Dealing with BlackHat’s Slip into RSA

Another amazing BlackHat/Defcon summer camp tour extraordinaire.  As the con continues to evolve, mostly in ways I’m not so fond of, I realize we should focus on the right things to make this thing so many cherish continue (until riot and upheaval overthrow UBM).  Much more is said about topical facets in the industry culture that can be addressed (drinking, sexism, elitism) but I don’t see much about the overall con experience and how we make it better.  Yes, I’ll still be back next year and there’s great things about it but we should hit some of these things straight on.

The things we see changing in BlackHat all center on it’s advancement of corporate chicanery.  We don’t want RSA, and yet, here it is.  Forget blaming the logos.  Forget the idea that they we can change them and their intentions… won’t happen.  The only reason this is happening is that we, the consumer, the infosec professionals, “the community” doesn’t draw some boundaries around how to do it right and train all these new faces on what “doing it right” means.

I broke down some easy things that are in your power that would make a significant difference in flushing the turds of this event.  No army of Guy Fawkes masks or Anon-style vendor ousting needed.  Perhaps thoughts for another day…

1. Stop walking the vendor floor. 

It’s that simple.  Don’t go.  Tell people not to go.  If people want to meet vendors, tell them to do it after the con.  Absolutely nothing but pithy pitches happen on the floor and harvesting of your contact info for those horrible emails that will never stop if you give them a scan.  Every floor demo, “briefing”, or other exhibit floor event is put on solely by marketing.  Look at the people who speak.  They are marketing people in suits, logo’d polos.  They are paid actors.  You get the prettiest of folks doing put on events where they raffle your soul and your contact info for the chance to win something.  You’ll suffer through a complete waste of time, every time.  You won’t see senior engineers giving intense breakdowns of their tools.  It’s because marketing runs these entire events.  And marketing wants to speak to decision makers… and frankly those most likely aren’t technical.  That’s why everything comes in many colors on powerpoint.  If you actually want to learn about a product, do it afterwards in a personal demo and insist on a technical person show up.

Vendors will stop showing if you stop walking the floor, scanning your bags, and picking up the awful vendor swag.  Less vendors means less floor space.  Vendor floor space at the expo is the main cash cow of the con and the thing UBM spends most time on.  If you want to meet someone, go to coffee. Do it later.  Don’t do it at BlackHat.

2. Be selective on your parties – swap vendor parties for industry parties.

Let’s cut the BS and act like we won’t be partying at Vegas.  Back to starving the beast, cut out the vendor parties.  Yes, they have free booze.  But they are so damn lame.  They’re full of sales people.  I have many friends as sales people, but when I go to hang out with my peers, I don’t say hello to them in the hallways.  I’m here with a purpose.

Industry players are throwing some hella good parties, also with free booze but in a crowd worth mingling.  Other folks will write about the pros and cons but Nike, Adobe, Facebook, EFF, Twitter, Dropbox, and others intent on fostering the scene throw some great parties where you can actually talk to other smart people and geek out in the industry.  Yes, they have an agenda for recruiting but fostering the scene is much more noble goals than getting a PO.

I will also throw out that the small vendors and startups have some great parties where their founders, lead tech staff, and real people show that you can talk to in a crowd of under 100 people.  One of my favorite parties was at the Palms Place penthouse with Reversing Labs (@reversinglabs) and some other up-and-coming products.  Pool table, balcony hot tub overseeing Vegas, and an unlimited bar were amazing.  (Thanks Mario & Team!) You didn’t have to get manhandled by guys in jackets asking what your role is and how much your security budget is. Plus, the small vendors don’t have the money to throw around to make BH a commercial vendor.

3. Stop going to vendor dinners. 

I know, sacrilege.  You may not be hip to this but most sales people show up only to do booth duty on the expo floor (let’s not call it a cons) or to wine and dine clients to keep them buying.  That’s the only reason it occurs.  They didn’t show up for talks.  They don’t know the presenters and want to understand their recent bug.  They are only there to keep you occupied and continue a sales relationship. When they mean ‘stay current on the industry’ they really just mean ‘remember current companies breached and how those hacks relate to things they sell.  Hanging out with sales people when you have the core of our industry walking around to meet is a wholesale travesty.

I can commiserate with people who are on some $40/day budget from their employer and see Vegas prices.  If you want free food, you have options that don’t you can always crash a party.  Those same parties I mentioned earlier can have decent food.  There’s almost always something at 5-7 that’s serving food in an open setting.  Starving the dinner crowd means the sales execs won’t show in the first place.  They line all of them up earlier.

I will say that I have had one enjoyable vendor dinner when I went out as a Matasano client some years ago to hang with @s7ephen, @__daveg__, @cory_scott and other industry folks I respect.  No cognitive dissidence, the conversation was about the work and our passions.

4. Talk to your friends and colleagues about their BH plans.

We won’t change anything unless those with influence use it.  We almost all know people who are going to BH for their first or second time and will fall into the same traps.  They don’t know better.  They don’t understand the sales cycle, the sleazy parts of the industry… Hit them  up and tell them why the things above have meaning.  Better yet, help them find all the great things to do instead.  Making BH an amazing time is what it should be about.  I know I wouldn’t be where I am without a lot of the scene’s “grey beards” and those really are the lines that keep

Believe it or not, I see so many blank faces looking around not knowing anyone and hear many stories of people hanging out in their hotel rooms, wandering Vegas, and basically being kept occupied by the vendor fan-fare not knowing that it grew up “around” what we consider the heart of the con.  Introduce yourself to these people, it’s obvious they could use some new friends. 🙂

Doin’ it Right:

There’s so much more to say about how to “do it right” but I put down some quick thoughts on where we should be focusing:

1. Meet new peers – there’s an untold number of amazing infosec people running around.  Connect with them.  There’s a ridiculous concentration of awesome people at the con bar.

2. See the talks – the talks are as good as you’re going to get at most cons.  Not everyone but some of the best bugs get dropped or talked at BH.  Even if you don’t have a badge, find the speaker and meet them.  They’re all around, try Mizayu, the new Galleria bar.

3. Hang out with friends – forget about the constant shuffle, hit the pool, hit a show, go out for dinner with old friends.  My favorite BH event has become the Thursday night dinner party that shows up at Carnevino, a Mario Batali joint in Palazzo.  It’s a bunch of old faces and new eating an amazing meal.  No BS, people catch up from where they’ve been in the last year, meet great connections… it alone can make my trip worth it.  That and @ballrcon.  @ballrcon for life.

Above all have fun and make sure it’s memorable.  A week out of the office an be spent on a lot of things so make it count!  It’d be great to hear other people’s stories of how they approach it and what else we can do.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: