Last updated at Wed, 23 Aug 2017 19:43:27 GMT

If you are just joining us, this is the third post in the series starting here.

Networking Like A Pro

Black Hat will clear 9,000 attendees this year, and it is really easy to feel really small in a crowd that big. The vast majority of folks you'll see there will only know a few people at the show—it is your duty to change that for them.

This blog post won't make you the best conversationalist at the conference, but it should be enough to get you off the bench and into the game.

Let me expound: As geeks, we have a time honored tradition and reputation to uphold, that of culturally-sensitive, socially-aware, well-groomed, charming, and social creatures.

No? Not yet?

We will, come the first week of August this year.

If you are attending Black Hat, you are in the hottest, most-sought-after, and one of the best-paid verticals in modern history. Next time you meet some random Joe and let slip you work in “cyber security,” just listen to them prattle on about how important that work is, and how badly we need to be successful. Boardrooms are paying more attention now than ever.

As a Black Hat delegate, you stand on the shoulders of giants, reaping the fruits of a hard working community, representing a profession in high demand that's racing to mature. You are our diplomats and emissaries for security, research, and hacking. Much of the general public still sees our work as a dark art and witchcraft, your decisions and actions are critical to winning hearts and minds.

Nearly Zero Unemployment.

Think on that for a moment. Not only have the unemployed worked themselves into breathtaking niches, our profession cannot recruit, train, and groom talent fast enough. Everyone, ABSOLUTELY EVERYONE you will meet at the show is tied to the recruiting force, and only a handful of those folks have been in their jobs or at their current company for more than 5-7 years. Let me be clear - I am not telling you to find a new job. Unless you want one

We all have roles our teams that need to be filled, or have friends with specific needs. Even if you're not looking, still make a point to meet people, and help connect them to others.

So, in light of that:

Be a connector.

So almost every company is hiring for something, we get it. The magic is the people, and everyone has a story: Many are looking for jobs, while others are looking for a way to get started. Some of the folks you meet love their jobs, others are mastering challenges they face, or are the verge of giving up. Others will be running low on life, beat down in their world, and have come to have their cups refilled by the energy and excitement of the community and breaking research.

Be a connector, not match-maker. If you're hanging with a group, and have a discussion in play, pull the lurkers in. Peel off, say hi, ask where they're from. (“Hey! We're discussing — care to join us?”)

As mentioned above, everyone you will meet has a story. Let's be honest though: We're at Black Hat. People are afraid of the wireless, debated bringing a pencil and paper instead of mobile hardware, and are looking at everyone as though they're some kind of double agent looking to steal corporate secrets or passwords from them.

Take a deep breath. Most of the APT buzz you're hearing is out on the vendor floor, you can spot the offending booths. Some of the folks you'll meet have real war stories from engagements with a determined adversary, others are telling tall tales, while some are running you through a Kobayashi Maru (like it or not), which may be an interview, so play nice!

Respect OpSec.

People may not want to talk about their employer, or they may not be comfortable with the idea.

Spoiler alert: Real spooks at the show aren't going give you the “if I tell you, I'd have to kill you” line with their best “1,000 yard stare.” They'll have a cover story, and it'll be a simple one.

That said, lots of cool people work for HUGE companies, that as a matter of public policy “do not send their people to Black Hat or DEF CON”— and that's a tough spot to be in. Here they are, they may have fought to get here, might have paid their own way (!!!) — and they very simply can't tell you where they work, or what they do, and they feel ridiculous saying that. Even more painful for these kindred souls, they may not even have an explanation why corporate overlords have that policy. Amazing job, strong budget, interesting problem space … and the occasional policy that makes zero sense. It happens.

Be aware of special situations around corporate growth. Some startups are still in stealth mode, others may be approaching an S-1 filing, while others work for visible companies that may have a legal requirement to keep quiet after an IPO, merger, or acquisition. Watch for the awkward smile or brief “thanks” or “we are excited” response — some topics, for reasons that can't be discussed, are off limits.

