304 North Cardinal St.
Dorchester Center, MA 02124
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
304 North Cardinal St.
Dorchester Center, MA 02124
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
If you’ve never been to any cyber security conferences, then hopefully this can convince you!
If you’ve never been to any cyber security conferences, then I cannot recommend them enough. While larger ones like DEF CON and DerbyCon (RIP) are great, you can even start with your local BSides. Not only are security conferences a great way to learn new tools and techniques, but they can also be so much more.
Conferences allow you to connect in person, see some talks, and learn what the community is all about.
Most cons should have something for everyone: talks and presentations, job fairs and networking, parties, or everything in between.
And, if you like CTFs, then conferences usually have at least one that you can win some AWESOME prizes at.
Honestly, I think anyone with the opportunity should go to a security conference!
If you are in a security-related role, then the reasons for hacker cons should be fairly obvious.
That said, I think people in non-security-related technical roles have almost the same reasons, if not more, as security professionals.
Even non-technical people can learn a lot at conferences and might enjoy seeing a different type of con than what they are used to.
I’ll cover some more reasons to attend below, but believe me that you don’t have to be a hacker to enjoy yourself at a cyber security conference!
While it will vary from conference to conference, I’ll try to cover what you can usually expect.
First, if you are traveling to a conference, there will usually be a hotel nearby (if it isn’t being held at one). I’d recommend at least looking into this hotel, as it can usually be cheaper and/or more convenient.
As far as the hotel is concerned, I wouldn’t leave any valuables in it where possible. While this is generally good advice, I’d say it goes double for conferences. Between hotel staff performing room checks, as well as possible threat actors, it’s a good idea. While hotel safes are decent storage, don’t forget that staff can unlock these if they have to/want to.
Regarding hotel or con internet, you can use it, but be safe. Don’t visit anything over HTTP, and try not to use anything important during your time there. I also recommend some form of VPN (I personally use NordVPN on my machines, so that’s what I’d recommend) for privacy and security.
When it comes to badges or entry, these will also vary from con to con. That said, most cons have an entry fee (I’ve seen $20 up to $300) that covers your entrance to the entire event, occasionally food, and any local side-events or parties.
You might have to pre-register or stand in a line for these badges, especially if it is a larger conference.
If the conference provides food or beverages, expect there to be a line. I’d try to beat the crowds to these or go off on your own for some of the local fares. When I am at events like this, I like to buy my own drinks and snacks so that I don’t have to worry about it. Picking up some coffee, protein bars, soda, jerky, etc. for your bag or room will keep the hanger away.
Also, don’t be surprised if you are tired, sore, or hungry/tired during your conference days. You’ll be on your feet, moving around, talking, and possibly drinking alcohol more than usual. Try to stay ahead of these and stay hydrated along with a decent night’s sleep.
Other than that, expect to have a good time, and to take in as much as possible. Don’t go in without too many expectations, and be willing to change your plans/feelings on the fly!
There are actually no specific dates for InfoSec cons, as they happen year-round.
That said, I’ve noticed that more cons occur in the summer months, as opposed to the winter months.
If you are interested in BSidesLV, Black Hat, or DEF CON, then these all occur in the summer months, usually early to mid-August.
For a larger list of specific dates, check out https://infosec-conferences.com/. While they might not have every conference, it’s a great place to get started.
I also recommend joining your local security meet-up groups and Twitter. This will help you figure out where and when your local cons, for example BSides RDU, are happening.
As you may have guessed, you can find an information security conference at most small to medium-sized locations!
That said, there are likely more cons in the United States, and that is what I’m most familiar with.
If you are local to the Triangle, then definitely head to BSides RDU.
Last, but not least, don’t neglect your local or smaller conferences. They are easier to find, might have people you know, and are usually much cheaper to attend!
I’d say one of the biggest reasons to attend a security conference is the learning, at least for me.
Obviously, as an attacker, there are plenty of new TTPs that you can learn at a conference.
Not only can defenders learn about new attacking techniques, but there are plenty of talks for the Blue Team at most conferences nowadays.
For anyone in a non-security technical field, there is still plenty of opportunity for learning. You can increase your security awareness, and think of ways to defend the products, systems, or services that you are in charge of at your organization.
Finally, for non-technical people, you may still have the chance to learn. This will vary from conference to conference, but many hacking cons will have entry-level talks for users of all experience levels. Even if you don’t understand everything in a talk, you can pick up a lot about security awareness and protecting yourself on the internet.
These points only cover the learning aspects of conferences as well! They are still a great place to find a job, play with some cool gadgets you may never see again, or just party with some interesting hackers.
Plus, if you’re really lucky, you might just find your favorite conference ever, like DerbyCon.
Even if this isn’t your first security con, hopefully, these tips can help you make the best of your time there.
First of all, listen to the conference staff. They are not only there to help you out, but also to keep you as safe and entertained as possible.
In the same vein, try to follow the 3-2-1 rule; three hours of sleep, two or more meals per day, and one or more showers per day!
You should try to bring at least some of the following things so that you don’t feel unprepared.
When you are going out to eat or drink, make sure to double-check your bills. While this is good travel advice in general, people might think it’s funny to charge your room/table for something that they ordered.
If you have never been to a security conference before, then I recommend spending most of your time going to talks. You can also visit villages or side events, but talks are the main draw at these events.
After your first few visits or conferences, you can definitely mix it up.
For bigger cons, if you want to see talks, then plan ahead. If you are trying to watch a very popular talk, you’ll want to be in line during the talk before it. Sometimes you can stay in the room for the next talk though, which is always nice.
Also, if you miss a talk that you really wanted to see, then they will usually be online.
Other than the talks, if the conference has them, then definitely check out the villages and side events. These will be a ton of fun and not something that you can catch up on after the conference has ended.
Finally, if you want to ask a speaker questions, then DO IT! They are as excited to talk to people about their work as you are, and love sharing knowledge. That said, if you are going to take up a lot of their time, maybe try doing it over dinner/drinks instead of outside of the conference hall.
Last, but not least, I wanted to circle back to protecting your devices and information at hacker conferences.
First, only charge your devices using a direct power plug, don’t connect to any random USB outlets/cables that you find.
Next, be sure to turn off Bluetooth and wireless if you don’t need them. People have been known to set up fake mobile networks, and your traffic could be intercepted due to that.
On that note, be sure to take the following precautions, in case you do end up on a malicious network. Note: The smaller the conference, the less likely you are to have to worry about these things. That said, it’s good advice in general if you want to be as protected as possible.
Finally, consider a VPN service that you either pay for or set up yourself. This will give you an extra layer of security, and prevent some of these man-in-the-middle attacks.
I personally use NordVPN on my machines, so that’s what I’d recommend for privacy and security.
If this massive post about cyber security conferences wasn’t enough, then here are a few more links.
Or, if you prefer a video, why not watch the DEFCON Documentary?
If you still don’t want to go to a cyber security conference, then I don’t know what I can do to convince you.
I have personally met friends I still have to this day, and have been offered jobs at cons.
Beyond that, once you get the con bug, you might even end up speaking at one!
Let me know in the comments what your favorite conference is, or if you are planning on going to your first con soon.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.