/ Cons

InfoSec Conferences - Attending versus Speaking

I shoved in a speculative submission to BSidesLeeds to give a talk about web application firewalling (WAF). Here's how it went.

Introduction

In an earlier post, I talked about attending my first InfoSec event and how it effectively motivated me to start this blog, create and promote a public profile on general InfoSec things and so on. This was based on a previous experience of watching footage of Troy Hunt's 'Hack Your Career' talk at NDC Oslo in June.

The point is, these factors gave me plenty of confidence to get out there and start talking about my experiences in the space and maybe help others.

The story

When I came away from BSidesMCR in August, I considered it as being life changing and it was. Later I blogged about it. The people I heard speak, the people I met and whatnot made me feel truly part of something extremely important, potent and at the same time a part of a community. These feelings persist.

When I started the / this blog, I began to receive really positive feedback and of course that breeds confidence in the sense that my messages or thoughts aren't simple meanderings of a middle-aged bloke who's missing the point, but are seemingly both relevant and also valid. This makes me feel like it's all worth the effort.

So, when a CfP from BSidesLeeds appeared on the Twitters, I sort of felt ready to at least put myself forward. I'm not bad at public speaking, I like to think I know my onions and on that basis I threw in my talk on WAF for consideration. Having never done it before and of course only having attended my first event back in August, I set my own expectations that it probably wouldn't happen, but it was worth a go.

The deadline for responses to the CfP passed with the notifications to successful applicants due on November 17th. That date passed. Nothing. I contacted one of the organisers to chase things up and was told they were still working through the responses - fair enough.

Finally, on the 26th, I spotted a couple of Tweets from successful applicants, so the word was finally getting out to those who'd applied.

Then I got my email. It was bad news. On this occasion I'd been unsuccessful. I took it on the chin, because hey, as I said, it was probably a bit of a stretch to go from attending my first event, to speaking at my next, especially within the space of only five months.

That said, I went about seeking feedback and I'm happy to report that it was both very forthcoming and very encouraging.

bsidesleedscfpresponse

So, essentially my abstract was on the thin side and as you can see, had I fleshed it out just a little more (as I did in my response to their response), I may well have been accepted.

The feedback was incredibly useful, because I wasn't a million miles away from the target and left me feeling nowhere near despondent and actually more fired up to get it right next time and rock a stage somewhere.

Conclusion

I'll still be at BSidesLeeds in January, as a delegate and I'll still enjoy it as much as I would as a speaker. This is because I expect it to be every bit as wonderful as BSidesMCR was; meeting great new people (as well as hopefully people I already know!), hearing and learning new things and just feeling the positive vibe that the BSides conferences breed.

I went into my application to speak feeling good. It was speculative after all. I didn't feel down when I wasn't selected and felt even more positive after the feedback I received.

I intend to keep blogging, doing the things I'm doing and certainly polishing up my pitches to future conferences.

With any luck I'll be bringing my roadshow to a conference you're at some time soon, but in any event, I'll see you there as simply a member of an awesome community.

Thanks for reading.

Mike Thompson

Mike Thompson

InfoSec pro, trying to keep the baddies at bay. Observer, pundit, helper, public speaker and blogger. Views my own. One of @TheBeerFarmers 🍻

Read More