NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > InfoSec News> 2012-q3

[ISN] Black Hat, DefCon and B-Sides survival guide, 2012

From: InfoSec News (alertsinfosecnews.org)
Date: Wed Jul 11 2012 - 02:27:34 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://blogs.csoonline.com/security-leadership/2252/black-hat-defcon-and-b-sides-survival-guide-2012

By Bill Brenner
Salted Hash
CSO.com
July 10, 2012

In two weeks a lot of us will head to Las Vegas for Black Hat, DefCon or
BSidesLV. Having been to many Black Hat and B-Sides events, along with
countless other events in the last eight years, I've learned plenty
about how to get the most from the experience. And so, for the
first-time attendee, I offer the following survival tips:

Don't let the noise get to you

Black Hat in particular is a noisy event. The vendors, in an effort to
really fit in with the attitude of the conference, come up with all
kinds of theatrics. One year, a guy was dressed up as a "Mad Russian"
hacker mastermind. His attire was a cross between Captain Caveman,
Charles Manson and Rasputin. I don't remember the vendor he worked for.
I also remember that between sessions, it's hard to move around as
people mingle in the middle of crowds rushing from one talk to the next.

The talks themselves are often surrounded by drama, though that part has
calmed down in the last couple of years. Sometimes a vendor will try to
stop a talk about exploits for a vulnerability in their products.
Lawyers are brought in and a mess ensues. This happened in 2005, when
Cisco moved to squash a talk by then-ISS researcher Michael Lynn on an
exploitable issue with Cisco's IOS router operating system. The move
proved to be a waste of time for Cisco, since the story got out anyway.
But what was worse, in my opinion, was that a lot of good talks went
unreported in the media because everyone was too busy chasing the hype
over this one talk.

My advice here is to remember what you do in your day-to-day job, find
the talks that most closely address the challenges you want to overcome
and don't let drama and noise divert you from the plan.

[...]

--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]