• United States




How to survive security conferences: 4 tips for the socially anxious

Apr 13, 20157 mins
CareersIT Leadership

Conquer your fear of networking and maximize your experience at the RSA conference

businessman relaxing stretching calm thoughtful 56515092
Credit: Thinkstock

One of the world’s largest security conferences, RSA 2015, is right around the corner. Beginning April 19, it’s bookended by two other great, but smaller, events: BSides and the Yahoo Privacy Unconference. Security professionals from all over the world will be in San Francisco that week, and this will arguably be the single best chance all year for those of us in the industry to network.

Sounds easy – meet people, hand out business cards, and make life-long friends and professional connections. In reality, it’s a lot harder than it seems. Networking with strangers can be difficult, even for extroverted types, so imagine how much of a struggle it is for people who are introverted, anxious, or a bit socially awkward.

I’ve always grappled with a bit of social anxiety in both my professional and personal lives. It ebbs and flows with different situations, people, and comfort levels, but it never fully goes away. It usually manifests itself through extreme discomfort when I’m in new or unfamiliar settings, and it’s often worse when I don’t know anyone. I have a tendency to treat networking events as a torturous chore, rather than a great opportunity to meet new people. However, I’m well aware that networking is an important factor in the growth of any career, and that I must contend with cold feet by channeling my inner fearless child, taking a deep breath, and just getting on with it.

If any of this resembles you, don’t let networking opportunities pass you by. From one socially anxious person to another, networking is still the best opportunity to stay connected and plugged into your profession, and I assure you, you’ll find it amazingly rewarding to connect with others. The more you practice, the more your confidence will grow. Below are four tips to make the most of RSA and other security conferences.

1) Have a plan and follow it.

Take a look at the conference schedule and choose the talks and events you want to attend. Most conferences have networking sessions, group lunches, and/or happy hours – attend these! Resist the urge, no matter how strong the pull, to return to your hotel room and watch Deep Space Nine re-runs. You have the rest of the year to do that. Make the most out your conference and attend as many events as you can.

I usually set a firm, yet achievable goal for networking, because if I don’t, I’ll inexplicably find myself alone in a corner, crouched over my phone, perusing my Twitter feed, or at the bar quietly nursing a beer. Before I arrive at any networking event, I choose a mission, such as, “Tonight I will shake hands with 20 people and trade business cards with five,” then I repeat it over and over, along with positive affirmations about my capabilities, until I’m mentally convinced that I’m ready and able. Keep telling yourself you can do it, and your mind will begin to believe you.  

Don’t ever count anyone out in your networking plan. Talk to everyone who crosses your path, whether it’s a CISO or an administrative assistant. You never know who you will end up working with — or for. Be kind to yourself as well as others.

2) Approach it from a place of giving, not taking.

This is the most important piece of advice I can give anyone, and I promise you, if you follow it, it will pay dividends for life.

You need to give.

If you approach someone trying to sell them something, spam out your business card, or look for a job, you will get nowhere. People will detect this and feel uncomfortable. When you meet someone, listen. Just listen to them. Ask questions about their work, their challenges, and what they want to accomplish. Share information about yourself and don’t be afraid to be a little vulnerable, but really concentrate on being a good listener.

If you’ve made a connection with the person, no matter how insignificant it may seem, find a way to help them. I chatted up a man I sat next to at lunch at RSA 2014, and he told me he was looking for a list of different risk management frameworks. I already had a website for this bookmarked at home, so we traded contact information, and when I returned home, I sent him the link. That’s it. It’s that simple – and we’re friends to this day.

Always be thinking of how you can help someone without receiving anything in return. The results will surprise you.

3) Put down the smartphone.

This is the hardest one, believe me. We live in an over-connected world, and I understand you need to check emails, text messages and live tweets. I’m not going to tell you to never look at your phone, only that it’s imperative to resist the urge while you’re attempting to connect with the real people standing in front of you. If you walk into an RSA after-hours event, immediately plop down on a big fuzzy chair, and start playing an RPG on your iPhone (OK, I’ve done that), you will get nowhere. This is very off-putting to those around you, and makes you appear unapproachable, which is the exact opposite of what you’re going for.

Try your very hardest to keep your phone in your pocket or purse, and just be present. I know how hard this is, and I also know the more time that passes while you are not talking to anyone, the more awkward it gets. 

If you start to feel anxious and agitated that you’re sitting all alone, looking for someone to talk to in a room full of people that all seem to know each other, try this: close your eyes briefly, take a deep breath, and open your eyes. Just focus on being exactly where you are, in the moment, without judging yourself for being alone, and without judging others for not talking to you.

Do this several times until you feel your anxiety subside, then rejoin the company you are in. Remind yourself that most people combat social anxiety on some level sometimes, and you are far from being the only person in the room who’s nervous or afraid of saying something stupid. Go find the woman with her nose stuck in her mobile Facebook app, or the man tweeting from his iPad, and introduce yourself.

4) Follow up.

If you don’t follow up, all your hard work in overcoming your fears will be for nothing. If you promised to e-mail someone, do it within a day. If you met someone interesting, get in touch with them within two days. If you allow too much time to pass, they will forget about you, and probably won’t be interested in maintaining the connection. Punctuality is an admirable quality.

Keep in mind that most people probably won’t respond anyway when you reach out, and even less will end up being a meaningful connection. This is not rejection, so don’t take it personally. It’s completely normal, and you should expect it. Cast a wide net and you will have a 5 percent success rate, at best. 5 percent is a really good batting average.

If you meet 20 people each day over a five-day conference, you may only end up with five people who become business partners, collaborators, future bosses or just good friends. Five is still better than zero, so I’d say that’s worth the effort!

With that, let me leave you these parting words: YOU CAN DO IT! If all else fails, send me a tweet at the conference and we’ll discuss our mutual social shortcomings over coffee.

What do you think? Let me know in the comments below or over at Twitter, @tdmv.


Tony Martin-Vegue is a 20-year technology industry veteran who started out as a Windows 3.1 phone support technician and worked his way up by running network cabling through ceilings, winning (and losing) in the late-1990s – early 2000s dot-com bubble and leading network operations teams. In the more recent past, Tony has worked in the financial services sector helping firms establish frameworks for enterprise risk assessments, developed advanced threat modeling tools, educated on risk analysis techniques and consulted on security for large-scale IT projects. Tony currently works at a large global retailer leading their cyber-crime program by researching emerging threats, assessing risk and fighting fraud.

Tony holds a Bachelor of Science in Business Economics from the University of San Francisco and holds many certifications including CISSP, CISM and CEH.

Tony lives in the San Francisco Bay Area, is a father of two and enjoys swimming and biking in his free time.

The opinions expressed in this blog are those of Tony Martin-Vegue and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.