[Infowarrior] - Security conferences versus practical knowledge

[Richard Forno]

Security conferences versus practical knowledge
Don Parker, 2007-07-18
http://www.securityfocus.com/columnists/449?ref=rss

Since computers became mainstream in the early to mid-nineties a whole
ecosystem has developed around them, in order to maintain that humble
computer. The various parts of that ecosystem range from the companies who
make computers to the software companies who program for them.
Click here for Core!!

In between those two linchpins though are many other components which have
now become a fixture on the landscape that we now know as the Internet. For
example you have the computer certification industry, a myriad of computer
magazines, a vast array of websites, and computer conferences to name but a
few parts of this very large pie.

One of the biggest parts of the computer industry as a whole is that of
training. This training comes in many forms from a large variety of vendors.
That training then in turn pretty much spawned the certification industry.
Not long after that came along the computer conference, be it a sys-admin
oriented one, or that of the computer security themed one. While the
training industry as a whole has evolved rather well to suit the needs of
their clients, the computer conference - specifically the computer security
conference - has declined in relevance to the everyday sys-admin and network
security practitioners.

Many would beg to differ with me on that last statement I am sure; let me
expand upon this before you render judgment. We go to training vendors who
offer courseware on Cisco and Microsoft technologies for example. By and
large the course offerings are quite good, and just as importantly, relevant
to the task at hand ie: maintaining your computer networks. Today's computer
security conferences no longer offer relevant, or practical knowledge to the
attendee. Be honest now, when was the last computer security conference that
you went to where you came away from with several ideas to implement
immediately onto your networks? I would wager none. The same can not be said
of the training tracks now offered at most of these conferences. This
training is offered by experts in the field, and is quite good. Furthermore,
it is one of the few places to find advanced courseware on such subjects as
reverse engineering to name but one.

There is an important point to be made before I go on further. I am in no
way impugning the talent or skill of the people who present at today's
computer security conferences. I myself have submitted talks only to not
make the cut. Truth is though, I don't feel too bad at losing out to the
likes of those who ended up giving the talks. What my not making the cut
sank home for me though was that there are precious little practical talks
going on today at computer security conferences. Throughout my time spent as
a freelance writer and courseware developer slash instructor is that there
is a very real demand for practical knowledge. This is why SANS still reigns
supreme when it comes to computer security courses. One could argue that
some of their courseware is dated, however, it is very much practical
knowledge that one can implement immediately.

So why are the conferences still packed?

Well with the arguments I have just made one would think that computer
security conferences would be empty. Reality is that these conferences are
pretty much always sold out or close to it. Why is that you ask? All IT
managers have budgets, and that is no different for those IT managers in the
employ of .gov .mil and other large government departments. What these
managers must do is expend those dollars, and an excellent way of doing that
is sending employees on a computer security conference. So what we now have
then is a company funded junket. Nothing wrong with that at all. I enjoy
having a beer with friends that I meet at these conferences, and picking up
some knowledge as much as the next guy. Problem is that even though I think
I have a fairly well balanced skillset a lot of the topics being offered are
of no interest to me. This is due to the simple fact that they are not all
that relevant to the network(s) that I work in.

Does this then mean that it is a total waste of time to attend the cutting
edge computer security conferences? Not at all. Just realize what it is that
you are going to get out of it ahead of time. There are excellent speakers
there with quite often what is cutting edge research. The question you need
to ask yourself is whether or not you or your company will benefit from any
of those talks. One of the best things to come out of these conferences are
the training that is offered. That in and of itself is worth the attendance.
It is not everyday that you can receive training by some of the best minds
in the business today.

Is there a solution?

Well I have now laid out what I perceive to be as the shortcomings and
strong points in today's cutting edge computer security conferences. What we
need to find is a happy middle ground. A conference then that caters to the
large mass of sys admins and network security types who while competent
still have not mastered their craft. After all being the sys admin in a
large Microsoft Windows network is no easy task. There are a myriad of
practical skills that one needs to attain, and ideally master. How many
people can say that they reached a comfort point in the application and
maintenance of Group Policy Objects (GPO)?

This and other like minded topics would make for some great conference talks
or mini-workshops. That kind of practical knowledge is something that you
can readily implement on your networks. The example of GPO's is but one
small one. What it exemplifies though is that there is a definite gap in the
market. Missing today on the network security conference front is that of
practical knowledge. It is not everybody who can attend today's cutting edge
security conferences and actually walk away having learned something. Was it
me being asked by an employee to attend a conference today, I would have a
few questions to ask. What is it that you are going to get out of it, and
just how will it benefit our network? If the answers aren't there, you're
not going. Practical knowledge is where it is at.


Don Parker, GCIA GCIH, specializes in intrusion detection and incident
handling. In addition to writing about network security he enjoys a role as
guest speaker for various security conferences.