Why virtual cyber security conferences should be the new normal
It’s not just TV presenters who have been broadcasting from their homes during the COVID-19 lockdown. Cyber security conferences have also gone virtual, opening them up to attendees who would otherwise be unable to benefit.
Information security conferences are usually few and far between, at least in the UK. In my experience they come around now and again, generally cost an arm and a leg to attend, and mostly take a corporate perspective on things, focusing on CISO-level issues. With a few exceptions, we’re mostly talking Black Hat’s shirts and trousers rather than Def Con’s uniform of black t-shirts and shorts.
A lot of the cooler, smaller, more informal cons seem to happen over in the USA. It’s great that they exist, and I’d love to visit some of them one day, but to do so would require time off work and substantial costs for flights and hotels (even more so if they’re hosted in Las Vegas).
Then came the COVID-19 pandemic and all of that changed. With group gatherings no longer allowed, these events were pushed out of the meatspace and some of them took up a new home online.
My awareness of these new, free virtual cons began with IntroSecCon – an event run for those starting out in cyber security that aimed to cover the basics of various technical disciplines that are usually glossed over at mainstream conferences. This struck me as a great idea and something that I wish had been running a few years ago when I joined the industry.
I was familiar with much of the technical content of IntroSecCon, but what kept me watching was the general atmosphere of the conference and the people involved. Where else, for example, would I get to watch Ming Chow – a member of the Def Con Wall of Sheep team – deliver packet analysis 101?
The speaker lineup probably helped, but sitting on my bed watching the talks on the TV reminded me of August last year, when I watched some of the busier Def Con talks from my hotel room in Las Vegas, thinking about the potential of what I was learning. In fact, straight after IntroSecCon I dug out my second NIC and refreshed my memory by capturing some traffic from my home WiFi network.
But the lockdown isn’t over yet, and neither are the virtual conferences. One noteworthy event – Deserted Island Devops, which I wasn’t aware of until it was over – brought devops presentations to Animal Crossing: New Horizons. I didn’t realise what had happened before I saw a picture of a virtual Ian Coldwater giving a talk at the front of an in-game conference hall on Twitter!
Next up, I’m looking forward to Magnet Forensics’ Virtual Summit 2020, which essentially consists of two DFIR webinars per day across most of May. I’ve signed up for talks on memory analysis, ransomware, and email-delivered malware among other topics.
What’s so great about this new generation of conferences is their accessibility. I don’t need to take time off work, I don’t need to travel, and in most cases I don’t need to pay a penny to learn about cyber security from some of the best minds in the industry.
For that reason, I hope this trend continues and these events are still put on far beyond the end of the COVID-19 lockdown. That’s not to say we should move all in-person conferences online (certain types of networking only happen in person), but we could all really benefit from the educational content, digital networking opportunities, and sense of community and innovation that virtual cons foster.