Over on Security Focus Don Parker posted an article about Security conferences versus practical knowledge:

Link: http://www.securityfocus.com/columnists/449

I did a pretty lengthy post about it on my blog but to sum up my argument:

"being able go back and make a change or implement something new on your network after a security con attendance is a poor metric to judge a conference selection of speakers or the value of the conference or of conference attendance. The value of a security conference is more than the talks and beer drinking (both important parts though) that can be done at the conference. The inspiration to do/learn more, exposure to new concepts/methods, and networking with like-minded individuals can pay dividends later as well."

anyone have any thoughts on the article?

ChrisG sums up the reasons to attend SecCons very well, but I'm not sure about the direction Don's piece takes.

I enjoy reading Don’s articles; the piece is very practically focused, but doesn’t place much faith for either the attendee or their boss.
Having the return of investment in immediate terms from a security conference is a great management deliverable.
In English: Your boss sends you to the course, losing you for that amount of time plus spending a big wad of money on the entrance fee. He expects back something useful which makes his life easier in someway.

It's fun and challenging pushing myself by learning different topics and areas, but if I want to go other conference, they have to be of value to me and my employer.

If you are lucky enough to get sent to get to pick the conferences, would you waste it on fields that have only a slight bearing on your interests?
My question is how could you explain that going to talk Oracle programming issues if you’re a Windows Systems Admin working a pure Ms environment and no Oracle systems in sight?

I like the idea that some security cons should be more hands on but a lot of that level of training is now on line or for the same money as some of the cons, I can go to actual training. Training which would be directly relevant to that skill requirement.

If security conferences are the new company funded junket, then I'd like to work for one of those companies with the money to burn! :-)

I personally would see a con as somewhat of a perk if your employer is paying for your ticket and expenses. A con ticket can cost the same amount as a one week training course and an employer is much likely to see a course as a better return on their investment in you. Check if there's a training budget, see what your entitled to an pitch your case for attending a con instead.

If you want to build up some trust ask to attend a one day, free event on the company's dime and be prepared to come back and present what you've learned to your colleagues. This way not only does your employer see the benefit you've gained but you get to share this with your co-workers and that helps build your reputation within the team.

Regards,
Jim