When August arrives in Las Vegas, hackers roll into town. Each year, two major conferences — DEF CON and Black Hat — take place in Sin City and feature some of the most cutting-edge research and training in the InfoSec field. The lesser-known BSides conference happens at the same time, giving IT security professionals a wealth of choice in a city known for taking more money than it gives. But which conference really pays off, and what’s the best bet for Vegas 2015?

DEF CON: The Original

DEF CON was the first hacking conference hosted in Las Vegas and is the brain child of security expert Jeff Moss, also known as “The Dark Tangent.” According to the conference’s official website, it began as a closing party for Platinum Net, a Fido-based hacking network headquartered in Canada. When the organizer disappeared and left Moss holding the bag, he decided to host the party anyway and invited many other hacker friends — thus, DEF CON was born. This year, DEF CON 23 is set for Aug. 6–9 at the Paris Hotel and Bally’s Hotel in Las Vegas.

Much of DEF CON focuses on the practical application of hacking techniques. While the conference has grown from one track to five and now includes a greater emphasis on research, the core of the gathering has always been about events such as capture the flag and exploring the community aspects of hacking culture. Federal law enforcement agents regularly attend the conference, although in recent years, Moss has asked them to call a timeout. The con’s hacker roots are still very much evident when it comes to registration and payment: Everything is done at the door, and the $230 entry fee is taken in cash to prevent any online collection of payment card data.

Black Hat: The Spinoff

Black Hat, meanwhile, is a spinoff from the original DEF CON and was also founded by Moss. This year, Black Hat will be held at the Mandalay Bay Convention Center from Aug. 1–6. The cost is approximately 10 times that of its progenitor, but the con has a much different focus split into distinct areas: briefings and trainings. Briefings are designed as a place “to learn the very latest in information security risks, research and trends.” Leading researchers take the stage to share their discoveries and in some cases report on vulnerabilities they have uncovered in major pieces of enterprise software, which occasionally raises the ire of vendors. Trainings, meanwhile, are “hands-on attack and defense courses” that offer actionable insights on everything from penetration testing to exploiting Web apps and designing SCADA systems. Black Hat also supports the work of the Electronic Frontier Foundation (EFF).

BSides: The Newcomer

BSides is the newest hacker conference to arrive in Las Vegas; this year, it’s being held Aug. 6–7 at the Tuscany Suites. According to the BSides website, their Sin City event is typically attended by 1,000 to 1,500 people, a fraction of those heading to DEF CON and Black Hat. But their mandate is different: Instead of focusing on speakers with insight about current InfoSec challenges or existing vulnerabilities, BSides wants to attract researchers willing to give their take on the next big thing in cybersecurity and threat intelligence. Billed as a conversation rather than a talk, there’s no fee to attend this self-described “grass roots, DIY, open security conference.”

Why Three?

Many security professionals considering a trip to Las Vegas this year have the same question: Why hold three conferences in the span of a week? BSides makes the point that it’s not trying to compete with either DEF CON or Black Hat, but simply wants to offer another venue for ideas and information, giving attendees of the other two conferences somewhere to go if they need a change of pace. Black Hat and DEF CON, for their part, focus on two sides of the InfoSec coin: how hackers are leveraging current opportunities to push the limits of technology and what companies can do to mitigate these emerging risks.

Making the Choice

So what’s the best choice for 2015? It depends on company needs. If laser-focused training and actionable security insights are the priority, opt for Black Hat — and register early. If an interest in hacker culture as a way to enhance existing IT policies is the goal, try DEF CON, and come with cash. And if the goal is to get a handle on the next big thing in cybersecurity through collaboration rather than typical convention style, opt for BSides.

No matter the choice, however, go prepared for hot weather, hotspots and the hottest InfoSec topics.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today