Why Do I Attend BlackHat?

This post is a response to Alan Shimel's Topic of Interest #2 for the Security Bloggers Network. So what motivates me to attend BlackHat? The #1 reason for me is networking -- meeting new people and catching up with old friends and colleagues. Despite our best intentions, we are all busy and our networks are constantly expanding, making it increasingly difficult to stay in touch with old friends in the industry. Twitter and other forms of microblogging help you chip away at the communication gaps; you get a glimpse into peoples' lives but it's no replacement for a real conversation. Obviously, the briefings themselves are a major draw. Even though it's expanded to over 10 tracks now, the quality hasn't suffered much. This year's experiment with allowing paid delegates to vote on speakers seems to have produced a good lineup, though I'm sure there was still a selection committee that could and probably did overrule the votes in some cases. Either way, BlackHat presentations are a decent indicator of the overarching themes that will be prevalent in information security for the upcoming year or two. When I first started attending BlackHat, I was drawn to the talks discussing 0-day vulnerabilities, tool releases, shellcode tricks, and the like. These days, anything relating to static analysis, automation, and of course web security are most interesting to me. I also consider who's speaking, regardless of the topic (e.g. one of these guys presents, I'm there). In general, I'll try to gauge how much value the speaker will add to the presentation -- in other words, what do I gain by attending the talk vs. flipping through the slides later? I never attend every time slot; sometimes the hallway conversation is just more interesting. Some of my other reasons for attending, in no particular order, most of which fall under the "networking" umbrella:

The parties (duh)
The Pwnie Awards
Meeting fellow security bloggers
Recruiting speakers for SOURCE
Finding future Veracode employees
Trading war stories
Picking up vendor schwag for my kids (RSA is much better for this one)
Meeting current and former customers -- and future ones, hopefully

Things I could do without:

The cigarette smoke
The heat
Quark's

I've stuck around for DEFCON a couple times in the past, but I don't anymore. I fly out Friday morning or early afternoon so I get home in time to spend the weekend with the family. Personally, three days in Vegas is plenty for me. When it gets closer to BlackHat time, I'll post my picks from the briefings schedule.

By Chris Eng

Chris Eng is Chief Research Officer at Veracode. A founding member of the Veracode team, he is responsible for all research initiatives including applied research and product security, as well as advising on product strategy and M&A. Chris is a frequent speaker at industry conferences and serves on the review board for Black Hat USA. He is also a charter member of MITRE's CWE/CAPEC Board. Bloomberg, Fox Business, CBS, and other prominent media outlets have featured Chris in their coverage. Previously, Chris was technical director at Symantec (formerly @stake) and an engineer at the National Security Agency. Chris holds a B.S. in Electrical Engineering and Computer Science from the University of California.

Why Do I Attend BlackHat?

FREE Security Tutorials from Veracode

Veracode Security Solutions

Veracode Data Security Resources

Related Posts

Enhancing Developer Efficiency With AI-Powered Remediation

Speed vs Security: Striking the Right Balance in Software Development with AI

Veracode Advances Cloud-Native Application Security with Longbow Acquisition