With Hacker Summer Camp starting in just days, I thought this would be a good time to share my tips for making the most of infosec conferences. Whether it’s Black Hat, DEF CON, or your local BSides, infosec cons are an awesome way to meet people and learn, and that can be crucial to your career advancement. I know big cons like “Hacker Summer Camp” can be overwhelming, especially if it’s your first time attending, so I wanted to share some advice for what has helped me in the past.
1. Drink water and eat food. I know this sounds ridiculous — you’re an adult — but it’s amazing how quickly you forget to do this. You eat breakfast around 9 a.m., have a great conversation with someone, start doing a CTF (you don’t want to leave because you’re having so much fun), then there’s a talk you want to catch, then you make a new friend who invites you to a party that just has drinks and some cheese and crackers. You can see how this is a recipe for feeling pretty crappy. So, keep a water bottle with you and fill it up whenever you see a water fountain/cooler, and keep snacks in your bag for those times when you don’t want to leave the con. You can also suggest grabbing a meal with people you want to hang out with so you don’t have to feel like you’re missing out on the fun by stopping to eat.
2. Hand out business cards. A couple people make fun of me for handing out business cards because it’s “old school,” but I think they’re a great way to help people remember you. I meet hundreds of people in Vegas, and having a card helps trigger my memory at the end of the week. I’ve noticed quite a few people (yes, mostly men) who hand out their card to almost everyone they meet, which has made me more assertive in handing mine out. I often do this as a conversation is wrapping up with a simple “Please feel free to reach out in the future if I can help with anything” — this makes it more about you helping them, which feels natural to me. I also ask people for business cards, keep them in my bag, and then…this is key…after the con ends, I connect with everyone on LinkedIn with a short note of where I met them and what we talked about. This has been useful to me in the past when people lose my card but message me on LinkedIn later.
If someone doesn’t have a business card, ask if they’re on Twitter or LinkedIn and if you can connect with them. Also, be aware that BSidesLV, Black Hat, DEF CON, the Diana Initiative, Queercon, and other events all have very different cultures. People at some events may be more privacy-conscious and not want to share their names. Try to gauge the person before you ask for a name/other info — you’re likely not going to want to ask someone at DEF CON who has only referred to themselves by their hacker handle for a card (though maybe they have a cool one!). As long as you’re polite and not overly intrusive when you ask someone about themselves, you should be fine.
If you don’t have business cards, no worries, you can get them for next time. Sites like VistaPrint often have deals where you can get a bunch of cards very cheaply.
3. Pack your bag smartly. Here’s my usual con stuff I carry around with me: phones/iPad/laptop (with Wifi and Bluetooth turned off, using a VPN), water bottle, Lara bar/protein bar/nuts/snacks (extras for your colleagues if you’re nice), business cards (more than you think you need), hand sanitizer (avoid con crud!), mints/gum, ATT&CK stickers (or $CoolStickersOfChoice), sweater/sweatshirt, cell battery pack (I like this one), small notebook/pen, painkillers/meds, “lean” wallet (just ID and minimal credit cards cards/cash in the unlikely event your bag gets lost/stolen…it’s also wise to keep backup funds in my hotel room), and umbrella. Extra cash is always a good idea, especially if you have to buy a DEF CON ticket. Most people avoid using the ATMs at the cons (though I’d argue hotel security is probably going to have issues if someone tries to hack an ATM and would take care of that quickly).
When I’m traveling, I pack a travel backpack/daypack like this one in my suitcase. I grab my con swag bag the first day, then ditch it in my hotel room. I prefer my own bag so I can tell it apart from the thousands of other identical con bags, but do what works for you.
4. Take time to recharge. I enjoy talking to people, but it tires me out quite a bit. What I’ve learned to do is to spend daytime at the con, then go back to my room around 4–6 p.m. for a recharge (of both myself and my phone) and a power nap if I need it. By doing this I feel a lot better heading into evening events. If I skip my “me time,” I tend to be disinterested in the evening and just want to go to bed at 8 p.m. (which is okay too). Take time for yourself throughout the week so you don’t burn out the first day from “too much con.” I also try to limit my time on the expo floor because it’s sensory overload for me. It’s easy to get FOMO, but make sure you take care of yourself — this includes getting some sleep!
5. Connect with people. I recently attended a women’s leadership event that encouraged us to think about connecting, not networking. Networking seems so stressful and forced, but connecting is just about chatting with someone to form a relationship that’s mutually beneficial. Remember that you have something to offer other people. It can be nerve-wracking to talk to people you don’t know, but it’s worth it. One thing that can help is to have a few “con buddies” you hang around with — it’s much easier to meet new people when you have a “wingman” to chat with if you aren’t feeling brave.
