In my Security Congress 2021 blog series I've already written up each day of the conference. The purpose of this post is to discuss how I actually found the online only conference experience and I hope it's useful to those considering attending events online.
Cost and value
To attend Security Congress I paid $449 (about £325) for an early access ticket which gave me access to all conference areas. Some will think that's expensive although depending on the conference, and how early you purchase the ticket, that seems fairly normal based on my previous research. When it comes to expenditure it's all about perceived value, and considering I spend around £200 on fountain pens and ~£230 on my keyboard it really depends on the value you place on something. In my case I was eager to attend a conference, having not been able to due to the pandemic, and was keen to further my career development. To that end Security Congress seemed a good fit, especially given I'm an (ISC)² member.
That said, I do acknowledge that I'm privileged to have sufficient disposable income to enable me to attend conferences (and buy pens / decent equipment).
I've said that whether or not a cost is worth it depends on value and I want to expand on that a bit. If I'd attended this conference in person I'd have managed to attend eighteen sessions based on my itinerary, plus a couple of careers advice appointments prior to conference kick off on days two and three. My cost of attending would also have been significantly higher (flights to Florida, USA plus hotel and food). I probably wouldn't have attended in person as factoring in the time lost (travel) and additional cost it wouldn't have been worth it for me. A more local conference probably would have been.
Now, considering I attended online the value of this conference goes up. Obviously I could attend the two careers advice sessions and eighteen sessions but the value increases due to recordings. Clearly I couldn't be in two places at once so I missed out on some great looking talks where sessions overlapped. (ISC)² make the session recordings available for a year, with CPE credits available to (ISC)² members until 31st December. As a result I can gain the benefit from the talks I missed and, personally, I find that extremely useful.
So, from a value perspective I'd say Security Congress 2021 ticked the box ✅.
Navigating the conference
In my experience of similarly sized conferences (like Infosecurity Europe that I reviewed back in 2018), you walk in to the venues and you're bombarded by sounds of other attendees (and possibly jostled by people as they move past you) and then have to find the session you want to attend. Exhibit halls are then huge and potentially difficult to locate the vendor you wish to visit.
For someone that doesn't like crowds of people, attending online was ideal. I'm also someone that gets lost very easily (it's somewhat of a family joke / legend). On entering the virtual lobby (below) it was really clear where to go, with banners to click to access the sessions, exhibition hall, help desk and networking events. Event sponsor logos were displayed (advertising is normal at such conferences, and this was unobtrusive) along with photos of the keynote speakers and highlights of the fun events on offer.
Planning an itinerary
Usually I'd plan which talks I wanted to attend based on the programme available prior to the conference, and Security Congress was no different. Lists of the sessions were available as far back as August (when I actually started planning) but the itinerary builder itself was only available from 4th October. I would have liked that to have been available sooner but, as I'd already planned in a spreadsheet I could just transfer over to the provided system.
Once in the itinerary builder I was really pleased to see I could change the time zone. The conference was running on Eastern Time (ET) as it was based in Florida, so a five hour time difference. Given I was still conducting my normal family life during the conference it was very helpful to be able to switch the conference planner to British Summer Time (BST). Thank you to whoever designed the system for making that so easy.
I decided I'd search for one of the sessions I'd planned to attend, which should have made it quicker to build my itinerary. Sadly the search was not as well designed as the time zone switcher, and my search for "what to read" (for the session "what to read after you certify") returned all sessions with "to" in the title, name ("Tony") or description. Not so helpful.
Once I'd built my itinerary though it was very easy to use, allowing me to also add appointments to my Google Calendar so I could see my whole day at a glance. From the same screen I could click a button to join the session, launching the streaming window, and take the evaluation for the session. Additional resources were available for some talks and these could be downloaded from here too (very useful in some cases).
In session options
Once in the session the screen was neatly divided into areas:
- Session info - a reminder of the session topic and speakers
- Chat - between conference delegates and staff
- Questions - that can be put to the speaker
- Resources - copies of the slides, for example
- The video feed
- Notes - an autosaving text area for your own notes
- Transcript - automatically generated transcript for the hard of hearing
Fortunately each of these sections could be hidden, and certainly the chat was a distraction at points so for the most part I turned it off. The chat seemed to moderated to a point, both by staff and delegates who would remind you to be polite and reference the (ISC)² code of conduct.
