← Mod 14 · Events & Field Marketing
Function-Specific · practitioner family

Practitioner / Function-Specific Events

What it does

Events organized around a specific security function — SOC operations, cloud security, AppSec, identity, OT, GRC. The audience is the practitioners who do that specific job, and the content is technical, operational, and persona-deep.

What it means to the buyer

"Speak to my job, not my title." Functional events serve practitioners who want education and tools specific to their lane. Vendors who do the work in that lane build technical credibility; vendors who don't get filtered out fast.

Best motion

Persona-specific education and pipeline. Workshops, demos, hands-on labs, deep technical content. Direct connection between the function being addressed and the product capability being demonstrated. Champion-building inside specific functional teams.

Weak motion

Generic security messaging. The audience showed up for SOC operations or AppSec or cloud security specifically — broad "cyber resilience" content is read as content nobody wrote for this room.

Right metric

Function-specific champions identified · workshop participation · post-event technical demos · use-case-driven pipeline

Anti-metric

Cross-functional brand metrics

Example events

  • SOC events (BSides SOC, MITRE ATT&CK Con)
  • AppSec events (OWASP, AppSecCon)
  • Cloud security (fwd:cloudsec, KubeCon security track)
  • Identity events (Identiverse, Oktane, security-track at Authenticate)
  • GRC events (ISACA GRC, AuditWorld)
  • OT/ICS security events (S4, ICSJWG)

Personas

  • SOC Analyst / SOC Leader
  • AppSec Engineer
  • Cloud Security Lead
  • Identity Leader
  • OT Security Engineer
  • GRC / Compliance Lead

Categories

  • SIEM / SOAR (SOC events)
  • API / AppSec (AppSec events)
  • CNAPP / DSPM (cloud events)
  • ITDR / IGA / PAM (identity events)
  • OT Security (ICS events)
  • GRC / TPRM (governance events)

Maturity stages

  • Managed / Developing (function-mature)
  • Optimized / Scaling
  • Advanced / Threat-Informed

Common mistake

Sending one generic team to all functional events. Each functional community has its own language, tooling, and practitioner culture — a vendor that shows up to AppSec with SOC talking points (or vice versa) gets dismissed. Specialist credibility per function compounds; cross-pollinated mediocrity does not.

Functional events are how vendors build credibility in a specific lane. The work isn’t national or glamorous; it’s persona-deep. A vendor with three functional anchors (say: SOC, identity, cloud) shows up at the three sets of events with three sets of language and three sets of champions — over time those become the technical foundation for any broader category claim.

The traps are subtle. Generic messaging doesn’t land. Cross-functional product demos confuse the audience. Lead capture that lumps SOC contacts with identity contacts loses both signals. The discipline is per-function: per-function content, per-function demo, per-function follow-up, per-function ICP scoring.

For vendors with multi-functional products (XDR, cloud platforms, identity platforms), functional events also surface the gaps — which function the product genuinely serves, and which functions it claims but doesn’t.