It’s coming, and there’s no avoiding it. That week in Las Vegas when security practitioners from across the globe come together to attend Black Hat, Defcon and BSides LV. We jokingly call it security summer camp, but if you set foot outside of the hotels and casinos in the heat of the day, chances are you’ll fry your brain and that lily white skin hackers, and people living in London, seem to cultivate so well. It’s probably the biggest gathering of serious security professionals, less serious security practitioners and general troublemakers from nearly every country in the world and people come to see the talks, catch up with old friends, make new friends and party. It should probably be called the security frat party, but that’d be even harder to get past bosses and accounting departments than it already is.
Personally, the social aspects of the event is why I go to conferences. Not the parties, though I drink more at these events than I would normally, but instead the meetings with friends to find out what they’ve been up to, what they’re working on and what the tides of change have brought during the previous year or so. I go to a few talks at each event, but the reality is between the podcasting and my social circles, if there’s a really good talk, I can probably arrange to talk to the speaker face to face. And in most cases, you can too, if you’re willing to put yourself out there and treat the speaker with a modicum of respect while hunting them down. Just don’t be too stalker-ish about it. Most of the people who talk at these events are approachable, especially if you buy them a drink and treat them like people.
But I do try to make a few talks every event, simply because there are still some things that are better experienced watching a person present on stage. I understand how a vulnerability works better if I can talk to the researcher, but seeing the narrative a storyteller develops, seeing the persona they project on stage is a totally different experience than talking to them once their energy level has resumed their normal steady state. And a few people in the security industry are such showmen that it’s worth seeing their talk even if you can talk to them in person later. Or maybe because of it.
In any case, here’s my short list of the talks I’m going to try to see during the week:
Black Hat, August 6th, 09:00 – CyberSecurity as Realpolitik, Dan Geer
Black Hat, August 6th, 14:15 – Government as Malware Authors, Mikko Hypponen
Black Hat, August 6th, 15:30 – Pulling Back the Curtain at Airport Security, Billy Rios
Defcon, August 8th, 14:00 – Defcon Comedy Jam – aka The Fail Panel – I’ve been helping on this one for a few years. Expect bad behavior
Defcon, August 9th, 10:00 – Mass Scanning the Internet, Graham, McMillan, Tentler
Defcon, August 9th, 12:00 – Don’t DDoS Me, Bro: Practical DDoS Defense, Self, Berrell
And one I can’t see because I’ll be headed to the airport
Defcon, August 10th 15:00 – Elevator Hacking, Ollam and Payne
I haven’t seen the BSides talk tracks yet, but I’ll update the post once I do.