Last updated at Tue, 25 Apr 2023 21:34:20 GMT

If you're like me, you have wanted to go to Black Hat for ages. If you're going, have a game plan. For first timers, this series will be a primer full of guidance and survival tips. For returning attendees, this will help maximize your experience at Black Hat.

First, I want to give you perspective on my bias, coloring guidance offered here. My slant is that of someone who was a booth babe (sales engineer), a speaker, an attendee, Review Board member and former General Manager. These guide my aspirational thoughts for attendees.

General Alexander described Black Hat as “[the] greatest technical center of gravity in the world” - and whether you call it "cyber security" or "information security," you are certainly in the deep end of the pool when attending this conference.

Black Hat, from its roots, is by the community, for the industry. The Review Board strives to keep the event content-focused, bringing the best mix of cutting edge, inspirational, and conversation driving discussion to the attendees. Over the last 18 years, Black Hat (started by Jeff Moss 5 years after DEF CON) has helped security minded IT professionals build an industry.

Think about that. There were no “security engineers” or “security analysts” or “security architects” or “Chief Information Security Officers” at the first Black Hat — just a bunch of people forging a career path, creating what we have today. You, as an attendee, stand on the shoulders of those giants.

Standing in the conference space at Mandalay Bay, you will have 9,000 people wearing Black Hat badges nearby, over 180 researchers presenting content, and 160 vendors who have invested heavily in the event. As a content-led event, this is the largest professional hacking event of its kind.

By the numbers, you'll be drowning in people that all know more than you do. Think about that for a second. Absolutely no-one is great at everything. Everyone there brings something to the table, something they might share with you, something that may change the world. That said, no one there has your experience or perspective (ignore the warm fuzzies and pay attention) you have an opportunity to find people of a like mind, with similar passions, experience, and  knowledge to yours. This is YOUR TRIBE. Find your people.

There is so much to do, so to get the most out of your time, plan ahead. There are things happening you will not have planned for, things you will not be welcome to attend (like 70 Black Hat training classes the 4 days before the conference, or the invite-only CISO summit on Tuesday), and a whole mess of “oh, I wish I'd…” moments.

Choose your own adventure, and do it on purpose—this is not a week to “accidentally” your way through. This week can change how you do your job, change how you drive your career, and it can change your life. (Ask any speaker… it changed mine.)

With this many talented professionals, hungry employers, innovating vendors, and curious researchers, do not underestimate the power of serendipity. The people you will rub shoulders with, stand in line behind, or sit next to (when you felt the urge to ask a really stupid question) may have written the tools you use at work EVERY DAY, or the books/blogs you read that started you in this career, or your next co-worker or boss.

Bring the best version of you every minute, of every day.

Black Hat Rule Number 1 - Cardio. This isn't just a rule to survive by in Zombieland. Vegas IS Zombieland.

In other words, Black Hat is not a sprint, it is an ultra-marathon.
You'll start early.
You won't rest as well as you'd hoped.
You'll be dehydrated.
You'll get lost.
You'll have an amazing conversation and lose track of time.
You'll probably stay up later or drink more than planned.

To survive, or absolutely rock this week, play the long game.

To help you do that, in the following blog posts (we'll link them in as they come online) I'll provide guidance on how to prepare, maximizing your time at Black Hat:

Hopefully this will be helpful—these are lessons and observations from my book of bad beats, lessons learned through experience or observation.

As always, please post questions here, or hit me up on Twitter.


Continue on to Part 2 of this series: Getting the most out of Black Hat briefings