Black Hat/DEF CON week is upon us again. While many poke fun at RSAC (an issue I addressed earlier this year), the annual “Hacker Summer Camp” in Las Vegas is rapidly approaching (or eclipsing) the size of RSA while also becoming more “commercial” and “marketing-oriented” with each passing year. While the technical content at these events – in terms of talks, workshops, and demos – far exceeds any other huge event in North America, there is the ever-present and rising risk of Summer Camp turning into the 3rd Quarter information/cyber security sales and marketing conference.

Despite many cries of the “RSA-fication” of Black Hat and (to a far lesser extent) DEF CON, the events appear locked in as the “premier” information security and “hacking” events, at least in this continent. But in achieving this level of notoriety, they may find themselves undone by their very success. One of the more persistent complaints (aside from choice of venue on the Las Vegas strip) is the sheer size of these massive events, which only continue to grow larger. In crowds of thousands – or ten-thousands – the possibility of making lasting, meaningful connections within swarms of people begins to drop precipitously, while the scope for being overwhelmed and intimidated increases dramatically.

I personally share these concerns at a deep and visceral level – and I’m not merely a participant, but a content contributor to both events (to various degrees). Yet at the same time, I can think of no other event where (essentially) everyone shows up, making for a number of opportunities to catch up with peers and fellow security professionals in real life. While not a little pain and bullshit must be navigated to get to this point, in the end the rewards seem to outweigh the costs – thus making these events worthwhile moving forward.

I will definitely need an extensive “decompression” period at the end of this coming week, but am nonetheless excited to catch up with old friends, meet new ones, share some knowledge, and take in new ideas through both events. I will have a Black Hat briefings pass, and will largely spend DEF CON in the ICS Village – if you see me, please say hello. My more specific schedule is as follows:

Wednesday:

Thursday:

Friday:

Saturday:

Categories: GeneralInfosec