- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Black Hat, DefCon and B-Sides survival guide, 2011
I'll feel left out, for sure. When my security associates start tweeting about hanging out in a cigar bar or taking in some awe-inspiring hacking sessions, I'll be jealous. Really jealous. Fortunately, CSO will have troops on the scene to cover all the action.
But that won't stop me from offering a few survival tips, though. After all, I've still been to many Black Hat and B-Sides events, along with countless other events in the last seven years.
And so, for the first-time attendee, I offer the following advice based on my past experiences:
Don't let the noise get to you
Black Hat in particular is a noisy event. The vendors, in an effort to really fit in with the attitude of the conference, come up with all kinds of theatrics. One year, a guy was dressed up as a "Mad Russian" hacker mastermind. His attire was a cross between Captain Caveman, Charles Manson and Rasputin. I don't remember the vendor he worked for. I also remember that between sessions, it's hard to move around as people mingle in the middle of crowds rushing from one talk to the next.
The talks themselves are often surrounded by drama, though that part has calmed down in the last couple of years. Sometimes a vendor will try to stop a talk about exploits for a vulnerability in their products. Lawyers are brought in and a mess ensues. This happened in 2005, when Cisco moved to squash a talk by then-ISS researcher Michael Lynn on an exploitable issue with Cisco's IOS router operating system. The move proved to be a waste of time for Cisco, since the story got out anyway. But what was worse, in my opinion, was that a lot of good talks went unreported in the media because everyone was too busy chasing the hype over this one talk.
And so my advice here is to remember what you do in your day-to-day job, find the talks that most closely address the challenges you want to overcome and don't let drama and noise divert you from the plan.
Make time for B-Sides
At the same time Black Hat is going on, security practitioners will be giving talks at another event called Security B-Sides. This one is for those who maybe couldn't afford to attend Black Hat or DefCon or for those who wanted to speak at those events but were rejected for one reason or another.
I've been to three B-Sides gatherings so far. It's a more low-key affair than the major conferences, and there are gems to be found on the agenda. The event has gotten considerably bigger in the last year (San Francisco in February was quite packed and the vendors wanted a piece of the action)but it's still something you need to make time for. The content is worth it.
Details for this year's event:
When: August 3-4, 2011
Where: The Artisan Hotel
1501 West Sahara Avenue, Las Vegas, NV 89102
It's more about the networking, anyway
To me, the most important part of the Las Vegas events is the networking. In some cases, you get to finally meet a bunch of people you only knew through Twitter up to that point. You'll also make many new contacts who will offer you a variety of helpful feedback in the years to come.
If there's an opportunity to have coffee with a fellow security practitioner at the same time a bunch of sessions are going on, go for the coffee. The talks may entertain, but it's the relationships you forge over coffee or a meal that will likely lead to useful collaborations and lines of support when you need it most.
Too much drink in public can hurt your career
This last piece of advice is along the same lines as the last one. If you're hitting the parties at night, where the booze is almost always free flowing and paid for by the vendors, remember that opportunities abound to make fresh business contacts. A game of poker and a few drinks can be the stuff future partnerships are made of. I don't drink anymore, or play poker, but I've made valuable contacts just by hanging out and being an observer.
This can cut both ways, of course.
If you enjoy too many free drinks and get plastered, you run the risk of making a big fool of yourself. I've seen some well-regarded security professionals do this many times, and when they do it's all people talk about for the next week.
I wouldn't want to be that person.
I hope you found this helpful. Safe travels and enjoy the week!
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape