<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">I said my piece about infosec conferences years ago.</div><br class=""><a href="http://grugq.github.io/blog/2014/05/11/the-episode-17/" class="">http://grugq.github.io/blog/2014/05/11/the-episode-17/</a><br class=""><br class=""><br class="">I think the value in cons is in the networking and the idea generation.<br class="">That doesn't always come from the talks. At the same time, I think things<br class="">are improving now, there is better knowledge preservation and sharing than<br class="">before. When I first started speaking at cons no one was taking videos and<br class="">few even bothered to archive the slide decks. These days videos of the<br class="">talks are out, along with slide decks, and frequently even white papers,<br class="">shortly after the con (sometimes even during the con -- CCC, HITB, etc).<br class="">This is good because it allows people to find something interesting, learn<br class="">about it at their own pace, and build their knowledge base themselves (if<br class="">they're so inclined). It is particularly useful for people who live on the far<br class="">side of the world and can't make it to as many conferences as they would<br class="">like *cough* *cough*...<br class=""><br class="">The down side for speakers, though, is that conference taping is kill the<br class="">con speaker circuit. A decade ago it wasn't unusual to invest time into<br class="">preparing one talk (hopefully a good one) and then present it at several<br class="">different conferences that year (Security Vacation Club, represent!). It is<br class="">a lot harder to do that these days because the first presentation of that<br class="">talk is probably online somewhere and there is not much incentive for the<br class="">CFP committee to select a talk that anyone can catch on YouTube. I think<br class="">this is a bit sad because it means that the talk doesn't get refined and<br class="">improved through audience feedback (INFILTRATE is one of the few (only?)<br class="">cons that directly addresses this problem, AFAIK). I also think it is sad<br class="">because it further incentivizes speakers to "save up" for the best con they<br class="">can hope to get into. This means less networking with other people in the<br class="">community because the speakers attend fewer cons.<br class=""><br class="">I am not even doing to touch on other problems such as how, as a community,<br class="">we don't do much peer review of presentations; we don't archive and<br class="">preserve the knowledge that does get shared; we don't have anyway for<br class="">academics (or anyone!) to easily cite our work, or search it, or otherwise<br class="">explore what the state of the art actually is, or what the real problems<br class="">are, etc. etc. Infosec needs librarians badly.<br class=""><br class="">Conferences are a terrible way to preserve (or transfer) knowledge. Twitter<br class="">is in many ways even worse, and yet that's where a lot of the public<br class="">information on current infosec theory and practice is being debated and<br class="">formulated. As an industry we're plagued by these ephemeral mediums. These<br class="">issues are things that the industry will need to address.<br class=""><br class="">Now, if you'll excuse me, I'm going back to Twitter to post GIFs, and<br class="">continue being part of "the problem with infosec!!"<br class=""><br class=""><br class="">cheers,<br class=""><br class="">—gq<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jun 3, 2016, at 22:53, Julio Auto <<a href="mailto:julio.auto@gmail.com" class="">julio.auto@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Also prompted by (and arguably relevant to) the same point: <a href="https://twitter.com/thegrugq/status/738334152513048576" class="">https://twitter.com/thegrugq/status/738334152513048576</a><div class=""><br class=""></div><div class=""> Julio Auto</div><div class=""><br class=""></div><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Fri, Jun 3, 2016 at 10:40 AM dave aitel <<a href="mailto:dave@immunityinc.com" class="">dave@immunityinc.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class=""><p class="">From Spender's recent <a href="https://grsecurity.net/SSTIC2016.pdf" target="_blank" class="">Keynote</a>:<br class="">
</p>
"""<br class="">
Conferences poor method of knowledge transfer <br class=""><p class=""> Good method of making audience feel “knowledge” transfer <br class="">
</p><p class=""> Accept that it’s basically show-and-tell, that understanding
of a topic requires
more than an hour, sometimes with weeks/months/years of background
knowledge</p><p class="">"""</p><p class=""><br class="">
</p><p class="">As someone who helps run <a href="http://infiltratecon.com/" target="_blank" class="">INFILTRATE</a>
I want to point out that while I totally agree that conferences
can be hard to use as knowledge transfer mechanisms, that they are
getting better. In particular I want to point people towards this
very long piece on how everything connects together, especially
those of you who attended INFILTRATE: <a href="http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html" target="_blank" class=""></a><a href="http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html" target="_blank" class="">http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html</a></p><p class="">This is also true of training: I'd love to find a way to offer a
continued education series based on the INFILTRATE classes. And I
have another post coming out to connect more dots from INFILTRATE
2016 shortly. But Spender is right: Conferences, a mainstay of our
community, can be too much about show and tell, and not enough
about scientific progress. (That said, I think INFILTRATE is the
best among them in that regards, of course. :))</p><p class="">And we ARE offering the INFILTRATE training again <a href="https://twitter.com/Immunityinc/status/738404651712798721" target="_blank" class="">both
in NYC and (strangely enough!) Columbia MD</a>.<br class="">
</p><p class="">-dave</p><p class=""><br class="">
</p><p class=""><br class="">
</p><p class=""> <br class="">
</p><p class=""><br class="">
</p>
</div>
_______________________________________________<br class="">
Dailydave mailing list<br class="">
<a href="mailto:Dailydave@lists.immunityinc.com" target="_blank" class="">Dailydave@lists.immunityinc.com</a><br class="">
<a href="https://lists.immunityinc.com/mailman/listinfo/dailydave" rel="noreferrer" target="_blank" class="">https://lists.immunityinc.com/mailman/listinfo/dailydave</a><br class="">
</blockquote></div></div>
_______________________________________________<br class="">Dailydave mailing list<br class=""><a href="mailto:Dailydave@lists.immunityinc.com" class="">Dailydave@lists.immunityinc.com</a><br class="">https://lists.immunityinc.com/mailman/listinfo/dailydave<br class=""></div></blockquote></div><br class=""></div></body></html>