Asking a question was a nice touch, and session moderators would ask questions at the end of the session if the speaker hadn't seen the question themselves. Delegates could up-vote questions which was useful.
The automatic transcript was pretty neat and, while not 100% accurate, was close enough that you could get a good understanding of what was happening. As regular readers will expect, I didn't use the notes area, instead preferring to write my notes by hand, but I did test that the notes would be sent by email at the end of the session (they were).
Thank you for attending Human Security Engineering: A Strategy to Address "The User Problem" on October 18, 2021. This follow-up email contains a summary of the available information from that session.
The text below is the contents of your Digitell Live Events Platform notepad at the end of this session:
This is just a test note, as I'm taking notes via pen and paper so I can use my lovely fountain pens .
Initially we were subjected to attendance checks that would occur randomly during the session. A bell would ring and a pop up would, er, pop up, asking you to confirm you were still watching. I didn't mind these, but many delegates took offense. Conference staff took the feedback on board and disabled the checks fairly early on.
I didn't actually visit any of the vendor stands, largely on account of not having a budget to purchase any of their products with, but I did "pass through" the exhibition hall in order to reach the career centre. I also took a quick look at the bookshop and noticed the prices weren't particularly competitive which I found interesting. That said, much like motorway service stations perhaps a captive audience == higher prices?
Considering the career centre, there were some really handy resources both in terms of presentations and downloads. I've watched a few of the presentations and the content has been useful, however, if you clicked off of the video playing window (to make a note or check your itinerary) the video would pause. That was really annoying. It was also not possible to see how long the video was so it was a bit of a gamble to see if you could fit one of the videos in between sessions (the number of CPE credits was listed, which gave a rough guide).
As I mentioned in other posts in this series, side conversations are not possible via video chat and that's probably the biggest drawback for attending online. While delegates could talk to each other via text chat in the sessions it was not possible to talk 1:1 (or if it was that was not obvious). Networking at events in the past has led to me getting speaking and lecturing appointments, so there's a demonstrated benefit to networking. Not something (ISC)² can fix easily though.
Workshops and side sessions
I've covered the careers advice sessions in other posts and these were by far the most useful side sessions for me. I'd consider the mentalist show a side session too and that was a good bit of fun, although if there'd been a talk on at the same time I'd probably have attended that instead.
At other conferences I've found workshop sessions useful, where the speaker essentially facilitates discussion among delegates who in turn share their experiences. It would have been nice to see something similar at Security Congress, but see my above comments on networking.
Windows hasn't been installed on my personal computers for years  which meant my options were Linux (Ubuntu or elementary OS), my Chromebook, or borrowing my work laptop. I had no deisre to use my work laptop (didn't want to accidentally look at my email!) so used my elementary OS laptop most of the time. I'm pleased to say that, for the most part, that worked fantastically - kudos to (ISC)² for picking a conferencing platform with wide system support.
Sadly the virtual networking hour didn't work on Firefox on Linux, nor Chromium on Linux. To be fair, the web site did warn that was likely to be the case but it equally said the same for my Chromebook which worked fine. Given the fact Google Meet, Microsoft Teams and Zoom all work across many platforms that was a bit of a shame.
Would I attend an online conference again? Yes, absolutely. As the world has found (re-confirmed?) during the pandemic, the Internet has massively opened up the ability to reach many many people and provides access to a lot more choice and experiences. I couldn't have justified the cost, in terms of CO2, time or pounds sterling, to have attended Security Congress in-person but would certainly consider attending it online again.
Banner image: Screenshot of the conferencing platform during the opening welcome by (ISC)² CEO Clar Rosso. It shows the chat that was going on at the side. Clar's slide says "560,000 pieces of new malware are detected every day. More than 1 billion malicious programs".
 Having gained my CISSP certification I enrolled as a member of (ISC)². To maintain my membership by undertaking continuous professional development. This can be by attending talks, reading books or even writing blog posts 😃.
 My last Windows 10 install died the morning of a LAN Party (computer gaming), and it was quicker to reinstall all of my games in Linux. I've not looked back.