting in the queue for conference swag—and you start talking. I used to feel guilty when this sort of conversation led me to miss a session that I'd flagged as "possibly of some vague interest" or "might take some notes for a colleague," but frankly, if you're making good technical or business contacts and increasing your network in a way that is beneficial to your organization and/or career, then knock yourself out.******* I know that my boss agrees.
Finding out about specific products
The best place to learn about products is usually at a project/language or company conference. The latter conferences are often designed largely to allow customers and partners to find out the latest and greatest details about products, services, and offerings, and I know that these can be very beneficial. Bootcamp-type days, workshops, and hands-on labs are invaluable for people who want to get first-hand, quick, and detailed access to product information in a context outside of their normal work pattern, in a situation where they can concentrate on just this topic for a day or two. In the open source world, it's more likely to be a project, rather than a specific vendor's project, because the open source community is generally not overly enamored by commercial product pitches. Which leads me to my main point: product pitches.
Product pitches—I hate product pitches
Just to be entirely clear: I really, really hate product pitches. Now, as I pointed out in the preceding paragraph, there's a place for learning about products. But it's absolutely not at an industry conference. But that's what everybody does—even (and this is truly horrible) in keynotes. Now, I really don't mind too much if a session title reads something like "Using Gutamaya's Frobnitz for token ring network termination"—because then I can ignore it if it's not relevant to me. And, frankly, most conference organizers outside company conferences actively discourage that sort of thing, as they know that most people don't come to those types of conferences to hear pitches.
So why do people insist on writing session titles like "The problem of token ring network termination—new approaches" and then pitching their product? They may spend the first 10 minutes (if you're really, really lucky) talking about token ring network termination, but the problem is they're almost certain to spend just one slide on the various approaches out there before launching into a commercial pitch for Frobnitzes********* for the entirety of the remaining time. Sometimes this is thinly veiled as a discussion of a proof of concept or customer deployment, but it is a product pitch nevertheless: "We solved this problem by using three flavors of Frobnitzem, and the customer was entirely happy, with a 98.37% reduction in carpet damage due to token ring leakage."
Now, I realize that vendors need to sell products and/or services. But I'm convinced that the way to do this is not to pitch products while pretending you're not. Conference attendees aren't stupid**********—they know what you're doing. Don't be so obvious.
How about actually talking about the various approaches to token ring network termination, with the pluses and minuses and a slide at the end in which you point out that Gutamaya's solution, Frobnitz, takes this approach and has these capabilities? People will gain useful technical knowledge!
Why not talk about that proof of concept, what was difficult, and how there were lessons to be learned from your project—and then have a slide explaining how Frobnitz fitted quite well? People will take lessons away that they can apply to their project, and they might even consider Gutamaya's Frobnitz range for it. Even better, you could tell people how it wasn't a perfect fit (nothing ever is, not really), but you've learned some useful lessons and plan to make some improvements in the next release ("Come and talk to me after the session if you'd like to know more").
Showing that your company has the sort of technical experts who can really explain and delve into issues that are relevant to my industry space, and for which you have a pretty good product fit, is much, much more likely to catch my attention and generate real interest in you, your product, and your company. I want to learn—not about your product—but about the industry, the technologies, and maybe, if you're lucky, about why I might consider your product next time I'm looking at a problem. Thank you.
* OpenStack Summit in Sydney. I'm already getting quite excited: the last OpenStack Summit I attended was interesting, and it's been a few years since I was in Sydney. Nice time of the year…
** Which is excellent—as I'll explain.
*** Any particular person going to any particular conference may hit more than one of these.
**** I'd certainly be interested in learning about what I've missed. I considered adding "they want to collect lots of swag," but I really hope that's not one.
****** Particularly as my boss has been known to read this blog.
******* Don't, actually. I've concussed myself before—not at a conference, to be clear—and it's not to be recommended. I remember it feeling like being very, very jetlagged and having to think extra hard about things that normally would come to me immediately.********
******** My wife tells me I just become very, very vague. About everything.
********* I've looked it up: apparently the plural should be "Frobnitzem." You have my apologies.
********** Though if they've been concussed, they may be acting that way temporarily.
This article originally appeared on Alice, Eve, and Bob—a security blog and is republished with permission.