Employee responsibility at conferences

In a recent article about security conferences over at Security Catalyst, Andrew Hay spoke of how sending employees to security conferences can be very valuable to the employer.  He pointed out that the "field of security is a constantly evolving entity" and how security conferences can help security professionals stay up to speed.  And I totally agree with Andrew on these points.  However, one thing I did not see is the responsibility of the employee while attending these conferences.  And while I understand that this was not the point of the article (and Andrew might be planning on adding that later in the series), I think it is a very important point to make.

I have attended several security and general IT conferences in my 15 years in IT and security.  And luckily, most of those have been payed for by my various employers.  My last employer was a health care provider that, as an organization, recognized the absolute necessity of conferences because medical professionals needed continuing education to remain current in their fields.  When I told them that I also needed continuing education to maintain my security credentials, the case was immediately made, and I got the funding.  And when I went to those conferences, I recognized that I had a responsibility to my employer.  I attended classes.  I networked.  I talked to other professionals to learn tips and tricks.  I came back more informed than when I left.  In short, I wanted to provide value to my employer since my employer footed the bill.

This is the responsibility of the employee to which I am referring.  If the employer is spending the money, the employee should come back smarter than when he walked out the door to take the trip.  The employee should not go to the conference and stay in the hotel room until noon and then go to a single session and then eat and then drink and then go back to sleep.  The employee should be taking advantage of his employer's generosity to make the most of the sessions and the other security professionals attending the event.

I am not saying that employees should not have a good time at conferences.  In fact, any conferences that are worth their salt will have some entertainment value.  But I have seen too many people who I knew were attending on the company dime simply treat the event as a vacation by getting drunk every night and sleeping until past lunch the next day.  They would attend MAYBE one session each day, and that was more or less to get a check on a sheet that showed they did something. 

This was really driven home to me when I attended the 2005 Texas Regional Infrastructure Security Conference (TRISC) in Austin, TX.  Ray Semko presented at that conference in one of the keynotes (his presentations are definitely memoriable), and one of the small but sharp points he made was that if your employer had paid for your attendance, then you owed your employer.  You needed to wake up on time, you needed to be at the keynotes, you needed to be at every session possible.  In short, you needed to put in the time.  And though it was very much a side point of his general presentation (Semko deals in tangents a lot), it made a very deep impression on me.  Unfortunately, it did not make an impression on those who were not attending his presentation because they were asleep.

Mr. Semko's point should be taken seriously by anyone attending conferences that have an employer that picked up the tab (even part of the tab).  And in today's economy, it is even more important.  Be thankful.  Be responsible.  And always be learning (a little play on Glengarry Glen Ross for the sales people out there).  You owe you employer that time and effort.

Copyright © 2009 IDG Communications, Inc.

Shop Tech Products at Amazon