I've recently discovered an education budget at my current company. I've been trying to deduce the best way to spend it. Network security is a perfectly relevant subject to consider.

If you've gone, do you feel it was worth the time and money?
Have any of you been to an official Black Hat conference?
What are your experiences?
Would you just do the briefings, or spend the extra money on the training?

The speakers seem very competent and the topics for several of these classrooms seem useful. Money is not the issue. I just want to ensure I'm not wasting my time with half-assed classes, or poor presentations.


If you don't think Blackhat is the road i should be researching, what would you suggest as a alternative security conference? What other fields would you, personally, be interested in?

https://www.blackhat.com/html/bh-dc-11/registration/bh-dc-11-cfp.html

[Edited on November 18, 2010 at 10:50 AM. Reason : linkage]

11/18/2010 10:48:14 AM

that sounds interesting. whether it's worth it or not depends on your field and your role with the company, but in general the topic sounds pretty cool. any particular reason you chose blackhat instead of whitehat?

11/18/2010 10:52:43 AM

I havent done a lot of research into any whitehat conferences, but my line of thinking tells me that i'd learn more in a group of accomplished black hat bad-asses than i would in a white hat conference with a bunch of guys that don't ever cross "that" line.

11/18/2010 11:04:41 AM

The topics are relevant to the job duties I have. The only things that don't apply are database topics and applications development.

11/18/2010 11:17:15 AM

i wouldn't necessarily expect a blackhatter to be that much more knowledgeable than a whitehatter, except perhaps at the very forefront of the field. and if you're dealing with people who are willing to cross "that" line, they're probably a douchebag anyways

11/18/2010 11:28:32 AM

cool, never heard of that. let me know how it goes.

11/18/2010 11:28:55 AM

I'm really just trying to avoid spending the money on certification boot camps or a library full of books.

11/18/2010 11:48:41 AM

I've been twice- wouldn't go again. That said, I don't find many conferences terribly valuable aside from the social/fraternizing aspect of them.

11/19/2010 3:04:18 AM

omg install firesheep and hax teh plan3t!!1!

11/19/2010 5:59:14 AM

My dad is in network security and gets a lot out of the monthly organization meetings he attends, mainly from talking to the other members. I want to say its ISSA.

11/19/2010 11:16:24 PM

I've heard from people that went to BlackHat that it was awesome. Of course, they're into that sort of thing.

11/20/2010 7:52:06 AM

black hat/defcon is a hacker party. you aren't going to learn a whole lot with direct application at your job but you'll have fun. if databases aren't relevant, then you probably aren't securing anything web facing and if application dev isn't a concern, you aren't really dealing with code that hasn't been reviewed. you really /aren't/ the target demographic of the conference but that's not to say you can't have fun on the company's dime there.

11/20/2010 8:19:10 AM

Quote :

"I've heard from people that went to BlackHat that it was awesome."

Quote :

"I don't find many conferences terribly valuable aside from the social/fraternizing aspect of them."

11/20/2010 7:50:10 PM

Quote :

"If you've gone, do you feel it was worth the time and money? Have any of you been to an official Black Hat conference? What are your experiences? Would you just do the briefings, or spend the extra money on the training?"

I've been once (last year in Vegas) and I thought it was well worth the time and money. I attended one of the pre-conference trainings which was extremely informative and taught by someone who knew what he was talking about and wasn't just reading through slides. As luck would have it, the week I returned to work, I ended up using that new knowledge.

Quote :

"I just want to ensure I'm not wasting my time with half-assed classes, or poor presentations."

The class I attended and the separate class my co-worker attended were far from half-assed. Most of the presentations were given by the guys doing the research (who aren't typically professional speakers) but were done well.

Quote :

"black hat/defcon is a hacker party. you aren't going to learn a whole lot with direct application at your job but you'll have fun."

It depends I guess. There are plenty of people that attend BlackHat/DefCon for the parties and don't get much else out of them - it just depends on the applicability to your job and what you chose to do with your time. There were a number of talks that did have direct applicability to my job, and many of those that didn't gave me some ideas on different approaches I could take in looking at things.

My advice would be to pull up some of the slides from previous BlackHat conferences to see if they are along the lines of what you are looking for as far as general topics, depth of content, etc.

11/21/2010 11:19:49 AM

Quote :

"BlackHat/DefCon"

Just want to throw out there- I can consider blackhat and defcon VERY different conferences. Granted the last time I went was several years ago, blackhat was much more formal consisting primarily of lengthy classroom/forum sessions with broad topics, while defcon was more focused towards short 30-45 minutes presentations on very specific topics.

Blackhat was primarily composed of security industry professionals and researchers, but very few script kiddies.

A lot of this is probably self-sustaining due to the reputation of the conferences, as well as the difference in registration costs (iirc, you were offered free admission to defcon if you went to blackhat, as it was ~10x the cost).

11/21/2010 7:15:58 PM

^ they still are very different conferences - I was just saying that you can get a lot out of both if you can still see straight

11/21/2010 8:21:46 PM

^agreed. defcon definitely turns into hotel parties every night, which gets pretty dangerous

11/21/2010 8:31:56 PM