Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Black Hat & DEF CON: 3 Lessons From A Newbie
Newest First  |  Oldest First  |  Threaded View
TechPorVida
50%
50%
TechPorVida,
 User Rank: Apprentice
1/21/2015 | 4:30:34 PM
Black Hat and Def Con
Good for you!  Def Con and is a must-do for me every year along with Microsoft Ignite (pka TechEd.)  I have yet to attend Black Hat.  What's holding me back? The entry fee. I invest in Ignite which is 2K.  Last time I checked Black Hat was equally as expensive.  After 30 years in technology and attending conferences the percentage of women in the industry is sadly very small. I think this would be a great opportunity for Black Hat (and others) to focus on ways to increase our numbers.

 

Def Con Tips:

Take plenty of cash. Lockpick Village and other events/vendors take cash only (as does registration.)

Get there early.  Last year I was in line at 5:30 a.m. and it took 2 hours to get to registration. They also ran out of schedules. I had to perform a "task" to get one of the few left. The task was to get a hug from anyone in less than 20 seconds. I managed but I almost didn't (shy crowd.)

Play with the gadgets.  Wear the 3-D glasses.  There are hidden messages all over the conference.  The human badge does way more than just grant you access.

Turn off your wifi and bluetooth.  Otherwise you'll end up on the Wall of Sheep.

Get your schedule figured out quickly.  Last year some lectures were so full you couldn't get in.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
9/11/2014 | 3:42:11 PM
Re: Good move for security industry to encourage newbies
Sounds like we have a plan! Any other activists in the Dark Reading community for this initiative? Raise your hand (or comment) here. 
Kerstyn Clover
50%
50%
Kerstyn Clover,
 User Rank: Moderator
9/11/2014 | 3:35:38 PM
Re: Good move for security industry to encourage newbies
I agree completely. I'm also brewing plenty of ideas of my own :) There are a lot of information security conferences out there that I'm sure a lot of people could use some help getting attending and would give a great foot in the door to the industry!
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
9/11/2014 | 3:30:36 PM
Re: Good move for security industry to encourage newbies
Maybe a good idea for a more concerted effort by Black Hat for next year (hint- hint).

Nice to hear about the crowdfunding effort from Bugcrowd, as well. (Note to self: blog about the idea to promote more of same for Black Hat 2015).

 
Kerstyn Clover
50%
50%
Kerstyn Clover,
 User Rank: Moderator
9/11/2014 | 2:27:38 PM
Re: Good move for security industry to encourage newbies
Marilyn,

As far as I know this wasn't part of a program - the first I heard about it was just Robert taking the initiative and sharing on Facebook. I think I did hear later that I guess the Black Hat board donated a couple of passes once Hoff (and maybe another person/people?) joined in and the idea caught some attention which I thought was very cool.

Edit to add: Marisa and Bugcrowd were a big help in starting a crowdfund venture for one attendee coming in from Colombia to afford airfare. Also not a formal program but a great effort!
Kerstyn Clover
100%
0%
Kerstyn Clover,
 User Rank: Moderator
9/11/2014 | 2:24:41 PM
Re: good for you Kerstyn
Hello fellow Kirsten variant! Unfortunately I have to let my mom take credit for my spelling.

 

There were definitely a few times that I escaped off to hold up a wall and take a breather from all the people. I'm pretty extroverted but there is just so much going on. I think being in Vegas for the first time by itself would be overwhelming so the added conferences was just piling more on top.

 

At least embarrassing encounters are usually funny stories later. That's what I tell myself, at least....
 :)
Krenner
50%
50%
Krenner,
 User Rank: Apprentice
9/9/2014 | 2:13:21 PM
good for you Kerstyn
Hey Kerstyn,

First of all, I love how you spell our name ;-)

Second – my first trip to DefCon I DID "[get] flustered and hide out in my hotel room?" (a little) AND "embarrass myself in front of someone that's huge in the industry" *see note below


*I literally walked up to Dark Tangent and said "you look familiar" while I was standing in his penthouse (and I was completely sober).
Haha

I'm so glad Robert did what he did. He also provided a pass for a friend of mine, an engineering entrepreneur.
And I agree, such a GREAT community. I hope I never have to do any other sort of recruiting – this is the crowd I want to stick with!

Congrats on your first tour – and your lock picking success (this was a highlight for my teenage son last year who DefCon embraced with open arms)!!

See you there next yr,

~Kirsten
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
 User Rank: Strategist
9/9/2014 | 12:13:40 PM
Good move for security industry to encourage newbies
I'm so glad to hear that the security industry is being proactive about recruiting talented young women to Black Hat. Was this part of a larger program? 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26333
PUBLISHED: 2021-09-21
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
CVE-2021-31917
PUBLISHED: 2021-09-21
A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and i...
CVE-2021-20829
PUBLISHED: 2021-09-21
Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page.
CVE-2021-20037
PUBLISHED: 2021-09-21
SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier.
CVE-2021-39229
PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...