A Beginner’s Guide to BlackHat!
A wrap on #BlackHat2023 means…getting in gear for #BlackHat2024. To my non cyber folk, Black Hat, nicknamed “Hacker Summer camp”, is perhaps the most popular cyber conference, bringing thousands of professionals and hackers a like to Las Vegas every August. In my inaugural year, many things went right, more went wrong, all were fun and at the very least funny 🤪. But what happens in Vegas doesn’t have to stay there—If you’re a young person in cyber, cyber-curious or curious period here are my four main takeaways:
1. The best learning happens out of session.
Some Black Hat talks are interesting (I particularly loved Microsoft’s Ram Siva Kumar’s on AI regulation and of course CISA’s Jack Cable and Bob Lord on Secure By Design ). However, if you are a cybersecurity professional (or just read the news) 80% may cover information you may already have familiarity with. The real value of Black Hat is in having an entire industry community in one place at one time. Prioritize personal meet ups, spontaneous conversations at the Mandalay Starbucks, and the ends of talks when you can talk directly to guest speakers and save your energy for the many happy hour events. Seasoned Black Hat attendees would go as far as to tell you, skip the ticket and take a seat at the Four Seasons or Mandalay never ending happy hour for your best learning and networking.
2. Book early.
Book early and be prepared. The closest hotels book up extremely fast and are certainly not cheap. Moreover, happy hour registrations and after hours event registrations fill up weeks in advance of the actual date and many are not even officially listed (Kyla Guru and I found this out the hard way). Make sure to check the Black Hat official website, Eventbrite, and your personal network to sign up for events. My personal favorite this year were App Dome’s comedy event with Howie Mandell.
3. Get some $$.
Black Hat tickets go for about $1600 a person, and Defcon about $460. Not to mention the exorbitant Las Vegas prices for food and transportation. Luckily, if you are a student there are some paths for getting help with funding:
Competitions. The Atlantic Council Cyber 9/12 Competition (The #CyberSuperGirl team received Black Hat tickets for placing in the national competition)
School: Your school’s Computer Science or cyber programs may sponsor reduced price Defcon or Black Hat tickets (Stanford does this).
Job: I met many interns who’s jobs at private cyber companies sponsored them to attend Black Hat and Defcon. Make sure to ask your managers early if there is availability (offer to help run their booth!)
If you are a woman in cyber specifically, there are a myriad of organizations who offer small funding and scholarships. Here are the few I’ve found:
Women in Cybersecurity (WiCyS)
Women + Cybersecurity = Women’s Society of Cyberjitsu
BlackGirlsHack
InfoSecGirls
Women Cybersecurity Society
Women in Security and Privacy
In the future: Stanford Women in National Security (WINS) 😱🤔
4. Black Hat is just the beginning.
To my surprise, Black Hat was just one of many cyber conferences and events happening that week in Vegas, all with different vibes and purposes. Even more, there are multiple trainings that happen right before both conferences. While Black Hat is the most corporate and official conference, Defcon is equally big, if not bigger, but with a much more casual, hacker vibe. This year I came to Vegas centrally for Black Hat but given the young, hands on nature of Defcon another year I would probably prioritize this conference. I compiled a short list of all the events I heard of happening this year (and likely to happen next year):
Black Hat: Corporate and official talks
Defcon: casual and hacker focused, exploring villages
B sides: side conference, less chaotic and expensive
Squadcon (This year came up because a village was not admitted into Defcon #tea)
The Diana Initiative: A couple of days before Black Hat focused on women and minorities in Cyber
If you’ve made it this far, congrats you are ready for Black Hat. If you are like me and just skipped to the end to see the main point here it is: At the end of the day, Black Hat and the Las Vegas Cyber conference circuit is really about building, connecting and investing in the larger cyber community. The best moments are running into old friends, making new friends, and feeling as sense of belonging in an industry and perhaps mission larger than yourself. Maybe the more realistic name for this conference is Black Heart 🖤😍.