COMMENTARY: Cybersecurity has basically become a game of adapting or getting breached, and keeping up can feel impossible when the threat landscape changes constantly.
Not to mention new tools, vulnerabilities, and threat actor groups taking aim every day. Combine this with the reality that the technology we use and help to protect has advanced faster and faster, it’s essential for us to prioritize attending conferences and events, but it’s probably not for the reason most people may think.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
Yes, attendees will hear about the latest threats, see cool research, and accumulate a truly absurd amount of stickers, but more importantly they will build relationships. And in this industry, this has become important. A little help from friends can go a long way. So, what’s a better way to make industry friends?
Prioritize in-person relationships
We talk a lot about AI and automation coming to do the heavy lifting in security, but at the end of the day, we’re still in a human-driven field. For most people, their career (and let’s be real, their sanity) depends on having a solid network — people to share intel with, help troubleshoot nightmare scenarios, and grab a drink with after a long day of fighting the good fight. We depend so heavily on each other being in the trenches together, we need to connect more with our fellow defenders. It’s one of the most important ways we turn an industry, a profession, into a community.
Conferences are where a personal network builds itself; there’s no forced awkwardness required. Simply sit next to someone in a session, commiserate over the flakey Wi-Fi, or attend an after-hours event, and suddenly, new connections are made. Some of the people I met at conferences years ago, I now work with at Microsoft, and that’s been a big help when I started here a short time ago.
This industry is tiny. The same names pop up over and over, whether swapping intelligence, collaborating on a project, or just running into each other at different companies over the years. Conferences offer a chance to build those relationships before they are needed. Yes, there are endless learning sessions and CE credits to rack up, but the real value is in the doors that open by investing in the community. As social connections get more and more atomized in our digital world, we need this in-person time to get a lot of real work, and real trust-building done.
The trust factor
Our industry is built on trust. We depend on each other to share threat intelligence, collaborate on projects, and sometimes just confirm that yes, that threats we just observed are real and we’re not losing our minds. Whether it’s RSAC (coming up April 28-May 1 in San Francisco), Black Hat, DEF CON, or the smaller-but-mighty community events like BSides or CactusCon, in-person events allow for those conversations in a way that chat groups just can’t replicate.
Learning, development, and public speaking
Conferences aren’t just for networking — they’re also where people can level-up their skills. Hands-on workshops, red team vs. blue team exercises, and even just chatting with people who see the same problems from a different angle can offer a great deal of value. With more of the grunt-work automated by AI, how we think and what we know are more important than ever. We’re knowledge workers, so that means we need to spend intentional time actually doing that thinking to analyze and build the knowledge that we use to do the work. We’re all securing and defending different kinds of environments, so one of the best things we can do to break those silos is to build relationships and learn lessons from our friends and colleagues — before they become lessons learned from incidents in our own infrastructure.
And for those who want to become better public speakers? Do it. But also, be smart. Those new to presenting should start small. BSides or local meetups are a great way to start out before taking on BlackHat or RSA. Nervous? Find a mentor. Someone who’s been there, done that, and can help craft a talk that doesn’t just regurgitate research, but actually engages people. A well-timed joke or a spicy take on industry trends never hurts. Also, people want to hear a point-of-view, especially when combined with unique experiences. Share them.
Need a little extra help? Seek out the communications pros at the office and ask them for advice. I’ve been trained by these teams for years and it’s made a huge difference in the way I communicate. It’s important to be engaging while on stage, so focusing on learning how to do that from the experts is a valuable asset. After a session with the company’s communications team, put an original spin on it and get up there and go.
Networking opportunities
Here’s my personal take: sessions are great, but I spend much of my conference time meeting people. Because again, security is a team sport. We need to know and trust our teammates, whether they work with us now or will five years from now. We’re all fighting the same threat actors, and sharing techniques we use to defend against them can be an incredible force multiplier across the industry to disrupt threat actor activity. When we all row in the same direction, we get there faster.
That doesn’t mean skipping every session for a happy hour, but after spending the time, money, and energy going to a conference, get the most out of it. Go up an talk to people. Attend the informal side events, not just the polished keynotes. That’s where some of the best conversations happen.
It probably goes without saying, but conferences bring together everyone — from industry veterans who’ve been doing this longer than some threat actors have been alive to newcomers just breaking into the field. Some have cybersecurity degrees, while others (most of us) took a more unconventional route.
That mix isn’t just interesting, it’s essential. Defenders face an ever-changing, wildly unpredictable set of threats, and the more perspectives we have, the better we get at solving problems. Expanding our network means expanding our toolkits, and in a field where attackers are constantly evolving, that’s not just useful, it’s survival. As we saw with the Conti leaks, threat actors know each other and network, they share TTPs, code, and complaints. Defenders must do the same.
Not all conferences are created equal. For a broad industry view, RSAC and Black Hat are solid choices. For deep dives into specific topics, hit up events like CYBERWARCON for nation-sponsored threat topics or SLEUTHCON for crime actors. And, for just meeting smart people in a more casual setting, go find a BSides close to home.
For those who need to convince their bosses, make it about them and the company. Show how attending will directly benefit the work. If there are hands-on labs that align with what the team has been working on, highlight that. For those not sure how to frame it, literally ask the boss: “What’s the best way to make the case for this?”
Let them explain exactly what they need to hear to get that approval and budget. If that doesn’t work, offer to speak at event. Sometimes managers will fund a trip if someone on their team will be on stage representing the company.
What about virtual events?
Virtual events are great for just tuning in to learn or rack up CE credits, but let’s be real, they don’t replace the magic of in-person. There’s no chance for an unplanned, off-the-cuff moment — the quick hallway chats, the spontaneous lunch meetups. Some of my best connections (and actual progress on projects) have come from grabbing a bite with someone between sessions — conversations that probably never would have happened over video or chat.
Anybody serious about cybersecurity must attend the conferences. Not just to learn (though that’s a primary benefit), but to build the relationships that will sustain us long-term in this industry. The tech will keep changing. The threats will keep evolving. The one thing that stays constant? The value of great people.
And hey, worst case scenario? We'll all leave with a new T-shirt and a bag full of stickers.
Want more of my recommendations on cybersecurity career growth? Check out the Microsoft Threat Intelligence Podcast where we publish a new episode every other week.
Sherrod DeGrippo, director of threat intelligence strategy, Microsoft
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
