« Thoughts for OWASP Consideration... | Main | A Fictitious Story (Shmoo+Snow=Conspiracy!) »

Diminishing Returns on Small Conferences?

I'm currently actively involved in helping plan Security B-Sides Austin 2011, which will be Austin, TX in March (see here for more info). As I go through this process with my cohorts, I've had a few thoughts occur that suggest we're perhaps reaching the crest of this wave of small conferences that have popped-up everywhere.

Before talking about why I think we may be starting the down-swing (to a stasis point), let's first examine why this movement started. In my mind there are three main reasons why we've seen a spike in small(ish) regional cons:

1) Economic Limitations: With a down economy, the travel dollars simply don't exist. Local events flourish in this environment, especially when they're low-cost.

2) Perceived Loss of Value: The major conferences are suffering from a loss of perceived value. Lots of familiar faces talking on familiar topics at the big venues leave folks wondering "why go to that conference when I can just see the replay online?"

3) General Sense of Frustration: As I've noted elsewhere, there is a general sense of frustration with the major cons. In particular, many speaking slots are bought and paid for by sponsors, reducing the number of "earnest" slots. Combine that with the maintenance of high cost tickets, and people are more than a little fried on the old con circuit.

Bearing in mind these drivers, I think that the movement that has created a ton of these small regional events is starting to reach a point of self-limitation. Specifically, I'm starting to see the following issues as we actively plan events:

1) Market saturation. We've seen a glut of regional conferences and, while this is potentially great for giving new voices a place to speak, in reality we're seeing a lot of the same speakers popping-up. There are now just too many darned cons. Has this situation arisen because certain speakers are popular, because new speakers are too timid to try out a talk, or some combination of the two? At any rate, we need to wary of simply having the same people giving the same talks over and over again.

2) Sponsor saturation. Another problem with a spike in the total number of cons is that sponsors are getting hammered with sponsorship requests. We're now starting to see a couple situations that will eventually cause some cons to die. First, some of the more successful movements have formed "global sponsorships" that make a number of common sponsors off-limits to local fundraisers. This situation can work-out amicably if the central org helps fund the local event, but can nonetheless be frustrating for organizers. Second, demonstrating ROI to prospective sponsors is more difficult. Why should they talk at your small local con and not at a larger national con with a bigger draw? And, depending on your flavor of local con, you may not have any allocated vendor space (for booths or demos). If you're asking vendors to sponsor an event, there needs to be a solid value-add beyond "being part of something cool."

3) Echo chamber. As already noted in other places, we're seeing the same people over and over and over and over and over (...) again. I'm nauseous. Hey, nothing against some of these "big name" speakers, but hearing the same talk a half-dozen times in a year is kind of a waste... where are the new voices?

4) Off target. Who's the audience? Are we really gearing up 2 dozen security conferences each year just for security people? Where's the value in that? I have a better idea. Write a book. Get an advanced degree and teach at university. Focus time on community projects, such as tools or guides for OWASP. In terms of long-term value, this would be far more useful.

The ecosystem can only support so many conferences, after which point Darwin's principles of evolution take over. Which will survive? Which will fail? I submit that the number of failures will far exceed the number of successes. We've seen a strong movement creating new opportunities, and yet I don't feel like the community is taking full advantage while they can. Moreover, it's time we stop just growing this movement within the security industry and expand it out into the rest of the business world.


TrackBack URL for this entry:

Comments (1)

Marisa F:

A lot of what you've said resonates with me as a con promoter. I think there's a lot of slashed travel budgets these days. So while those of us that do get to see multiple cons a year do see the same talks over and over, its the locals that benefit from the speakers doing the "talk circuit." The cons are getting smaller, but they are a good place for local security people to meet that aren't in the corporate ISSA/NAISG club, if there is one.

BSides Austin seems to be really blazing a trail in the ways that you've mentioned with audience and topics. Keep up the good work! I'm adding Austin to my con list this year because it looks like its going to be completely different than anything else out there.

Post a comment


This page contains a single entry from the blog posted on January 24, 2011 3:13 PM.

The previous post in this blog was Thoughts for OWASP Consideration....

The next post in this blog is A Fictitious Story (Shmoo+Snow=Conspiracy!) .

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.