Be aware of corporate relationships, and the occasional slip-up. Companies may be consulting, partnering, customers or service providers, and that may all be under NDA. Just because you know what's going on doesn't mean it is your business to disclose.

Look for those edge cases, and try to make life less awkward for them. Respect the rules of OpSec others may follow (even if against their will,) and try to warm things up. Be aware of human factors: People are jet lagged, sleep deprived, …hung over, stressing about a presentation or a meeting, afraid of large crowds, or are actively avoiding you because you forgot to brush your teeth or put on deodorant (don't be that guy!)

Start Small.

My advice is to not start with “hi, where do you work” or “what do you do?” It's a trap.

Earn permission, and think of this as building social context or relational capital. We're all excited, and we're extremely passionate about our chosen profession… but we're not giving it all away up front. It may be a waste of your time and mine to get into that, or you have somewhere to be, or as mentioned in the above section, these questions could be minefields anyway.

Polite company will find common ground, and start neutral:

  • Where are you from?
  • When did you get in to Las Vegas?
  • What's the best session you've seen?
  • Which session are you looking forward to most?
  • What brings you to Black Hat this year?
  • How long have you been attending Black Hat?
  • Did you come here with a team or group?

It's kind of unavoidable: The conversation will wander into our chosen profession, which is ultimately why you are in the desert this week, hiding from the angry and unforgiving Las Vegas sun. Offering up some of the answers to these questions before asking creates context and offers a safer conversational space.

  • How long have you been in InfoSec?
  • What line of work are you in?
  • What would you consider your speciality?
  • Is that what you do for your day job, or is that something you're looking to do more of?

For many of you, this is kinda obvious. If you're Canadian, you learned this by third grade… I was home schooled, so someone had to explain this to me.

And in any case, even if it's new to you — that's okay too! Consider me passing these random thoughts forward.

Connect the Dots.

I remember as a kid, my pastor always saying it isn't always what you know, but who you know. There's something to that. As you meet people, be present. The magic of events like Black Hat is the people, and you will miss out if you aren't tuned in.

Slow down the mental hamster wheel and stay focused in the here and now. What happened in history, or what happens later today doesn't matter.

As Gavin de Becker says, “Now is the only time anything ever happens—now is where the action is.” Strive to really connect with the neat people you meet. Identify their interests and passions, get to know them, and start building a network.

When I started traveling, I learned it was better to be somebody somewhere rather than a nobody everywhere. A big conference with 9,000 humans is less intimidating when you recognize a few faces in the crowd. Where and when does this happen?

  • Right now, right where you are! (Bathrooms notwithstanding.)
  • In the elevator
  • Standing in line
  • Coffee
  • Lunch
  • Waiting for a session
  • In the booths on the vendor floor
  • If you are sitting next to a human (and the talk hasn't started) say hello!

As you find people of your tribe, introduce them to each other. Don't slack here.

If you're more comfortable online/on social networks than in person, you'd be surprised how often you will find folks in your chosen sessions that you've interacted with on Twitter. And by the way, meeting IRL— especially after chatting for 10 minutes, only to realize you kind of already know of each other — is kinda magical.

Sidenote: The persona you have in your head for that cyberspace personality won't always match the meatspace version, and bridging that gap can make for some interesting moments.

image credit:

Ignore the nervous reflex to check your phone or scan Twitter. Stay present, stay put. To quote egyp7, "never leave a hallway conversation you know is good for a talk that might be."

There's so much more to networking at Black Hat that I didn't want to cram it all into one post, so we'll continue this thread part five, which will be all about the Art and Science of Making Introductions. So come on back here tomorrow for more on that -- same Bat-Time, same Bat-Channel.

As always, I welcome additions, edits and feedback - comment here or say hi on Twitter!


Continue on to Part 4 of this series: Talking to the Media & Press

...Or go back and read Part 2: Getting the Most Out of Black Hat Briefings

Want more? You can catch all the entries in the Black Hat Attendee's Guide series right here.