Last year there was an Information Security conference taking place for almost every day of the year. This translates to about 15 information security talks per day, every day. The question is, is this a bad thing? Even niche areas of the info-sec landscape have their own dedicated conference these days. Is this a good thing? The conference scene is actually a reasonable proxy for the state of information security as a discipline.. i.e. theres a lot of activity but with questionable results (and dodgy metrics). This talk aims to change (some of) that.