Something to think about... had an interesting topic come up at the OWASP AppSec APAC in Sydney recently about the value of security conferences.
Now, I enjoy the talks, the comradery, and the community around security conferences as much as the next guy but I'm starting to believe that maybe we're doing it wrong.
I can't remember who on the panel brought it up, but the question was of the actual value of a pure security conference, like OWASP for example, to the broader business community.
While the value to ourselves isn't difficult to spot for all the reasons I've already mentioned, perhaps what's interesting is the question of business value.
Management sends employees to 'security conferences' to learn something and bring it back to the organization. This is all well and good - but what value do the ever-increasing number of security conferences provide as stand-alone events?
The proposal, which I personally believe is a fantastic one, is to start to decrease the focus we put on stand-alone security conferences and start to run these types of events alongside other conferences that would otherwise have nothing to do with security.
So for example, if you're trying to spread the word of the OWASP software security community, perhaps there needs to be an OWASP track at a developer conference like JavaONE, or at a software quality conference like StarEAST or StarWEST or Quest Conference.
Think about that... here's the rub - developers, QA professionals, and business folks don't show up at security conferences... so they miss the message and we end up talking to ourselves a lot of the time.
As more and more security people "get it", we need to do a better job of spreading the word out there to the world - right? After all, isn't that why we're employed?
Just something to think about for those of you who attend or organize security conferences, and even more important to those that organize business-oriented conferences where security would never show up... why not have a 'security' track or leave room for security-related topics?
Something to think about as we try and raise the bar just a little bit...
Cross-posted from Following the White Rabbit