Dailydave mailing list archives
Re: Knowledge Transfer
From: the grugq <thegrugq () gmail com>
Date: Tue, 14 Jun 2016 21:24:35 +0700
I said my piece about infosec conferences years ago. http://grugq.github.io/blog/2014/05/11/the-episode-17/ <http://grugq.github.io/blog/2014/05/11/the-episode-17/> I think the value in cons is in the networking and the idea generation. That doesn't always come from the talks. At the same time, I think things are improving now, there is better knowledge preservation and sharing than before. When I first started speaking at cons no one was taking videos and few even bothered to archive the slide decks. These days videos of the talks are out, along with slide decks, and frequently even white papers, shortly after the con (sometimes even during the con -- CCC, HITB, etc). This is good because it allows people to find something interesting, learn about it at their own pace, and build their knowledge base themselves (if they're so inclined). It is particularly useful for people who live on the far side of the world and can't make it to as many conferences as they would like *cough* *cough*... The down side for speakers, though, is that conference taping is kill the con speaker circuit. A decade ago it wasn't unusual to invest time into preparing one talk (hopefully a good one) and then present it at several different conferences that year (Security Vacation Club, represent!). It is a lot harder to do that these days because the first presentation of that talk is probably online somewhere and there is not much incentive for the CFP committee to select a talk that anyone can catch on YouTube. I think this is a bit sad because it means that the talk doesn't get refined and improved through audience feedback (INFILTRATE is one of the few (only?) cons that directly addresses this problem, AFAIK). I also think it is sad because it further incentivizes speakers to "save up" for the best con they can hope to get into. This means less networking with other people in the community because the speakers attend fewer cons. I am not even doing to touch on other problems such as how, as a community, we don't do much peer review of presentations; we don't archive and preserve the knowledge that does get shared; we don't have anyway for academics (or anyone!) to easily cite our work, or search it, or otherwise explore what the state of the art actually is, or what the real problems are, etc. etc. Infosec needs librarians badly. Conferences are a terrible way to preserve (or transfer) knowledge. Twitter is in many ways even worse, and yet that's where a lot of the public information on current infosec theory and practice is being debated and formulated. As an industry we're plagued by these ephemeral mediums. These issues are things that the industry will need to address. Now, if you'll excuse me, I'm going back to Twitter to post GIFs, and continue being part of "the problem with infosec!!" cheers, —gq
On Jun 3, 2016, at 22:53, Julio Auto <julio.auto () gmail com> wrote: Also prompted by (and arguably relevant to) the same point: https://twitter.com/thegrugq/status/738334152513048576 <https://twitter.com/thegrugq/status/738334152513048576> Julio Auto On Fri, Jun 3, 2016 at 10:40 AM dave aitel <dave () immunityinc com <mailto:dave () immunityinc com>> wrote: From Spender's recent Keynote <https://grsecurity.net/SSTIC2016.pdf>: """ Conferences poor method of knowledge transfer Good method of making audience feel “knowledge” transfer Accept that it’s basically show-and-tell, that understanding of a topic requires more than an hour, sometimes with weeks/months/years of background knowledge """ As someone who helps run INFILTRATE <http://infiltratecon.com/> I want to point out that while I totally agree that conferences can be hard to use as knowledge transfer mechanisms, that they are getting better. In particular I want to point people towards this very long piece on how everything connects together, especially those of you who attended INFILTRATE: <http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html>http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html <http://cybersecpolitics.blogspot.com/2016/05/the-common-thread-fuzzing-bug-triage.html> This is also true of training: I'd love to find a way to offer a continued education series based on the INFILTRATE classes. And I have another post coming out to connect more dots from INFILTRATE 2016 shortly. But Spender is right: Conferences, a mainstay of our community, can be too much about show and tell, and not enough about scientific progress. (That said, I think INFILTRATE is the best among them in that regards, of course. :)) And we ARE offering the INFILTRATE training again both in NYC and (strangely enough!) Columbia MD <https://twitter.com/Immunityinc/status/738404651712798721>. -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com <mailto:Dailydave () lists immunityinc com> https://lists.immunityinc.com/mailman/listinfo/dailydave <https://lists.immunityinc.com/mailman/listinfo/dailydave> _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Knowledge Transfer dave aitel (Jun 03)
- Re: Knowledge Transfer Julio Auto (Jun 03)
- Re: Knowledge Transfer Sean Wilson (Jun 09)
- Re: Knowledge Transfer the grugq (Jun 14)
- Re: Knowledge Transfer Konrads Smelkovs (Jun 09)
- Re: Knowledge Transfer Julio Auto (Jun 03)