Looking to spend training money today and usually I get one conference a year (in theory, nobody told me I had this "benefit" until this year and only because I questioned "Hey boss, how come you got the government to pay for training in NYC even though it was available local and it magically corresponded to the same time your freshman daughter was starting NYU" ... :) :/ ... anyways I used to be a pretty prolific conference goer in the past but towards the end (why I stopped going) was starting to get super disillusioned as they all were either:
1: Aimed at lowest common denominator (i..e wannabe hackers, kids new to the field, sales and marketing people) [thinking of you Defcon, Notacon, Rubicon, Usenix Security Symposium)
2: Glorified vendors sales events or training boot camps in disguise (thinking any SANS, ISC, ISACA, Blackhat, Shakacon, etc. events)
3: Blue Sky aimed at PhD and graduate program folk, researchers, etc (thinking ACM, IEEE, lots of Federal/Private joint conferences [i.e. NSA + DARPA + Intel lets say]). I also include any conference where the majority of fucking talks or presenters are from universities or government labs.
4: C Level / Senior events [let's have lots of industry leader CIO's, 2 star admirals, and Federal Agency CIO's get together and make political speeches pimping themselves masquerading as sessions]
5: Regardless all are very Linux or Programming heavy though 90% of the real world is Windows or enterprise point + click applications.
I remember the biggest disappointment I ever had which exemplifies this USENIX LISA (large installation system administrators) and all the talks were either "How to use cfengine to manage 2000 identical 1U servers in my data center" or "This is how I use a perl script to modify my RAID5 controller" or even worse "How to use WSUS") ... look dude when I read "large fucking installation system admin" I hear "Hey I'm the senior fucking system admin at a organization with 3000+ workstations spread out around various branch offices around the world and this is how we effectively do shit like patch and configuration management on a workstation in Africa over ISDN even though the local manager doesn't support us and the local IT support constantly root the box and undoes everything we do because he can and doens't like us" or "This is how to provide support and meet our HIPAA goals even though the director is a doctor and refuses to let us encrypt his travel laptop even though he stores patient info on it" .. you know the real fucking world and daily god damn grind of actual system administration is a non academic or research environment.
End of the day all these are mostly just an excuse (IMHO) for free travel (i.e. don't even go to the conference, just get your company to pay for it), subsidized alcohol (i.e. go drink with random ppl you met bored at conference while on per diem), etc. Really the only value is maybe, IF YOU ARE LUCKY, random hallway conversations or you run into somebody you knew from long ago ... even more rarely you might even have one good session in the whole damn event.
So what I'm curious is anybody know an actual security (or hell even a system admin) conference aimed at the folk that actually do the work day in and day out, i.e. O&M; not engineering, not researchers, not academia. Like "Hey a lot of us have to fucking deal with PCI DSS and asshole managers that refuse to supervise so this is how we engineered around it" or "Let's look at Tivoli v. SCCM v. shit loads of other tools and how much it pisses off users" or even better shit like "In a 24x7 environment what sort of user nagging, popups, reboots, etc is most effective without pissing off management so much they fire you" ... i.e. real fucking conferences where, instead of papers, etc similar folk can get together and talk about the real world and compare various approaches, successes, failures, etc. Sure it's not cool or sexy but fuck it would be useful even if nothing but bitch sessions so you know you aren't the only one. #usenix #sans #conferences