informa
Commentary

Black Hat & DEF CON: 3 Lessons From A Newbie

Security conferences are a lot like metal concerts: Your parents are terrified you're going to die because everyone looks scary, but 98 percent of attendees are really nice people who want to help you learn.

I was lucky enough to receive one of several free passes to the recent Black Hat 2014 in Las Vegas from WhiteHat Security’s Robert Hansen (@rsnake) and Juniper Network’s Christofer Hoff (@beaker). The passes were distributed to young women like me who are new to the industry and have never had the opportunity to attend the storied annual event in the gambling capital of the world.

It was a whirlwind week that included DEF CON 22 -- because, after all, what is a trip to Black Hat without attending DEF CON? Here are a few things I learned.

Curiosity trumps fear
Believe it or not, there were many points before the show when I nearly surrendered my pass to allow someone more experienced or qualified to take my place. As I connected with the many amazing people who told me about the conferences and helped me attend, I started poring over forums and blogs trying to prepare myself for what on earth I was getting into.

What if I got flustered and hid out in my hotel room? What if I embarrassed myself in front of someone that's huge in the industry? I'd be a pariah forever! More than that, I grew concerned by the sheer number of jokes about deodorant and the lack thereof (at DEF CON more so than Black Hat).

The trip was overwhelming and in more ways than I could have wildly imagined -- even after all my research -- but in a great way. It took me days to sort through all of my new contacts, and I'm still reconnecting with people. There were more demonstrations, trainings, seminars, and talks than I think I could process in a year. Most importantly, the atmosphere was one of encouragement. My questions received helpful and enthusiastic answers rather than the laughter or criticism I so feared.

Pay it forward
I always hear people say "pay it forward." That implies being given something before you actually have something that you can pass on to someone else. Obviously, this was the sentiment shared by the many people who helped me (a total stranger) by funding my travel, sharing rooms, and providing free passes to the event.

In the same vein, I think the biggest smile I had on my face the entire week was about 10 minutes after I picked my very first lock with help from the Lockpick Village at DEF CON. There was a young girl hovering over my shoulder while I worked, and I offered her and her friend the loaner tools and what little knowledge I had just picked up.

All three of us were thrilled when one of them first popped a lock. That, to me, was the perfect example of overcoming the mindset that has held me back in the past: If I try to take the lead, people are going to find out I don't know what I'm doing! I now know that “faking” confidence, plus a cool demeanor, will get you far -- and eventually you will stop feeling like you are faking and start believing in your ability.

InfoSec rocks!
The third lesson is that this community is amazing. After my trip I've decided that security conferences like Black Hat and DEF CON are a lot like metal concerts: Your parents are terrified you're going to die because everyone looks scary. But 98 percent of the attendees are just really nice people (some with mohawks) ready to pick you up and dust you off if you fall or get knocked down.

Recommended Reading: