Cool As McCumber: Are You Being Conned?

I used to have a coat rack in my office festooned with all the badges from all the conferences, symposia, and other fora I had attended since, well, since I started leaving them on that coat rack. It was many years of memorabilia. The badges and lanyards had tabs denoting me as a speaker, exhibitor, board member, and attendee. When I was cleaning out that office to move to a new company, I made the decision to chuck them all in the trash. It’s not like I’m not going to attend any more conferences; I just realized those dozens and dozens of badges had become so much clutter.

In our profession, attendance at conferences is critical to staying abreast of rapidly-evolving technologies and to rack up continuing education credits for professional certifications. They are also the place where we nurture our network of professional friends and colleagues in those ever-so-important hallway meet-ups and hotel bar functions. However, lately, I’ve noticed some disquieting trends.

Some of the big changes have involved the rebranding many of these gathering into “summits”. In some cases, that makes sense. A summit is where senior policy makers craft a program or agenda, and a conference is where this program is disseminated to the rest of the industry. However, there are a large number of meet-ups being rebranded simply to increase the hype.

Although summits should be setting the agenda, I have seen few that live up to this requirement. Most host senior level speakers, but they are less about establishing a program. If the senior level executive is a vendor, then the focus is on selling their technology to the attendees. Senior level government personnel are there to explain and justify more government spending for their program. Senior level decision-makers in the integrator community are there promote their services. It’s not too hard to figure out the motivation each speaker has for being there.

Many promoters now require companies to become paid sponsors of their events in order to obtain a speaking slot. Thus, speakers are not vetted on the value of the presentation nor their skill as a presenter. It’s just pay-to-play: a company coughs up $20,000, and puts a product pitchman (or woman) on the podium. The attendees are thus paying their fees to attend a series of poorly-disguised sales pitches.

So before you spend your precious company funds to end people to a conference or summit, make sure you know what you’re paying for. See how speakers are chosen, and decide which ones will give you the best return on your investment. Your business development folks may get the best use of time with other sales personnel, while your techies deserve solid training not based on how much someone paid to be there. During this SecCon season, don’t get conned.


John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, e-mail