[Dailydave] Knowledge Transfer

[the grugq]

I said my piece about infosec conferences years ago.

http://grugq.github.io/blog/2014/05/11/the-episode-17/ <http://grugq.github.io/blog/2014/05/11/the-episode-17/>


I think the value in cons is in the networking and the idea generation.
That doesn't always come from the talks. At the same time, I think things
are improving now, there is better knowledge preservation and sharing than
before. When I first started speaking at cons no one was taking videos and
few even bothered to archive the slide decks. These days videos of the
talks are out, along with slide decks, and frequently even white papers,
shortly after the con (sometimes even during the con -- CCC, HITB, etc).
This is good because it allows people to find something interesting, learn
about it at their own pace, and build their knowledge base themselves (if
they're so inclined). It is particularly useful for people who live on the far
side of the world and can't make it to as many conferences as they would
like *cough* *cough*...

The down side for speakers, though, is that conference taping is kill the
con speaker circuit. A decade ago it wasn't unusual to invest time into
preparing one talk (hopefully a good one) and then present it at several
different conferences that year (Security Vacation Club, represent!). It is
a lot harder to do that these days because the first presentation of that
talk is probably online somewhere and there is not much incentive for the
CFP committee to select a talk that anyone can catch on YouTube. I think
this is a bit sad because it means that the talk doesn't get refined and
improved through audience feedback (INFILTRATE is one of the few (only?)
cons that directly addresses this problem, AFAIK). I also think it is sad
because it further incentivizes speakers to "save up" for the best con they
can hope to get into. This means less networking with other people in the
community because the speakers attend fewer cons.

I am not even doing to touch on other problems such as how, as a community,
we don't do much peer review of presentations; we don't archive and
preserve the knowledge that does get shared; we don't have anyway for
academics (or anyone!) to easily cite our work, or search it, or otherwise
explore what the state of the art actually is, or what the real problems
are, etc. etc. Infosec needs librarians badly.

Conferences are a terrible way to preserve (or transfer) knowledge. Twitter
is in many ways even worse, and yet that's where a lot of the public
information on current infosec theory and practice is being debated and
formulated. As an industry we're plagued by these ephemeral mediums. These
issues are things that the industry will need to address.

Now, if you'll excuse me, I'm going back to Twitter to post GIFs, and
continue being part of "the problem with infosec!!"


cheers,

—gq

> On Jun 3, 2016, at 22:53, Julio Auto <julio.auto at gmail.com> wrote:
> 
> Also prompted by (and arguably relevant to) the same point: https://twitter.com/thegrugq/status/738334152513048576 <https://twitter.com/thegrugq/status/738334152513048576>
> 
>     Julio Auto
> 
> 
> On Fri, Jun 3, 2016 at 10:40 AM dave aitel <dave at immunityinc.com <mailto:dave at immunityinc.com>> wrote:
> From Spender's recent Keynote <https://grsecurity.net/SSTIC2016.pdf>:
> """
> Conferences poor method of knowledge transfer 
>     Good method of making audience feel “knowledge” transfer 
>     Accept that it’s basically show-and-tell, that understanding of a topic requires more than an hour, sometimes with weeks/months/years of background knowledge
> 
> """
> 
> 
> As someone who helps run INFILTRATE <http://infiltratecon.com/> I want to point out that while I totally agree that conferences can be hard to use as knowledge transfer mechanisms, that they are getting better. In particular I want to point people towards this very long piece on how everything connects together, especially those of you who attended INFILTRATE:  <http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html>http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html <http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html>
> This is also true of training: I'd love to find a way to offer a continued education series based on the INFILTRATE classes. And I have another post coming out to connect more dots from INFILTRATE 2016 shortly. But Spender is right: Conferences, a mainstay of our community, can be too much about show and tell, and not enough about scientific progress. (That said, I think INFILTRATE is the best among them in that regards, of course. :))
> 
> And we ARE offering the INFILTRATE training again both in NYC and (strangely enough!) Columbia MD <https://twitter.com/Immunityinc/status/738404651712798721>.
> -dave
> 
> 
> 
> 
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com <mailto:Dailydave at lists.immunityinc.com>
> https://lists.immunityinc.com/mailman/listinfo/dailydave <https://lists.immunityinc.com/mailman/listinfo/dailydave>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160614/cc71ce4d/attachment.html>