I like to connect with people in ways that feel natural to me — like chatting while waiting in line, commenting on the beer selection at the bar, or asking if I can stand at their table so I don’t have to balance my plate o’ cheese and crackers. Last year, I even met an awesome woman in the bathroom at Black Hat!
If you’re newer, feel free to ask questions, especially at Villages and places like soldering stations. Many people, especially organizers, will be happy to explain how to do something. While you do this, though, be conscious of the situation and if it’s polite to ask questions at that time — for example, if someone is intently focusing on a CTF in the final minutes, maybe don’t ask them, but if organizers are walking around and talking to people, you could talk to them instead.
6. Take a risk to reach out to someone. A lot of people in the industry attend these cons. If there’s someone you’ve always wanted to meet or have interacted with on social media, take a chance and reach out! Many people post on social media that they’ll be at a con. Politely say that you’d like to meet for X reason and if they might be free for a few minutes at some point. You never know what the response will be. If they can’t meet, no worries, but at least you’ve tried. I’ve met some great people by doing this. For example, last year at RSA Nick Carr tweeted that he was happy to chat with people so I sent him a DM asking if he wanted to meet up — I wasn’t sure if he would reply, but he did and we ended up having a great conversation. Infosec people you know from social media are just normal people, so don’t be afraid to reach out (while not getting upset if the meet-up doesn’t happen…it’s a busy week).
7. Be security-conscious, but not overly paranoid. Yes, there are hackers at these cons. Yes, you should be careful. No, you don’t need to let it ruin your week. Use a VPN (like Algo) on all your devices and consider using Signal on your phone for text messages. Turn off your Bluetooth and WiFi. There’s always a lot of debate and discussion on whether you need a burner phone or laptop, but I personally don’t feel most people do (and most people don’t have $$$ to burn on burners). Some people use them, though.
Think about your physical security as well. There were reports of hotel employees entering rooms last year, so if you hear a knock, check who it is and call the front desk to verify if it is indeed hotel security. Also, use common sense and take steps to make sure you’re safe. Get your drinks directly from bartenders, have friends watch your drink (or take it to the bathroom if you need to), and make sure people know where you are. If you don’t feel safe, contact the con organizers and they can help you.
8. Dress for success. Above all, wear what makes you happy, whether it’s ripped-up jeans, a ball gown, a black T-shirt, or a tinfoil hat. (You’ll likely see all of these at some point!) Personally, during the day at all the cons I wear jeans, sneakers, and T-shirts, and most people wear the same. Black T-shirts are all the rage, but you don’t have to wear just black. :) I highly recommend wearing comfortable, broken-in shoes wherever you go — unless you’re an expert at walking in heels, it’s probably going to go badly for you because there is a LOT of walking (the Mandalay Bay Convention Center is about a 10 minute walk from the rest of the hotel/casino). For Black Hat receptions in the evenings, I’ve found something a little nicer than jeans/sneakers makes me feel more comfortable (whatever that means to you…black pants, khakis, a sundress, sandals, etc.), but you’ll always see people in jeans and sneakers. For women, you don’t need to do full “Vegas club” attire at night, but you can if you want, especially for parties like Rapid 7.
9. Plan your approach. There are lots of options for what to do in Vegas! You can attend talks, hang out on the Strip, talk to people, go to parties, do CTFs, gamble, go to a show…everyone has different ideas of what they enjoy, so find what makes you happy and do that! (Of course, sometimes your employer will have ideas on what you should do that may limit this. :)) One piece of advice I’ve found useful is to prioritize talking to people over going to talks — many talks are recorded and you can watch them later, but you won’t always have the chance to have a great conversation.
Weeks ago, I started creating a calendar of all the parties, meetings, and events I have going on for the week, and it’s a life-saver for me. If you do a little research to make a list of talks you want to attend, booths you want to visit, and people you want to connect with, it helps you stay organized and prioritize during a very busy couple days. Reading the con websites will help you get a sense of what you might want to do during your precious time there — but at the same time, be flexible and realize that your plans might change. Leave room for some spontaneous fun!
10. Ignore the haters. Most people at these cons are great — they’re interesting, passionate about infosec, helpful to newbies — but obviously, not everyone is that way. If you encounter someone who is rude or dismissive, don’t let it get you down — move on to someone else! There are plenty of people who want to talk to you, so ignore those who don’t.
If you’re looking for more tips, check out this post from Rick Holland and this one from Kathleen Smith. There are tons of other posts out there with DEF CON-specific guidance as well. If you’ll be in Vegas, I hope you have a great week! If you see me in passing, please stop me to say hi. In closing…if you do nothing else, just don’t forget to drink water.
The author’s affiliation with The MITRE Corporation is provided for identification purposes only and is not intended to convey or imply MITRE’s concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author.