Security Conference Recommendations
After my post Bejtlich Teaching at USENIX Security in San Francisco 8-9 Aug a reader asked the following:
Richard,
I was curious if you could suggest other security conferences that either you have attended or have heard are better than average?
It seems as though everyone and their brother sponsor some sort of security conference and it is difficult to tell how educational they will be just by reading the website.
Perhaps you could provide some insight into how you determine which conferences you would actually pay to attend? Thanks!
Great question. The answer that follows is just my opinion, and I'm sure others feel differently. For me, I like these conferences:
Regarding how I pick conferences, I primarily want to learn something and see people whom I may not have seen recently. I prefer to avoid any conferences where keynotes are given to sponsors based on their sponsorship alone. I also try to attend conferences where I expect new material to be presented.
What conferences do you like to attend, and why?
Tweet
Richard,
I was curious if you could suggest other security conferences that either you have attended or have heard are better than average?
It seems as though everyone and their brother sponsor some sort of security conference and it is difficult to tell how educational they will be just by reading the website.
Perhaps you could provide some insight into how you determine which conferences you would actually pay to attend? Thanks!
Great question. The answer that follows is just my opinion, and I'm sure others feel differently. For me, I like these conferences:
- Black Hat offers the best combination of training plus briefings per unit time, on a consistent basis. In other words, I believe attendees will learn more in two days of Black Hat Training plus two days of Black Hat Briefings compared to any alternatives, every year. The content is uniformly high, regardless of whether you attend in DC, Barcelona, Las Vegas, Tokyo, or Abu Dhabi. This is why I will be teaching two TCP/IP Weapons School 3.0 classes this summer and staying for the two days of Briefings that follow.
- My next favorite event is probably the SANS What Works in Forensics and Incident Response Summit organized each year by Rob Lee. His Summit connects me with the sorts of people who do the same work that I do. The event is a mix of panels and briefings by interesting people.
- In terms of value per dollar spent, you can't beat Security B-Sides. Why is that? Well, your travel cost will likely be almost nothing, since B-Sides events happen all over the world. Registration is free. Content quality is mixed, but when you throw a lot of local security people into a room in a non-traditional format, the output is surprisingly good!
- If you want more of an academic approach, I recommend any of the USENIX conferences. They are also a mix of training, "Refereed Papers" (see what I mean), and Invited Talks. I tend to see more college students talking about "solutions" more or less detached from the real world, but the diversity of specialized events means you're likely to find something of value that meets your direct needs, especially regarding system administration. After a multi-year break, I'm returning to teach TCP/IP Weapons School 3.0 in San Francisco at USENIX Security in August.
- Returning to the incident response world, you might also like FIRST conferences. I think every CIRT should become a FIRST member, and attending a conference or other FIRST event every other year or so is a nice way to stay in touch with a very globalized security community.
- If you qualify to attend, you might also enjoy the DoD Cybercrime or GFIRST conferences. As you can tell they cater to the .gov and .mil communities, but their focus tends to involve more interesting problem sets.
- I should also give CanSecWest an honorable mention, although it's been years since I've attended. I could say the same for BSDCan and ShmooCon.
Speaking of Shmoo, the logistics are the main reason I stopped going. At least with my old job, it was a hassle to commute to DC for only a Friday evening, then again for a full day Saturday, and again for only a few hours on Sunday morning. I don't like weekend events since I'd rather spend the time with my family, and the ratio of travel-to-conference for Friday evening and Sunday morning was just too high!
Regarding how I pick conferences, I primarily want to learn something and see people whom I may not have seen recently. I prefer to avoid any conferences where keynotes are given to sponsors based on their sponsorship alone. I also try to attend conferences where I expect new material to be presented.
What conferences do you like to attend, and why?
Tweet
Comments
The sheer volume of people attending both BH and Defcon can make it hard to get the most out of these conferences but I agree they generally have great content and Defon has an entire layer of other activities (contests, niche spaces for wireless, lock picking, hardware hacking, etc) that offer a potentially more educational experience through hands on access.
100% agree with Richard about Security BSides. This is the 3rd year for BSidesLV but the past 2 years has seen an explosion of localized BSides events throughout the US and now several other countries. You can't beat the cost of attendance (free, as in beer) and the format encourages audience participation via conversation. They also encourage speakers to present on topics too risky for the larger cons like BlackHat or RSA.
Another conference to consider this year is DerbyCon. It's their first year but the speaker line up is on par with other popular cons and they're also offering classes.
Shmoocon has been great the past 4-5 years. I find it's best to stay in the same hotel as the con though. I think the Shmoo group refused to pay a Norse god at some point and has earned epic snow the past 2 years.
I'm fortunate my company is paying for BH training this year so I'll be in Richard's Aug 1-2 class. Very much looking forward to the class and the Defcon Network Forensics contest at the end of that week.