The Art of the Budget hacking

It’s that time of the year again. To commemorate the 15th anniversary edition of t2, we wanted to open up the reasoning behind the frequent reminders to allocate training budget for t2 and our friendly suggestions for early registration.

Before getting to the nitty gritty it’s important to highlight that we organize t2 out of love, both for community/scene and hackerdom. This cannot be done for any other reason.

Conferences, and event business in general, imposes certain rules of business and financial terms on the organizers. These are location and time insensitive, and apply to most parts of the world.

  • Venue
    • Needs to be booked well in advance, and unless you have been doing business for a long time, they require a prepayment of some sort.
    • Once you confirm dates, you are committed. Cancellation terms do exist but it’s not like you can bail out at the last moment.
    • Multiple this by the number of locations (e.g. you plan on organizing dinners related to the event).
  • Liquidity
    • To offset for invoices due before the event, you either need to have healthy finances with some buffer from the previous years or take a loan (usually from the main organizer who takes the biggest financial risk personally). If ticket sales start early, you might have enough cash flow to balance everything out.
  • Travel arrangements
    • After CFP is done, you have the confirmed speakers and the event is nearer, the booking of flights begins. If you are covering 100% travel cost, you want to optimize the time of purchase to get the best price. Not too soon, not too late.
    • Here you have the risk of cancellations, or other last minute changes – all part of normal life.
  • Scale economics
    • Applies to your business only if you’re Jeff Moss. Forget you ever heard the term, more important jargon is MOQ.
    • Smaller the number of maximum attendees and planned financial upside, smaller the window of error between loss, breakeven and profit.
  • Sponsors
    • Depending on the year, sponsors might save the day when it comes to event’s financial performance. Fewer sponsors means smaller risk margin.
    • Some sponsors would prefer to have the attendance list (with contact details, of course) or buy speaking slots. t2 does sells neither of those.
    • Please take a moment to check out what the valued sponsors are doing during the event and online. Few events could do without them.
  • Conference schwag
    • Needs to be ordered well in advance to account for unexpected delays. Typically a prepayment is required, as your vendor needs to pay their suppliers and/or material.
    • Even when using high quality partners, you will have defects. More professional the partner, the easier it will be sort out the mess.
    • You end up ordering a good amount of extras to account for everything, and then giving these away for free the following year (or during the year, unless you organize an exclusive luxury fashion event in case you burn the extras with the receipts)

Having been in the game for well over a decade, most of it with the same partners, we have been able to build the trust and negotiate cash flow friendly payment terms. It’s like playing Tetris during the year with the calendar, but the blocks are invoices and you are actually gambling.

Nevertheless, each year the familiar friendly faces in the audience, the first timers and returning speakers make it all worthwhile.  It’s an honor to have the event filled with enough intelligence to make your brain hurt. With that out there in the open, we hope you register your ticket to this year’s 15th anniversary celebrations sooner than later!

 

Budgeting season

Surprisingly many companies lock down their next year’s budgets already in Q3. While many of our attendees have negotiated conference and training costs to be part of their annual non-negotiable compensation package, there are also those who rely on the good graces of financial overlords to okay their attendance. This post is to remind that it’s yet again time to have the discussion about t2’18 – after all, it’s the 15th anniversary.

Why do we pester our readers with this? As Thomas Lim finely stated it in his keynote at Infiltrate 2012:

“[..] Conferences don’t really make a lot of money, unless you’re Black Hat [..]”

In many years, the question of making a small profit to guarantee enough liquidity for organizing the next event comes down to having the right sponsors. No sane person would enter a business with this kind of a risk/reward ratio. The talk is filled with other gems as well, and it’s definitely worth watching.

The reasons for organizing are elsewhere, namely you want to give back to the community, love the atmosphere of a small event and want to see world class security presentations in your home country. The volunteer work behind the scenes only works when you focus on high quality and networking – it also helps getting repeat guests who value the effort put into curating the program, and setting the stage for making new friends. A considerable part of the audience comes from outside Finland, and it’s certainly not thanks to the weather.

To summarize some of our core values:

  • Networking is an integral part of the event
  • We focus on new research and technical aspects of information security
  • We never sell or give out the attendance list
  • Sponsorship does not give you a speaking slot or influence on the agenda, only CFP does

If you are interested in sponsoring t2, we are glad to discuss your exact needs. Please get in contact with us.

Carry on tradition

Having recently returned from the warmer parts of EMEA, where nights are warm and days even warmer, the importance of having friends and making new ones seems somehow topical. Global and regional geopolitics get a new meaning, when you can enjoy pleasant discussions with people having a local insight. The often-repeated-cliché of travel widening your horizons certainly holds true, but only if you get away from hotel and airport lounges to spend enough time in one place to really soak in the surroundings.

Historically, Helsinki has been the host city for all kinds of talks, and in many ways, t2 follows those traditions. We cater to an all-encompassing audience, where everybody is welcome regardless of a funny hat they might wear. One person’s ethical choice is another’s livelihood, and yesterday’s break-up/bankruptcy/allsafe is today’s comeback tour/hottest startup/evilcorp.

Just like a good foothold inside a Jenkins server gives you the keys to the kingdom, allocating an annual training budget for t2 is a good investment, if you prefer meeting fantastic people, exchanging intel^H^H^H^H^Hknowledge, and learning from world class research. This year there are also other interesting opportunities around t2 in Helsinki – a sauna day opening the doors of private homes for sauna visits and a whole event dedicated just to salty liquorice.

What more could you ask from an infosec conference?

ps. Don’t forget to include lobby bar expenses in your training cost estimates!

99 problems but a free ticket ain't one

Three and half weeks until t2’15. We’re sold out but we didn’t sell out. The hard limit of 99 attendees is the corner stone of the conference and come hell or high water, it’s here to stay.

It’s also the reason we think now is a good time to remind those who plan on attending t2’16 to sneak those figures into next year’s budget. After that, it’s just a case of “We had this discussion last October” and “Our training budget accounts for t2, lobby bar and/or random 0day”. Some of the more veteran attendees have taken this a step further and just labeled the cost as threat intel. After all, it’s the one budget category where you can pour in money and nobody questions the spending or the results.

Speaking of money, we’d like to see Lester Freamon’s take on attribution when it comes to those annoyingly pedestrian toolkits.