Events of various sizes have announced a shift to online participation. Some remain paid for events – the huge AI CogX conference has announced at minimum an online conference, with a physical supplement should the event be able to run in June 2020. Regional BSides chapters (most recently Atlanta) have successfully launched virtual events. A number of relevant events have moved online – or have been organized from scratch).
Perhaps the appetite for this trend can best be displayed through the rapid (within a week) organization of ‘PancakesCon 2020: Quarantine Edition’. Spearheaded by established Dragos practitioner Lesley Carhart, the event provided a multi-track live-stream with introductory talks targeting junior analysts and students. The day-conference welcomed over 3000 attendees, and over 1000 competitors to their virtual ‘learning village’ capture the flag event.
PancakesCon neatly demonstrates that virtual events have much lower execution barriers – no physical premises rental, and fewer things to manage when it comes to logistics. This has seen a swift emergence of additional new online-only information security events.
Positive aspects to this shift
These advantages are often even more significant when looking at international events. Imagine the benefits of not having to go to Las Vegas for DEFCON or Black Hat, but instead being able to sit at home and remotely log in to see keynote talks live-streamed, engaging with speakers and attendees through live Q&As. You don’t have to leave your current location (and potentially your family), deal with jetlag, or deal with any of the carbon-footprint, visa applications, and financial costs of travelling and accommodation.
Beyond the benefits to practitioners mentioned above – those who might usually attend in-person events, there are three (occasionally overlapping) categories that are likely benefit from a shift to online engagement.
Greater access to colleagues previously excluded from attending
There are a number of constraints limiting a potential attendee’s ability to engage with physical events. One often non-negotiable barrier are visa restrictions, which have long disadvantaged scholars and practitioners from parts of the world that face enhanced stringent security processes for visitor visas.
With the majority of global-leading conferences concentrated within a few locations (for example, the USA or Western Europe), attendees are often refused access. Canada faced criticism in November 2019 after rejecting dozens of African AI researchers visas to attend the Neural Information Processing Systems conference (NeurIPS) in Vancouver (following the previous year where over 100 visa rejections were sent out for the same event in Montreal). By holding events online, this discrimination between researchers across locations is minimized to an extent; while researchers would still need reliable internet to access and stream virtual gatherings, this is a lower threshold for accessibility compared with the time, finances and know-how to go through visa application systems.
There are several other sets of circumstances which limit on-site participation, with financial constraints one prominent example. Attending a conference in a major city (such as the many annual infosec events in Las Vegas, USA) can set back an attendee close to $1000 before flights and food are considered, and for many this is an unjustifiable luxury. Virtual events remove these financial barriers that previously prevented colleagues who now don’t need to justify trips to their employers, while also removing the burden to those who manage family or caring commitments, who no longer need to take extended time away.
In this way virtual events may well prove to be an equalizing force, helping drive accessibility to all those who, through no fault of their own, do not have the privilege of non-essential travel. This inclusivity can only benefit the community as greater engagement is facilitated internationally, with resources able to be deployed in an inclusive way to a wider (and potentially larger) audience.
Engaging senior colleagues
The second of these categories are the senior management colleagues who might not have had the time to attend events, who can now schedule in workshops of interest around their other daily commitments. Information security practitioners know the frustrations of engaging senior management and c-suite executives – holding relevant, easy-to-access online discussions helps this community connect.
Particularly when it comes to open-access events (rather than closed, invite-only occasions) virtual events may increase access to c-suite level, through Q&As, collaborative workshops or live-streamed talks engaging, or given by, leaders in the industry.
Welcoming junior talent
The third main group that may now be invited to actively engage with the information security community are aspiring and junior colleagues. We often talk about the talent pipeline when it comes to cybersecurity and lament the task of engaging young talent into the hiring pipeline. This author also responds to frequent queries from those who want to enter information security but are not sure how to take their first steps into the field.
Webinars, remote conferences, and interactive online workshops can all provide welcome virtual spaces to assist those wanting to learn more. These are less intimidating than real-person events, but also allow for the introduction of key ideas and trends currently being discussed in industry forums.
As an example of how events might be designed to encourage early career colleagues to contribute, ‘free for the community’ event #GrimmCon has included a track specifically for first-time speakers, pairing them with experts to help make the leap from ‘attendee’ to ‘active contributor’ more welcoming and less intimidating. They are also hosting an ‘virtual car hacking challenge’ – allowing individuals to trial their skills against other attendees much in the way non-synchronized capture-the-flag events help users develop their skills.
Beyond current travel restrictions
There are still a number of challenges online events must contend with to surpass their physical components. Engagement might be difficult in practice when attendees have the distractions of their home environment to contend with, and networking remotely does not obviously hold the benefits of a physical networking session.
However, the importance of the information security community comes into play here – and events like PancakesCon and GrimmCon present a model of how the community can be positively extended into the online space. Time will tell how far virtual events are successful in improving engagement to interested and early-career information security practitioners, as well as senior leadership. It is undeniable that these events hold opportunities for the community to grow, and flourish, within these challenging circumstances. However the demand for information security practitioners does not look like it will decrease any time soon – so it would be prudent to drive as many engagement activities as possible.
In conclusion, the recent shift to remote and online events represents a necessary, and frequently advantageous, trend in connecting communities.. Once the travel restrictions relating to COVID-19 has passed, key stakeholders should pause for thought and consider – should events remain virtual
Amy Ertan is a PhD researcher at the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London. Amy’s research looks at the socio-technical security consequences of emerging technologies. She is a UK-Brazil Data Protection Fellow at ITS Rio, where she researches options for regulating artificial intelligence-enabled technology. Amy is also a CREST registered cyber threat intelligence analyst and has previously worked within the finance industry.