Light Dark
July 23, 2015 By Martin McKeay 5 min read
Intelligence & Analytics

It’s almost time for the annual pilgrimage of security professionals, self-professed hackers, geeks, marketing teams and everyone with an interest in the wide world of security to Las Vegas. A week of security talks, glowing neon lights and losing track of what time of day — or even what day — it is. That’s right, it’s time to pick the security conference of your choice!

The ‘Hallway Track’

In just a few weeks, we’ll be gathering for Black Hat 2015, DEF CON 23 and BSides Las Vegas to see research from some of the brightest minds in security. What you get out of the events depends heavily on what you put in, and sometimes it’s not even the talks you should be there for — it’s the hallway track. People wandering, meeting and mingling while the talks are happening offer the real value of the week. But it’s up to you to decide how to spend your time at the security conference.

Black Hat is the corporate security conference with official training tracks and, as the largest of the three, has the most to offer many attendees. DEF CON is only a little smaller, but it is the root from which Black Hat sprung and retains the original hacker ethos and sense of fun. BSides is the young, grassroots upstart, created five years ago when a number of people saw a void and moved to fill it. Each has a unique draw, though there are many people who attend two if not all three of the events every year.

Making the Most of Your Security Conference

So how do you get the most out of the week in Las Vegas? The talks are important, and you should go to the ones that directly feed your role and your interests. But it’s also important to make a conscious effort to spend time outside of the conference halls and the vendor area to meet the people who have the same security interests as you. Talks are a way of gathering specific pieces of information, but the conversations in the hallway hold the most unique insights. The people you can meet during your time in Las Vegas could have a lasting effect on your career as a security professional.

Think of some of the talks you hope to see. What is more valuable to you, seeing the presentation or being able to talk to the person giving it to try to understand some of the finer points? For me, it’s the latter every time, and you can often find the speakers in the hallways when they’re not on stage. Don’t mob them right after their session, but keep an eye out for them during the conference and approach them with some brief feedback or a question about the talk.

While there are always exceptions, most speakers love to get well-thought-out feedback and are perfectly willing to answer a question or two. Don’t monopolize anyone’s time, but do make an introduction and tell the speaker how much you enjoyed his or her presentation. You can often learn more during a five-minute conversation than you did in a whole session.

Seeing Is Not Believing

Be aware that looks can be very deceiving, and there are few places where this is more true than Vegas. The guy in the ratty jeans and T-shirt probably isn’t the CEO of any of the companies on the vendor floor, but he might be a CTO or the lead of the penetration testing team. If there’s no definite need to be seen in corporate camouflage, many of the people who attend these conferences aim for comfort and try to blend in with the crowd.

One of the open secrets of this time spent in the desert is that it’s when many people meet to discuss their next career moves or announce changes that have been planned for months. It definitely pays to make and keep these contacts, even if you don’t wind up changing positions or pursuing these opportunities. The old adage, “It’s not what you know, but who you know” is just as valid in the security community as it is anywhere else.

Security Gets Social

Security people generally tend to be introverted, and if this describes you, this is the time when you should make a conscious effort to fight your inclination to avoid the crowds. Make the most of your time, meet as many people as possible and learn from them. Do you read the writing of particular professionals, follow them on Twitter or listen to their podcast? Reach out to them prior to the event and ask if you can get 15 minutes of their time to share opinions and a drink.

Social media has a huge influence at any event, so use it to find out where the events are going to be and where the people you want to see are. Be social for a week and consider it part of the learning process. If you can’t handle the crowds, find a quiet place with a few people you don’t know yet and exchange your thoughts. There are some people who never attend any of the talks and don’t have tickets to the events; they spend their time in a bar or restaurant near a high-traffic area, calling out to friends and contacts to join them for a few minutes. But that’s a strategy for your fourth or fifth time at these conferences — probably not the first.

Work Hard, Play Hard

Another way to meet people is to volunteer to work at one of the events. Black Hat and DEF CON both make extensive use of volunteers, while BSides is an entirely volunteer organization. You’re guaranteed to meet some of the speakers and be able to attend a few talks, plus you’ll probably get a free or reduced-price ticket. Additionally, you’ll establish yourself as someone who’s interested in helping the community.

The parties at Black Hat and DEF CON are the stuff of legends, and often for good reason, but they’re something to be treated with a bit of caution. The same rules of meeting people apply. And while there’s no harm in using some social lubricant, it’s important to avoid doing anything in excess.

Try to make time to have dinner with some of the people you’ve met in a smaller group at least once during the week. Find someplace quiet where you can actually hear the person next to you rather than the DJ or band. What started as a casual meeting can be made into a friendship that may have a significant impact on your long-term career, but it means taking time away from the crowds.

The Final Word

Those who’ve never been to these famed security conferences speak of them with awe; those who’ve gone think of them with fondness, loathing or a bit of both. It’s a week that often tests your endurance, with long hours and constant movement. Ultimately, your time there will be what you make of it. While presentations and talks are valuable, it’s a value that fades quickly. There’s plenty of time to catch up on the latest trends in application security; there aren’t as many opportunities to rub elbows with the brightest minds in this field.

However, if you make an effort to meet people, experience the hallway track and try to make yourself known, there’s a value that you can carry with you, potentially for years to come. Then all you need to figure out is how to make it back again to build on what you created in previous years.

 |  |  | 
Martin McKeay
Security Advocate

More from Intelligence & Analytics
February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

December 19, 2023

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

December 14, 2023

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature