Should You Send Your Security Staff to a Hacker Conference? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
02:00 PM
Connect Directly

Should You Send Your Security Staff to a Hacker Conference?

IT managers once and for all should recognize that hacker conferences can be highly educational and beneficial from a corporate IT perspective.

With a vast array of tech conferences available, it can be a challenge as an IT manager to figure out which are the best ones to attend or to send your employees. Some of the more “head-scratching” tech conferences around are those that cater to computer, physical security and social hacking. Among the biggest of those are Black Hat and DEF CON.

Some IT managers are dead set against their security teams attending these types of conferences. After all, these are the people you hire to prevent hacking, not learn the trade themselves. Because of this thinking, I’ve known many employee requests to attend DEF CON have been denied. Yet, most former DEF CON attendees insist that hacker conferences are far more than hacking -- and can be highly educational for corporate IT security staff.

Given this wide contrast in opinion, I took it upon myself to attend DEF CON 27 in Las Vegas. My goal was to see if the content presented could translate into value from a corporate IT security perspective. Here’s what I learned.

Image: Metamorworks -
Image: Metamorworks -

To give you a sense of how different DEF CON is from most any other IT conference, I'll offer a few observations of my first day in attendance. First, you can't pre-register for DEF CON online. Instead, you simply show up in Vegas and pay the $300 fee -- cash only. Cash because, you know, these are a bunch of hackers. Second, I was quick to observe that the corporate or business casual attire that is common with other IT conferences was virtually non-existent here. Instead, you’ll find lots of cargo shorts, t-shirts and crazy hairstyles. Lastly, if you take a cursory glance at the titles of many DEF CON sessions and specializations villages, it’s easy to understand why some IT managers might be quick to dismiss DEF CON altogether. Session titles such as "How You Can Buy AT&T, T-Mobile, and Sprint Real-Time Location Data on the Black Market" -- or the “Lock Bypass Village" may seem as if this hacking conference is geared more toward black hats than white.

But here's the thing, once you push past the thin counter-culture veneer that the conference promoters wrap themselves in, you find the information and skills that can be gleaned are easily transferrable to the corporate security world. Despite the likelihood of a few “bad actors” in attendance, I found far more white hats representing both the private and public sectors. Additionally, many of the speakers and conference staff (known as "goons") are well known, well respected and work or consult in corporate IT as their day job. Even a US Senator was part of the conference this year.

It’s the non-corporate vibe that I think makes DEF CON so successful. Attendees see it as a way to embrace a unique computing culture while learning useful security skills that can help them understand what they’re up against back home. If you get the chance to go, you’ll find a wealth of security information being taught by some of the greatest security minds in the world. You’ll also find that attendees are truly interested in learning hacking skills, methods and tactics that they wouldn’t find at any other conference. It gives both IT security novices and experienced pros the chance to step into the shoes of a modern black hat to see how they approach a target. Doing so allows the white hats to stay one step ahead.

I believe that my attendance at DEF CON 27 was time and money well spent. My hope is that this article will convince IT managers once and for all that hacker conferences can be highly educational and beneficial from a corporate IT perspective. Plus, for only $300 to get in the door, it’s one of the best deals going. The bottom line is, if you can trust your security staff to protect your corporate enterprise infrastructure, you can undoubtably trust them to learn something of value at a hacker conference like DEF CON.

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

New Storage Trends Promise to Help Enterprises Handle a Data Avalanche
John Edwards, Technology Journalist & Author,  4/1/2021
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
How to Submit a Column to InformationWeek
InformationWeek Staff 4/9/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll