About a month ago I attended a local infosec panel discussion (Detect and Defend, hosted by the St. Louis Business Journal). I’ve seen a lot of panel discussions, and I’ve even been a panelist from time to time, but none of those events were as particularly engaging as this one. All of the panelists seemed interesting and intelligent, they were on equal footing during the entire event, the moderation was great, the questions were great – just what was different? What was the secret sauce? It struck me that Detect and Defend succeeded as much for its lack of “fails” as it did for its great conversation. Here are three critical reasons why this panel discussion worked and others don’t.
#1 – Make sure that the panel has diversity within the ecosystem of the industry or topic
Detect and Defend had four panelists. Paraphrasing their bios, the panel included a threat researcher, a corporate information security officer, a professional services consultant, and a product manager/sales rep. In other words, we had somebody from every stage of the infosec life cycle, from research to product innovation to implementation and service delivery, and finally to consumer. Everyone had a engaging story on whatever the topic was, and a key point was that nobody stepped on each other – every individual’s discussion was complementary to the others’. It was a bunch of guys trading war stories – the energy was always positive, reinforcing, and the knowledge super valuable.
In contrast, consider a homogeneous panel where everyone is at the same place in the ecosystem. I once sat on a panel as a product manager for a software company. All of the other panelists were competing product managers for their respective software companies. Guess what happened when the moderator asked the first open ended question? Suddenly every panelist thought their product represented perfection in the industry and there were 27 ways why their competition was worthless. It was like a bad GOP undercard debate. Boring, laughable, and forgettable.
#2 – Make sure the moderator is prepared and knowledgeable
At Detect and Defend, the moderator was the VP of Sales for the primary sponsor of the event (Netelligent). To me, this was not at all a negative or conflict of interest – he did a great job playing the straight man, and was highly prepared. To kick off a topic, he asked slightly leading questions that set the tone and depth for the conversation without driving the panelists to an “expected” answer. Following up in each topic, he asked great probing questions that allowed panelists to reveal their knowledge without putting anyone in danger of being stumped or overmatched by the other panelists.
At other events I’ve seen moderators who didn’t really have much subject matter expertise, and simply played the role of pushing the conversation to avoid dead air. At best, the questions were simplistic and the conversation dry. At worst, the follow-up questions made the moderator look like a noob, and sometimes even the panelists seemed to have trouble tracking what the moderator was trying to say. In one of my own panel discussions, the moderator’s questions were so irrelevant or obvious that my fellow panelists and I just looked at each other, trying not to be the first to ask, “uh, what do you mean by that?”
#3 – Make sure the questions are moderated
This is something I didn’t appreciate until recently. In Detect and Defend, the audience was asked to write their questions on cards, then pass the cards to an assistant. After the open discussion, the moderator selected several questions from the cards for recitation to the panel. Now while the stated rationale for this system was “time management”, the real rationale was to give the moderator the chance to weed out any obvious or off-topic questions. It all worked out great. But there is another stealth reason to have a system like this – protection against having your Q&A hijacked by aggressive product shills.
I was at a recent presentation that was heavily attended by product reps and consultants. At Q&A time, the questions quickly devolved into backhanded product placements. For instance, a questioner would ask, “Tell me more about that spam, because with my company’s product, that would have never happened! We block 99% of the spam while doing X and Y and …” The very next questioner would say, “yeah, but don’t forget to take into account the Z that my product handles….”. And the third questioner would say, “and in my consulting practice, I regularly solve this and this and that. See me after this meeting for more information.” Meanwhile the presenter on stage had a glazed look on his face that reminded me of a teacher who’d lost control of a class.
So even if you are simply planning to attend a panel discussion, you can still use those three guidelines. Before going, take a longer look at the agenda. Who are the panelists? is the group diverse or are they all swimming in the same pond? Is the moderator any kind of subject matter expert? Or does he/she simply work for the company holding the event? With any kind of luck, you’ll have the same great experience I had at Detect and Defend!