The Falcon's View

Before talking about why I think we may be starting the down-swing (to a stasis point), let's first examine why this movement started. In my mind there are three main reasons why we've seen a spike in small(ish) regional cons:

1) Economic Limitations: With a down economy, the travel dollars simply don't exist. Local events flourish in this environment, especially when they're low-cost.

2) Perceived Loss of Value: The major conferences are suffering from a loss of perceived value. Lots of familiar faces talking on familiar topics at the big venues leave folks wondering "why go to that conference when I can just see the replay online?"

3) General Sense of Frustration: As I've noted elsewhere, there is a general sense of frustration with the major cons. In particular, many speaking slots are bought and paid for by sponsors, reducing the number of "earnest" slots. Combine that with the maintenance of high cost tickets, and people are more than a little fried on the old con circuit.

Bearing in mind these drivers, I think that the movement that has created a ton of these small regional events is starting to reach a point of self-limitation. Specifically, I'm starting to see the following issues as we actively plan events:

1) Market saturation. We've seen a glut of regional conferences and, while this is potentially great for giving new voices a place to speak, in reality we're seeing a lot of the same speakers popping-up. There are now just too many darned cons. Has this situation arisen because certain speakers are popular, because new speakers are too timid to try out a talk, or some combination of the two? At any rate, we need to wary of simply having the same people giving the same talks over and over again.

2) Sponsor saturation. Another problem with a spike in the total number of cons is that sponsors are getting hammered with sponsorship requests. We're now starting to see a couple situations that will eventually cause some cons to die. First, some of the more successful movements have formed "global sponsorships" that make a number of common sponsors off-limits to local fundraisers. This situation can work-out amicably if the central org helps fund the local event, but can nonetheless be frustrating for organizers. Second, demonstrating ROI to prospective sponsors is more difficult. Why should they talk at your small local con and not at a larger national con with a bigger draw? And, depending on your flavor of local con, you may not have any allocated vendor space (for booths or demos). If you're asking vendors to sponsor an event, there needs to be a solid value-add beyond "being part of something cool."

3) Echo chamber. As already noted in other places, we're seeing the same people over and over and over and over and over (...) again. I'm nauseous. Hey, nothing against some of these "big name" speakers, but hearing the same talk a half-dozen times in a year is kind of a waste... where are the new voices?

4) Off target. Who's the audience? Are we really gearing up 2 dozen security conferences each year just for security people? Where's the value in that? I have a better idea. Write a book. Get an advanced degree and teach at university. Focus time on community projects, such as tools or guides for OWASP. In terms of long-term value, this would be far more useful.

The ecosystem can only support so many conferences, after which point Darwin's principles of evolution take over. Which will survive? Which will fail? I submit that the number of failures will far exceed the number of successes. We've seen a strong movement creating new opportunities, and yet I don't feel like the community is taking full advantage while they can. Moreover, it's time we stop just growing this movement within the security industry and expand it out into the rest of the business world.