I was curious if you could suggest other security conferences that either you have attended or have heard are better than average?
It seems as though everyone and their brother sponsor some sort of security conference and it is difficult to tell how educational they will be just by reading the website.
Perhaps you could provide some insight into how you determine which conferences you would actually pay to attend? Thanks!
Great question. The answer that follows is just my opinion, and I'm sure others feel differently. For me, I like these conferences:
- Black Hat offers the best combination of training plus briefings per unit time, on a consistent basis. In other words, I believe attendees will learn more in two days of Black Hat Training plus two days of Black Hat Briefings compared to any alternatives, every year. The content is uniformly high, regardless of whether you attend in DC, Barcelona, Las Vegas, Tokyo, or Abu Dhabi. This is why I will be teaching two TCP/IP Weapons School 3.0 classes this summer and staying for the two days of Briefings that follow.
- My next favorite event is probably the SANS What Works in Forensics and Incident Response Summit organized each year by Rob Lee. His Summit connects me with the sorts of people who do the same work that I do. The event is a mix of panels and briefings by interesting people.
- In terms of value per dollar spent, you can't beat Security B-Sides. Why is that? Well, your travel cost will likely be almost nothing, since B-Sides events happen all over the world. Registration is free. Content quality is mixed, but when you throw a lot of local security people into a room in a non-traditional format, the output is surprisingly good!
- If you want more of an academic approach, I recommend any of the USENIX conferences. They are also a mix of training, "Refereed Papers" (see what I mean), and Invited Talks. I tend to see more college students talking about "solutions" more or less detached from the real world, but the diversity of specialized events means you're likely to find something of value that meets your direct needs, especially regarding system administration. After a multi-year break, I'm returning to teach TCP/IP Weapons School 3.0 in San Francisco at USENIX Security in August.
- Returning to the incident response world, you might also like FIRST conferences. I think every CIRT should become a FIRST member, and attending a conference or other FIRST event every other year or so is a nice way to stay in touch with a very globalized security community.
- If you qualify to attend, you might also enjoy the DoD Cybercrime or GFIRST conferences. As you can tell they cater to the .gov and .mil communities, but their focus tends to involve more interesting problem sets.
- I should also give CanSecWest an honorable mention, although it's been years since I've attended. I could say the same for BSDCan and ShmooCon.
Speaking of Shmoo, the logistics are the main reason I stopped going. At least with my old job, it was a hassle to commute to DC for only a Friday evening, then again for a full day Saturday, and again for only a few hours on Sunday morning. I don't like weekend events since I'd rather spend the time with my family, and the ratio of travel-to-conference for Friday evening and Sunday morning was just too high!
Regarding how I pick conferences, I primarily want to learn something and see people whom I may not have seen recently. I prefer to avoid any conferences where keynotes are given to sponsors based on their sponsorship alone. I also try to attend conferences where I expect new material to be presented.
What conferences do you like to attend, and why?