Security does not have a community. It has several siloed, sliced, and separated communities. Security has always taken "security by obscurity" too readily to heart, and despite the fact that we know SBO doesn't work; and even works against us; we still insist on dividing ourselves into smaller and smaller sub-sets. Intelligence doesn't talk to law enforcement which doesn't talk to academia which doesn't talk to business which doesn't talk to military which doesn't talk to industry which doesn't talk to government which doesn't talk to research. In all my decades in the field, I've only ever found two venues that attracted, encouraged, and almost forced the interaction (and often long-term relationships) of all these disparate groups (and more).
If you've never been to the Agora meetings, you're too late. I attended the last one yesterday. For the past twenty-five years, those in the know would, every quarter, make every effort to spend Friday morning together. That was it: Friday morning. Three hours long, never more than three main presentations. There were also announcements, job postings, occasional queries, and, every August 15th, storytime. (That's an Agora joke. I don't expect you to get it. If you tell it to someone and they laugh, they've been to Agora recently.)
Agora didn't just happen, of course. It was created and diligently (and creatively and competently) managed by Kirk Bailey, later ably assisted by Ann Nagel and Daniel Schwalbe. Also assisted by various students and a whole host of attendees and even companies, but that list would a) make this piece far too long and b) I'd definitely forget someone. Those of us who attended owe them all a debt of gratitude.
Kirk's ability to attract speakers was legendary. We heard presentations at Agora I've never heard anywhere else, and some I never thought to hear. I recall a drive back after one Agora, when we we discussing a rather lackluster piece, and I was suddenly struck by the fact that, even if this meeting hadn't been sterling, the worst Agora meeting I'd ever attended was better than the best conference I'd ever attended.
But the presentations were only half of what made Agora special. The other half was the people you met. People from three-letter agencies. People from high up in important corporations. People who were just there out of interest. People with political and social positions at extravagantly wild variance to your own. I remember, when I was first researching the implications, for security, of the potential capabilities of quantum computers, I got very excited over the possibilities for improving emergency management in the midst of a disaster. At Agora I met a Navy captain who got equally excited over similar possibilities for battle command.
A number of us from the SIG drove down for the meetings, despite the three hour trip if nothing went wrong. Highway construction, bridge collapses (that's another Agora joke), local traffic, and border guards could easily double that. But we happily faced eleven hours of travel time for three hours of Agora and, if we were lucky, a couple of hours of "networking" and possibly lunch.
We envied the people from the local area, but they weren't the only ones who came. Lots of people regularly came considerable distances. Before governments lost their travel budgets there were pretty much constant attendees from DC and Ottawa. People came from other continents. (Some of the DC crowd were pretty high up in DHS. If I could stay for one of the post-Agora lunches, the DHS guys always tried to grab me for their table. They wanted to know the latest border horror story, and I always had one for them. They regularly fell on the floor laughing about it.) (Recounting those would also make this piece far too long.)
You will note that I haven't said where we met. That's another, well, not so much Agora joke as Agora tribute. Agora was governed by a sort of variant set of Chatham House Rules. What was said at Agora stayed at Agora. As an attendee, you never quoted any of the presentations, or any of the people you talked to at the breaks. For years this was simply understood by all involved. After one notable failure, a more formal NDA was created, but that was late in the game.
Agora was the security world's worst kept secret. Nobody blabbed about what was said at Agora, or who went. But, despite the fact that Agora had no legal existence, no bank account, no Website, and no offices, almost everyone who ever attended became an instant devotee, and, often, evangelist. Within a few years of it's creation, attendance was hitting 600. During the Great Recession, the slashing of budgets and demands that security people stick to their desks dropped attendance to the 150 region, but, for the past few years it's been back in the 400 range.
There was never any charge for membership in, or attendance at, Agora. There was a cost, certainly. Much of that was "sweat equity" on the part of Kirk and a number of others. There were also other direct costs, generally borne by whoever would pay for (or donate) a venue, or mailing costs, or refreshments, or (latterly) the "Agora spam gun." In the end, Agora became a victim of it's own success: it just became too hard to find people or institutions willing to donate, provide, pay for, or give priority to rooms big enough for the group to meet.
Agora is gone, but leaves a legacy. That legacy is the model. We need a space. Or, more probably, spaces. We need other other venues, sites, and/or communities where the various communities can meet. Together. We need others to take up the Agora torch, and create places, physical or virtual, where anyone who is committed to (or even just strongly interested in) security, of whatever type, can meet together and, safely, exchange ideas. We need spaces where the formal can meet the anarchic, where the business can meet the exploratory, where the old can meet the young and pass along wisdom (and occasional silliness). Hopefully, Agora's death will have been a spawning or a sporing out, and not just a mere termination.
Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413
This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468