November 22, 2019 By Christophe Veltsos 6 min read

You haven’t been this excited in a while — the more you read about this cybersecurity conference, the topics, the speakers and the venue, the louder your heart beats. “I can’t wait to be there,” you think to yourself. And then your feet touch the ground, and you realize it’s not a done deal quite yet. First you need to get your boss’ permission, and with the amount of work everyone has to get done and the budget being what it is, getting to that conference will likely take some convincing.

Here’s how you can make your case.

How to Pitch Your Cybersecurity Conference Idea to Your Boss

In security, we often need to sell others on the value we bring to the business — or at the very least, remind them of it. Pitching the value of attending a professional conference isn’t all that different, so be sure to connect the dots between the conference and your work. Attending could help you learn new skills or improve existing ones, and you might learn about some of the latest threats and new technologies to help mitigate them. For example, you could discover updated incident response tools that leverage artificial intelligence (AI) to improve speed and accuracy, or you might learn a few lessons on how to secure containers.

Preparing a strong argument for why you should be sent to the conference can be a worthy investment of your time if it helps you demonstrate how attending could benefit your organization as well.

The ROI of Attending a Conference

Many conference organizers are keen to help potential attendees prove the value of attending their events. For example, the organizers of the (ISC)2 Congress cybersecurity conference that took place in October 2019 crafted sample justifications letters for the conference and the pre-conference workshops. As you craft your own justification letter, be sure to point to the topics being presented that you know will be important to your organization today and in the near future, the quality of the conference, and the keynote speakers. For instance, I recently had the opportunity to see Captain Sully deliver a memorable keynote message perfectly adapted for the cybersecurity community. Also, don’t forget to include a ballpark estimate of the travel and conference costs.

Finally, it can’t hurt to mention that you’ll be happy to provide a debriefing of the sessions you attend — simply making that statement can help reassure management that you’ll actually attend the conference instead of lounging by the pool or the seashore.

Your presence at this conference must be in alignment with the value that your organization will receive from sending you there. For your organization, sending you would be a business decision, so that value has to be shown and supported as best you can. If your initial read on the situation is a toss-up, spend a bit of time now reviewing the list of topics covered and making a list of the sessions you would attend. Append that list of sessions to your justification to prove that you have done your homework and would take the investment by your organization seriously.

Making the Most Before You Go

If you get your green light, the game is on. Soon, you’ll head to that conference, attend some interesting sessions, take good notes, make new connections with other members of the cybersecurity community, and bring value back to your organization. Tending to the following points should help you and your organization derive that extra bit of value.

Make a List and Check It Twice

You may have already created a list of the cybersecurity conference sessions you plan to attend as part of making your case, but the schedule of events may have changed between when you first reviewed your agenda and the conference itself. Consult the most up-to-date schedule to see if there are any new sessions or speakers that should be on your must-see list. There should be something for everyone on your list: something for you, something for your team and something for your organization.

Remember to block off a bit of time to check in with yourself. This may be especially important for introverts who need a bit of time away from crowded events to recover — and check work emails.

Leverage the Benefits of a Mental Shift

An often undervalued benefit of attending a conference is simply being away from your workplace. Under normal conditions, soon after we wake up we start thinking about work, and the autopilot engages. It steers us through our breakfast, the commute, parking, greeting co-workers and waking the computer to start our work. The problem with this routine is that our minds are conditioned to be in work mode instead of being in learning mode.

Preparing to go away to attend a cybersecurity conference can alter our normal mental state for the better. We’re in learning mode — ready to travel to another city, navigate hotel and conference venues and take on what comes next with an open mind. Being in the going-to-a-conference mindset puts us in the right mode even before we’ve arrived at the venue.

Making the Most During and After

Since you already know which sessions you’ll be attending, you can relax a bit and plan on making the most of being there. Before you leave, don’t forget to take a notepad with you so you can record the insights you gain and any questions you formulate. To make the most of your time when you’re there and when you get back, I recommend tagging your notes as belonging to one of four categories:

  1. To-do — Something that you need to do or follow up on, perhaps right after a session, later that day or as soon as you get back to work. Make sure this tag is easy to see when you review your notes.
  2. For now — Denotes something that you tagged as being relevant to what’s going on at work this week, this month or this sprint.
  3. For later — To denote something that can wait until perhaps three, six or 12 months from now.
  4. For others — To denote a piece of information to be shared with others rather quickly because you’ve deemed it relevant to them.

To derive full value from the conference — both for yourself and for your organization — be sure to review your notes periodically. Unless we apply the new information we come across at the conference, we will likely forget about it after several days, so schedule some “spaced repetition” time for reviewing new material, including your notes and action items, in gradually increasing intervals — for instance: now, two days later, four days later, etc.

Making the Most If You’re Going as a Team

If there are going to be several attendees from your organization, set a rendezvous point toward the start of each day so you can sync up and review who will attend what sessions. Since so many conferences have multiple parallel tracks, it may be most effective to split the coverage among members of the team. Another possible approach is deciding to have more than one person attend some of the more important topics so you can extract as much information from those sessions as possible.

When a Conference Budget Is Not in the Cards

Even if this is a spot-on conference, the organization, your department or your particular team might not be in a position to pay what it would cost to send you there this year. Dealing with this let-down can be tough, especially if you could already see yourself walking the hallways of the conference. Still, you should be able to take some comfort in knowing that you built a strong case for the value of attending.

To improve your chances of going next time, it might be worth reflecting on why it wasn’t in the cards. Did the organization send someone else instead, or was everyone else similarly rebuffed. Or was it the conference itself? Is there another event that the organization would be more amenable toward?

If the issue was cost, consider offering to pay for a portion of the travel costs. You might also make a pitch for being a speaker at that event next year, as many conferences waive the conference fee for speakers. Another benefit of going the speaker route is that it opens the door to the speaker room, where you’ll likely have great discussions with fellow speakers.

Even if you can’t attend the event this year, it’s never too early to start building support for next year. Remind your organization that employees value learning — and there’s a lot of evidence to back that claim. When LinkedIn surveyed the benefits of learning, they found that employees reported the opportunity to learn and grow as the No. 2 reason that inspires them, makes them happy and makes them want to work harder, with the first being the nature of the work itself. If the budget is too tight to send personnel to conferences, consider engaging with your bosses to find ways to support and encourage more learning at work.

For those who get the green light, make the most of this time away from work, which should be a time for learning, growth and making new connections. Just don’t forget to review your notes when you get back.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today