When August arrives in Las Vegas, hackers roll into town. Each year, two major conferences — DEF CON and Black Hat — take place in Sin City and feature some of the most cutting-edge research and training in the InfoSec field. The lesser-known BSides conference happens at the same time, giving IT security professionals a wealth of choice in a city known for taking more money than it gives. But which conference really pays off, and what’s the best bet for Vegas 2015?

DEF CON: The Original

DEF CON was the first hacking conference hosted in Las Vegas and is the brain child of security expert Jeff Moss, also known as “The Dark Tangent.” According to the conference’s official website, it began as a closing party for Platinum Net, a Fido-based hacking network headquartered in Canada. When the organizer disappeared and left Moss holding the bag, he decided to host the party anyway and invited many other hacker friends — thus, DEF CON was born. This year, DEF CON 23 is set for Aug. 6–9 at the Paris Hotel and Bally’s Hotel in Las Vegas.

Much of DEF CON focuses on the practical application of hacking techniques. While the conference has grown from one track to five and now includes a greater emphasis on research, the core of the gathering has always been about events such as capture the flag and exploring the community aspects of hacking culture. Federal law enforcement agents regularly attend the conference, although in recent years, Moss has asked them to call a timeout. The con’s hacker roots are still very much evident when it comes to registration and payment: Everything is done at the door, and the $230 entry fee is taken in cash to prevent any online collection of payment card data.

Black Hat: The Spinoff

Black Hat, meanwhile, is a spinoff from the original DEF CON and was also founded by Moss. This year, Black Hat will be held at the Mandalay Bay Convention Center from Aug. 1–6. The cost is approximately 10 times that of its progenitor, but the con has a much different focus split into distinct areas: briefings and trainings. Briefings are designed as a place “to learn the very latest in information security risks, research and trends.” Leading researchers take the stage to share their discoveries and in some cases report on vulnerabilities they have uncovered in major pieces of enterprise software, which occasionally raises the ire of vendors. Trainings, meanwhile, are “hands-on attack and defense courses” that offer actionable insights on everything from penetration testing to exploiting Web apps and designing SCADA systems. Black Hat also supports the work of the Electronic Frontier Foundation (EFF).

BSides: The Newcomer

BSides is the newest hacker conference to arrive in Las Vegas; this year, it’s being held Aug. 6–7 at the Tuscany Suites. According to the BSides website, their Sin City event is typically attended by 1,000 to 1,500 people, a fraction of those heading to DEF CON and Black Hat. But their mandate is different: Instead of focusing on speakers with insight about current InfoSec challenges or existing vulnerabilities, BSides wants to attract researchers willing to give their take on the next big thing in cybersecurity and threat intelligence. Billed as a conversation rather than a talk, there’s no fee to attend this self-described “grass roots, DIY, open security conference.”

Why Three?

Many security professionals considering a trip to Las Vegas this year have the same question: Why hold three conferences in the span of a week? BSides makes the point that it’s not trying to compete with either DEF CON or Black Hat, but simply wants to offer another venue for ideas and information, giving attendees of the other two conferences somewhere to go if they need a change of pace. Black Hat and DEF CON, for their part, focus on two sides of the InfoSec coin: how hackers are leveraging current opportunities to push the limits of technology and what companies can do to mitigate these emerging risks.

Making the Choice

So what’s the best choice for 2015? It depends on company needs. If laser-focused training and actionable security insights are the priority, opt for Black Hat — and register early. If an interest in hacker culture as a way to enhance existing IT policies is the goal, try DEF CON, and come with cash. And if the goal is to get a handle on the next big thing in cybersecurity through collaboration rather than typical convention style, opt for BSides.

No matter the choice, however, go prepared for hot weather, hotspots and the hottest InfoSec topics.

More from Intelligence & Analytics

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

79% of Cyber Pros Make Decisions Without Threat Intelligence

4 min read - In a recent report, 79% of security pros say they make decisions without adversary insights “at least the majority of the time.” Why aren’t companies effectively leveraging threat intelligence? And does the C-Suite know this is going on? It’s not unusual for attackers to stay concealed within an organization’s computer systems for extended periods of time. And if their methods and behavioral patterns are unfamiliar, they can cause significant harm before the security team even realizes a breach has occurred.…

4 min read

Why People Skills Matter as Much as Industry Experience

4 min read - As the project manager at a large tech company, I always went to Jim when I needed help. While others on my team had more technical expertise, Jim was easy to work with. He explained technical concepts in a way anyone could understand and patiently answered my seemingly endless questions. We spent many hours collaborating and brainstorming ideas about product features as well as new processes for the team. But Jim was especially valuable when I needed help with other…

4 min read