3 Tips to Get the Most Out of Black Hat/Defcon

CSO Senior Editor Bill Brenner has been to enough Black Hat conferences to know it can be information overload. Here he offers a few suggestions for getting the most value out of the experience.

. What's this?

By , Senior Editor

July 28, 2009CSO

I won't be going to Black Hat/Defcon in Las Vegas this year because of a scheduling conflict, but I have been to several of them over the years. Since my mission at these events has been to find the big news stories and write them fast, I know how hard it can be to cut through all the noise and zero in on what's most important.

And so, to prove I'll be there in spirit [CSO bloggers Robert McMillan, Steve Fox and Ivan Arce will be there to write about various points of interest], here's a guide to navigate the proceedings. Hopefully, it'll help attendees get the most bang out of the conference so they can leave Vegas with some knowledge that'll help them improve IT security back home.

1. Resist the drama
One of the most disappointing things about Black Hat -- for me, anyway -- is that people tend to get caught up in one big dramatic event that ends up overshadowing the rest of the schedule. As a result, the tech media in particular can spend so much time one noisy item that they miss some sessions that would be more valuable to their readers in the long run.

Exhibit A: In 2005, a lot of presentations were overshadowed by a big stink Cisco made over researcher Michael Lynn's plans to unveil a vulnerability in Cisco's routers that, if exploited, could have theoretically done serious harm to the Internet. That one controversy was practically all the tech media would focus on, and, nearly four years later, the digital underground has yet to bring down the Internet with that particular flaw.

Exhibit B: At the 2007 Defcon event, which typically takes place in a different Vegas venue after Black Hat, all else was overshadowed by the public outing of a Dateline NBC reporter who was undercover at the hacker gathering with a hidden video-camera to see if she could out an undercover federal agent at Defcon and make a story out of the perceived sinister deeds that transpire there.

That's not to say some of these items weren't worth some attention. The biggest noise last year surrounded a Domain Name System (DNS) flaw researcher Dan Kaminsky presented on. The flaw, one of the genuine big ones that galvanized a variety of vendors to collectively release software updates to fix the problem, was worth the hype because it affected one of the Internet's underlying protocols.

The key is to remember that at an event like this, the herd mentality is alive and well. Watch the stampeded from a comfortable distance, then be sure to check out some of the other sessions.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER