Shostack + Friends Blog


Maximizing the Value of Virtual Security Conferences

A few tips on getting the most out of attending a virtual security conference.

Nathan Hamiel has a really good post on Maximizing The Value of Virtual Security Conferences. To his key point of 'know what you want to get out of it' and 'know what it would take to make it happen,' I want to add two ideas.

First, take notes with a pen and paper. This is a key lesson for me as I deliver training through computers. Having a pen and paper means that I have to take effort to switch, and I've even taken to physically moving my keyboard across the office so I have to stand up to get it. Transcribing your notes into something like a trip report gives you an additional chance to focus on what you and your organization get out of it.

Second, choose your conference based on what you want to get out of it. If you want cutting edge research, Black Hat is great, as is Usenix Enigma or some of the more academic conferences like IEEE S&P. If you want a small intimate event where you have a chance to socialize with a smaller group, a smaller event might be better. You're trading the chance to see the latest work as its unveiled for a smaller group, often focused on a sub-discipline or a community. (You'll also find a lot of #blackhat channels on slacks and discords in addition to the formal conference site.)

Lastly, I want to mention Dan Cuthbert's "Blackhat USA - The Virtual Edition. He's done a great job of rounding up interesting talks, although I'm particularly looking forward to Matt Wixey's "Breaking Brains, Solving Problems: Lessons Learned from Two Years of Setting Puzzles and Riddles for InfoSec Professionals and Ron Bitton's A Framework for Evaluating and Patching the Human Factor in Cybersecurity. I was skeptical of both talks when I saw the titles, but the details sold me, and I'm glad we accepted each.