Black Hat and DEF CON have definitely grown from the early years, and even from when I last attended, seven years ago. The events are still an eclectic annual gathering of many security tribes, but the expo floor at Black Hat is now packed with vendor booths as well. You can still try your hand at capture the flag or lock-picking and bump keys. And you definitely still get blockbuster demonstrations of mind-blowing exploits—can we say update my car please, Jeep/Chrysler?!
I’ve been really excited about the recent focus on expanding our future pool of security experts by reaching out to different parts of our population. For example, this year will be the fifth annual r00tz DEFCON Kids. See the r00tz site for more on its non-profit mission to “teach kids around the world how to love being white-hat hackers.”
The community is making efforts to expand our pool of current security practitioners as well. I’d like to applaud Black Hat and the Executive Women’s Forum (EWF) for creating the new Future Female Leaders scholarship. It’s too late for applications this year, but see more details here.
My plan for Black Hat / DEF CON this year
This year I’m planning on attending the ISSA CISO Forum, going to the sessions and expo floor for the Black Hat Briefings, and catching some of DEF CON 23. If I can find some time to get over there, I’d like to check out BSides LV for the first time. The SF BSides events have always been great in past and I’ve heard good things about BSides LV.
Like many, I’ll be taking a limited tech profile for my BH/DC trip. This means I’ll be back to notepad and pen for those wireless hacking sessions and donor/burner laptops for any capture-the-flag activities. I can’t dictate your personal or corporate risk profile, but… At the very least, I’d advise you to stay away from open access points—“Free Wifi” or even “Conference Wifi” is often a free service that you’d be advised to skip.
What’s your plan? What tips can you share?
I’d like to hear your tips for getting the most out of these overlapping gatherings of the security tribes in the deserts of Nevada and bright lights of Vegas.
- If you are heading to Las Vegas next week, which conference(s) are you going to? Black Hat and DEF CON? Just DEF CON? Only BSides? A private gathering of another group that you’re willing to disclose?
- Which was your first Black Hat or DEF CON? What memories are you willing to share? Did you ever “spot the Fed”?
- Do you take special precautions when traveling to conferences like Black Hat / DEF CON? Anything that you’re willing to share?
Send your direct feedback by emailing firstname.lastname@example.org or help us get the conversation started on Twitter by tagging @illumio and using the hashtag #DefConTips.
If you would like to connect with me, send me a direct message on Twitter @idjohn or LinkedIn. I’m especially interested if you have a match for one of the InfoSec positions we’re recruiting for at Illumio.