Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Black Hat & DEF CON: 3 Lessons From A Newbie
Newest First  |  Oldest First  |  Threaded View
TechPorVida
TechPorVida,
 User Rank: Apprentice
1/21/2015 | 4:30:34 PM
Black Hat and Def Con
Good for you!  Def Con and is a must-do for me every year along with Microsoft Ignite (pka TechEd.)  I have yet to attend Black Hat.  What's holding me back? The entry fee. I invest in Ignite which is 2K.  Last time I checked Black Hat was equally as expensive.  After 30 years in technology and attending conferences the percentage of women in the industry is sadly very small. I think this would be a great opportunity for Black Hat (and others) to focus on ways to increase our numbers.

 

Def Con Tips:

Take plenty of cash. Lockpick Village and other events/vendors take cash only (as does registration.)

Get there early.  Last year I was in line at 5:30 a.m. and it took 2 hours to get to registration. They also ran out of schedules. I had to perform a "task" to get one of the few left. The task was to get a hug from anyone in less than 20 seconds. I managed but I almost didn't (shy crowd.)

Play with the gadgets.  Wear the 3-D glasses.  There are hidden messages all over the conference.  The human badge does way more than just grant you access.

Turn off your wifi and bluetooth.  Otherwise you'll end up on the Wall of Sheep.

Get your schedule figured out quickly.  Last year some lectures were so full you couldn't get in.
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
9/11/2014 | 3:42:11 PM
Re: Good move for security industry to encourage newbies
Sounds like we have a plan! Any other activists in the Dark Reading community for this initiative? Raise your hand (or comment) here. 
Kerstyn Clover
Kerstyn Clover,
 User Rank: Moderator
9/11/2014 | 3:35:38 PM
Re: Good move for security industry to encourage newbies
I agree completely. I'm also brewing plenty of ideas of my own :) There are a lot of information security conferences out there that I'm sure a lot of people could use some help getting attending and would give a great foot in the door to the industry!
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
9/11/2014 | 3:30:36 PM
Re: Good move for security industry to encourage newbies
Maybe a good idea for a more concerted effort by Black Hat for next year (hint- hint).

Nice to hear about the crowdfunding effort from Bugcrowd, as well. (Note to self: blog about the idea to promote more of same for Black Hat 2015).

 
Kerstyn Clover
Kerstyn Clover,
 User Rank: Moderator
9/11/2014 | 2:27:38 PM
Re: Good move for security industry to encourage newbies
Marilyn,

As far as I know this wasn't part of a program - the first I heard about it was just Robert taking the initiative and sharing on Facebook. I think I did hear later that I guess the Black Hat board donated a couple of passes once Hoff (and maybe another person/people?) joined in and the idea caught some attention which I thought was very cool.

Edit to add: Marisa and Bugcrowd were a big help in starting a crowdfund venture for one attendee coming in from Colombia to afford airfare. Also not a formal program but a great effort!
Kerstyn Clover
Kerstyn Clover,
 User Rank: Moderator
9/11/2014 | 2:24:41 PM
Re: good for you Kerstyn
Hello fellow Kirsten variant! Unfortunately I have to let my mom take credit for my spelling.

 

There were definitely a few times that I escaped off to hold up a wall and take a breather from all the people. I'm pretty extroverted but there is just so much going on. I think being in Vegas for the first time by itself would be overwhelming so the added conferences was just piling more on top.

 

At least embarrassing encounters are usually funny stories later. That's what I tell myself, at least....
 :)
Krenner
Krenner,
 User Rank: Apprentice
9/9/2014 | 2:13:21 PM
good for you Kerstyn
Hey Kerstyn,

First of all, I love how you spell our name ;-)

Second – my first trip to DefCon I DID "[get] flustered and hide out in my hotel room?" (a little) AND "embarrass myself in front of someone that's huge in the industry" *see note below


*I literally walked up to Dark Tangent and said "you look familiar" while I was standing in his penthouse (and I was completely sober).
Haha

I'm so glad Robert did what he did. He also provided a pass for a friend of mine, an engineering entrepreneur.
And I agree, such a GREAT community. I hope I never have to do any other sort of recruiting – this is the crowd I want to stick with!

Congrats on your first tour – and your lock picking success (this was a highlight for my teenage son last year who DefCon embraced with open arms)!!

See you there next yr,

~Kirsten
Marilyn Cohodas
Marilyn Cohodas,
 User Rank: Strategist
9/9/2014 | 12:13:40 PM
Good move for security industry to encourage newbies
I'm so glad to hear that the security industry is being proactive about recruiting talented young women to Black Hat. Was this part of a larger program? 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.