SCS 2021: Feedback from the Audience

After every Swiss Cyber Storm, we are sending the exactly same feedback form to all our paying attendees. We pay attention to send the same question, so we can compare the scores across different years. In this blog post, we’re sharing the feedback for the first time with you.

We received feedback from 25 paying attendees. That is less than the last time. But we also had less people in the audience. Unfortunately, people did not have the feedback form in their mail the next morning and that seems to be a decisive factor with regards to the return rate.

Overall impression of the Swiss Cyber Storm conference

This is the opening question. It’s a warmup question, but it’s also a first general impression. We focus on the rate of people who plan to come back the next year.

64% (2019: 48.1%) It was a very interesting and cool event, keep it up and I’ll be there next year
32% (44.2%) It was quite good – I consider attending next year
4% (7.7%) It was ok but I probably won’t be there again
-% (1.3%) Bad, I won’t be there again

We see a significant jump in the positive feedback. It’s a first sign this was a good conference, but let’s not get carried away and look at the rest of the feedback form.

The Speakers

Next, it’s the speakers. We are using a scale from 1 (bad) to 4 (very good) and ask about a score for every speaker. We are not publishing the individual stats for the speakers, but the mean value is a 3.34 (up from 3.04 in 2019), which is a wild jump since it took three SCS editions to get from 2.89 to 3.04.

And yes, let’s share one individual stat: Mario Heiderich’s mXSS presentation scored a perfect “4 – very good”. That’s a remarkable premiere at Swiss Cyber Storm, we never had a 4.0 before.

What do you think of “Securing the Supply Chain” as our focus theme?

A few years ago we started to give the conference a focus theme. It looks like a detail for the conference, yet it forces us to think hard. Think really hard about stuff that matters to the industry, namely in Switzerland. And this thinking has to happen really, since it’s fundamental when we start to curate the program and approach potential speakers. We typically pick the focus theme around 9 months ahead of the conference.

And because picking the focus theme is so hard, the answers for this question really matter:

88% (2019: 82.7%) Good choice
4% (3.8%) No, I did not like this
8% (13.5%) I was not aware you had a focus theme

That numbers are higher than the 82.7% that “Embracing the hackers” got in 2019, so it’s a pleasing result again. I just wonder how much the planned focus theme “E-Health” would have scored if there was an SCS in 2020.

Where did you hear about Swiss Cyber Storm (optional)

64% (2019: 48.1%) I’ve attended before
0% (3.8%) Via communication by a sponsor
4% (1.9%) Via a partner organisation (ISSS, OWASP, InsomniHack, Black Alps, etc.)
0% (1.9%) Online articles in the media or blogs
24% (40.4%) Colleagues
8% (0%) Social Media

Here we see a shift from “colleagues” towards “I’ve attended before”. If this felt like an SCS edition for fans, we can understand why now. It’s like the hard core of our audience came and the potential new attendees are waiting until Covid-19 is really over.

I think the small rise of social media is also remarkable. This may look like it was by accident, but I do not think so, since we had a stronger social media presence this time, namely on LinkedIn where we were absent before.

Did you like our Raffle?

Let’s turn to the raffle, a polarizing topic for the audience. With the raffle we send the audience to get a stamp at every sponsor booth and if you complete your set, you are admitted to the final draw by lot and if you are picked, you get to pick one of our prizes. Among them a large scale Lego Excavator or a very hot drone that an unnamed CISO from the Geneva region selected. But given it’s such a polarizing element of our conference, the question is about feeling the pulse of how many people love it, and how many people hate the raffle.

In 2019, we advertized the raffle heavily between the talks. We did not repeat that this time and I kind of expected less people annoyed with the raffle. However, the opposite was the case:

44% (2019: 53%) Yes, that was fun and got me in touch with Companies I did not know
24% (19.1%) Feels like a rat race, please stop it
12% (14.9%) What raffle?
20% (12.1%) Other

We are seeing more people being fed up with the raffle despite it being less prominent and less advertized on stage.

I’m reading the stats from the perspective of a fan conference again: People knew the sponsors already (most sponsors are long standing partners) and walking up to their booths again was probably not overly interesting for some 24% of the audience.

But let’s be very clear here: The sponsors are super-important for our conference. Without sponsors, we would not be able to pay all our speakers the full trip and two hotel nights. And one thing that a sponsor wants from us is a certain guarantee that people will come and visit their booth. As long as we send around 100 people at every booth, the money is well invested for our sponsors and the conference is sustainable. And look at the photo again: Is not this smile totally worth it?

Freeform Feedback

Let’s turn to the individual feedback now. I’m not going to comment on this, but it is a topic for the debriefing meeting of the committee.

• Great location, great infrastructure, good to reach, good organization, well done!

• Freue mich aufs nächste Jahr 😀

• Overall it is a nice and well organized event but I would have liked more technical talks and had the Illusion to get in touch with other technicans and geeks (the security community not “just” the management and business edge of the swiss security companies. But overall I liked the event and it was a really nice experience

• Werde die verschiedenen Präsentationen zur Verfügung gestellt?

• Please have more technical talks like Marios mXSS talk

• Great Job, great location, great speaker.

• Thanks for organizing such an event during these hard times, with many unknowns.

• Dinner buffet was out of order really quickly.

• Gold Talk was a bit short on actual content. Or just teasing and interesting subject (bug bounty vs. pentest engagement). And then having proton “no logging, jk” mail on stage was a bit cringe if you’ve read the news.

• It’d be nice to have a “Call for Papers” for talks, all these “sponsored” talks are feeling like ads, it’s annoying and reduces the overall quality of the line-up IMO.

• Also I disliked the fact there were so many “virtual” talks, especially since the video and audio quality was awful. Please make sure both sides have a decent internet connection next time you do that.

• I am also not so sure you are properly targeting a given audience: some talks are for engineers, some talks are for CISO or “higher ups”, it feels like a mix and it was difficult to always find interest in one of the proposed talks. Maybe have proper “technical track” and “management track” instead of mixing both types in all tracks?

• The SCS was very well organized and as a participant you felt safe (concerning corona)

As stated above, I won’t go into any responses here. But we might do a blog post later in order to explain the concept of the conference and why there is such a mix of talks. And about the slides: They have been linked on the website in the meantime. Videos are hitting Youtube next week or so.

Speakers that should be part of Swiss Cyber Storm 2022 (optional)

Finally the question about the speaker wishlist. The requests are always inspiring and even if most of them won’t end up on our stage, some will, so these requests are really important for us.

• Bruce Schneider
• Fefe
• Nicolas Ruff (“cybersecurity was a mistake”); Pascal Junod (“On the asymmetry of cybersecurity: watching the hacker hacking your crypto, rolling the new version once they finally got it”); Frederic Jacobs (“How (Apple) engineers are actually trying to do good and rolling proper crypto”)
• Eduard Snowden
• Jann Horn

Let’s Wrap This Up

Looking at the reduced number of participants and the jump in positive feedback, I am concluding this was a fans conference. We welcomed those who really love the conference and they tend to give us better grades then a more general audience. So I think the feedback has a very positive bias, I would say. We’ll know for sure when we have the numbers for 2022.

Speaking of Swiss Cyber Storm 2022: The conference will happen on October 25, 2022. We’re running a super early bird ticket sale up to the end of the year. If you want to get the cheapest tickets for the conference, then you better grab one now.

Christian Folini, Program Chair