How to Set Up a Great Conference

Swiss Cyber Storm has been around for more than a decade. And if we look at the positive feedback we are getting from our audience and from our sponsors, we are doing something right.

We see a lot of conferences struggle after the pandemic, so maybe it’s worthwhile to share a few insights into what makes an IT security conference great.

Since I’ve been leading the Swiss Cyber Storm program committee for a couple of years, this comes with a strong program perspective.

Rule #1: Know who you are and what you want

You need to have a vision – or at least a simple catch phrase – for your conference. For Swiss Cyber Storm this is “The Prime IT Security Conference in Switzerland Setting the Swiss Infosec Agenda”.

At first sight this may just sound like marketing blah blah. Yet it really defines the format for our conference. For us, it defines the need to bring together techies and security officers, blue team as well as red team players. The event needs to be attractive to all of them, including the venue, catering etc. Unfortunately, this also means it’s going to be on the expensive side. And in order to gather all people at the same location on the same date it pretty much has to be a one-day conference – which supposes a national focus, because people usually don’t travel internationally to attend one-day conferences.

There is much more in a good claim than meets the eye at first glance. A lot of thinking went into ours and it influences everything down to the smallest detail.

Rule #2: A great program is essential

Honestly, I doubt most of our audience attends the conference because of the program. They come because it’s fun, because their friends are going, they get to meet colleagues, the food is great, drinks are free, and it allows them to get away from the desk for a day, etc.

However, this is not how they justify their attendance to their bosses (or themselves for that matter): The most important justification for a day of absence in the company is the program. That’s why you always have to present it as a top-notch selection of exclusive talks.

So, treat the program like the most important part of the conference even if that’s probably an illusion.

Rule #3: Creating a great program based on a call for papers often fails

When launching a call for papers, you are asking for great applications based on great research. But what you are actually looking for are great presentations. Those are three wildly different things.

I’m sure you agree that the best researchers are not necessarily the best presenters. And while there is a certain capacity to follow a poor presentation, it’s tedious and the tolerance of the listeners is limited. One may get away with one or two poor presentations at a conference, but I would not really want to test the resilience of our audience in this regard.

People invest a lot of time in their applications, and they deserve a thorough review and honest feedback. But the person responsible for the conference program probably does not have the time for this for every application. And what do you do when the best applications for your CfP all deal with the same hyped topic, but you would like to have a balanced program?

The result is often a wild selection of talks that don’t fit together and many presentations that looked a lot better on paper.

Rule #4: Creating a curated program is much easier

A curated program is a program where you select speakers to invite them to your conference. This forces you to attend other conferences and scout for suitable candidates. To do this you have to read a lot, to talk to many people and generally to stay on top of the IT security conversation and the hype cycle.

It’s a lot of research and a lot of work. But you will get exactly the program you want with good speakers who know how to present their topics. Obviously, there will be speakers who turn down your invitation. But that number can be kept low if done right.

Rule #5: Create a speaker flyer

Think of this as a sales prospect that you hand out to potential speakers. The speaker flyer should address all the pressing questions of the candidates. It should show photos of previous famous speakers along with fabulous quotes about the experience of speaking at your conference. Keywords like “UNESCO World Heritage site”, “hotel room with a view on the Alps” etc. will certainly help as well.

In short: The flyer should present your conference to the potential speakers as an opportunity they wouldn’t want to miss.

Rule #6: Pay your speakers (at least all their expenses)

Speaking at conferences is a lot of fun but travelling costs a lot of time and money. The least you can do is to cover the expenses for the journey and the accommodation.

Occasionally, we pay our keynote speakers, but most of our speakers follow our invitation and all they get is a plane ticket, a train ride, two nights in the hotel, and that’s it. (Did I mention the view on the Alps?)

This doesn’t sound like much compared to the time an international speaker invests to attend your conference. But truth be told, most IT security conferences don’t even cover the full expenses of the speakers. I find that very impolite. Please pay your speakers!

Rule #7: Keep the sponsors away from the main track

I don’t know why, but many sponsors tend to deliver talks that do not resonate with the audience, especially when on the main stage. Some feel overwhelmed by the occasion or the size of the stage, others feel entitled to ignore advice (maybe because they pay money to speak). On top, the audience is expecting a poor sales talk, so this all comes together in very poor feedback for sponsor talks on the main stage.

The solution we have found is a separate sponsoring track. Ever since we started that, the quality of the sponsors’ talks improved greatly. And because the separate track allows more sponsors to present (offering more slots for talks), they have a greater incentive to bring their customers to our conference. And on top, nobody is forced to watch the presentations since we have multiple talks. It’s a win-win situation.

Rule #8: Treat your speakers like stars

Having the stars of the IT security community speaking at your conference is awesome. But at Swiss Cyber Storm, we try to also give lesser-known speakers an audience: People who have not spoken in Switzerland before or people who we feel deserve a bigger audience. These people are not used to get the rock star treatment. But we’ll make every effort possible to let them have a great time: addressing special food needs, bringing the family along, organizing a guided tour of the city, etc.

The night before the conference we run an exclusive speaker dinner. Most of the speakers meet for the first time, and our set-up leaves a lot of room to mingle and talk. Many friendships are born there. But the most important part of the dinner, I think, is my introduction of everybody around the table. For every speaker I explain how we met, what about them impresses me the most, and why I invited them to present to our audience. Many a speaker told me they were never introduced in such a nice way. 

But it’s not just flattery, I really do think they’re great people, and I know exactly why I want them in our program. All I do is sharing positive vibes.

Rule #9: Coach your speakers

This harks back to rule #4. With most conferences, the communication stops after the confirmation of a speaker. With Swiss Cyber Storm, this is when the communication really starts.

The speakers obviously know their topics by heart. But we know our audience, and we know the other presentations. Working together, we can polish a presentation to perfection and deliver a talk that fits into the program and into the conversation we want to have with the audience.

Very few speakers have received this amount of feedback before from the organizers of a conference. Some are not interested, while others have an open ear. With them we continue the conversation until we think the presentation is perfect.

Btw, coaching a speaker does not mean you have to be petty. Don’t pester them into using your official conference slides template for example. This is about the speaker and their presentation and not about your corporate identity.

I think the coaching combined with the speaker selection is the key practice that makes the difference to other conferences.

Rule #10: Don’t underestimate the catering

We have been struggling with the catering far too many times. Lack of food, wrong food, cold food, bad food – we’ve seen it all. We have always given this topic all the attention it deserved, but it just did not work out. Bad luck perhaps.

So, whatever you do, treat the catering as super important. Make sure you know exactly the menu, the timing, the amount, the location, etc. And make sure the catering partner knows you are giving this your full attention and they won’t get away with a poor delivery. 

And lo’ and behold: This really worked for Swiss Cyber Storm 2022. It was the first edition where we were completely happy with the catering. What a step forward!

Summing things up

When you target the right audience, when you have a great venue, catering works smoothly, your speakers feel completely at ease, then it suddenly all comes together and every talk will feel like a revelation to the audience. This is when it really pays off to be a conference organizer. I crave for these moments.

Now I am not claiming the rules above to be the only way to set up a great conference. But if you follow my advice, I am confident you will be more than pleased with the results.

Christian Folini, Program Chair Swiss Cyber Storm