Top Tips for Surviving Black Hat/Defcon 2018


By Kelly Ferguson & Lauren Hillman

August means a lot of things to different people. It is the peak of summer, music festivals are in full swing, and farmers markets are bursting at the seams. But for us infosec wonks, August only means one thing: Black Hat.

Black Hat is a technical security conference focused on the sharing of practical insights and timely, actionable knowledge. It’s a great opportunity to learn about that latest news and trends in the infosec world, catch up with old friends, and network with like-minded individuals.

As excited as we are to hit the ground running in Las Vegas next week, the conference is a full-blown marathon and it’s daunting to even plan the week without reaching for your fourth cup of coffee. That’s why we’ve tapped the smartest security aficionados we know to share their tips for surviving Black Hat/Defcon 2018.

Enjoy and see you in the desert!

Asaf Cidon, VP Email Security, Barracuda | @asafcidon
In the words of the famous 90’s song, don’t forget to put on sunscreen.

Eric Ogren, Senior Analyst, Security, 451 Research | @451Research
Don’t let the dogs bark. Most of us want to make a good professional impression at a major conference, but I’m here to remind you that most people keep their eyes up. Now is not the time to break in a new pair of stylish shoes. It’s going to be long days walking miles on hard concrete floors covered by thin carpets. By all means, look sharp from the waist up while sporting your most comfortable shoes or sneakers. I have learned to be a big baby when it comes to keeping the feet from screaming.

Put your social skills to work. You’ll have a world’s best resource all around you in people who have tackled the same issues that bedevil you. If you are at, say, a network traffic analytics session, try asking the person sitting next to you how they use network data for security, what vendors they like in the space, and even what they think of your plans for improving your security capabilities. Talk to people, make connections. I’m pretty sure you will get practical feedback that you can put to work as soon as you get home.

Fahmida Rashid, Senior Managing Editor, Decipher | @FYRashid
The word is lean. Go lean. Cut down on the number of devices. I have two laptops – one that has all the corporate things on it and the other that is my primary laptop for running code, writing, checking things. For the week, I leave my corporate laptop behind – I let my home office know that I will be out of pocket for the week. This goes for portable devices, too. For most of us, there’s no need for a tablet, phone, and a laptop. Consolidate functions where possible.

Same goes for applications. I decide what apps are must-use – and stick with that and not use anything else. My family knows that if they need to reach me, use Signal or call. I don’t try out new apps or sites during the week. I wait until I get home and can try it out in a sandboxed environment.

And here’s a bonus survival tip: I go all Faraday cage. I have a purse that is lined with RFID blocking material, so I keep my wallet there. I have a jacket that has a pocket that is RFID lined, and keep my phone in there. If not wearing the jacket, I use a small backpack that is also made from the same material. My credit cards are in RFID-blocking sleeves.

George Gerchow, CSO, Sumo Logic | @georgegerchow

  1. Do not bring a mobile device with ANY kind of sensitive information to Defcon or it will most like get hacked and you will be on the wall of shame.
  2. Wear all black, even in the Vegas heat, so that you blend in. (Never wear a suit.)
  3. Do not accept anything from anyone you do not know, especially alcohol.
  4. Don’t be surprised if your company is on display being hacked at the conference.
  5. Try to attend lock-picking sessions at BSides and live Bug Bounties.
  6. Bonus tip: Stay hydrated. 🙂

Kelly Jackson Higgins, Executive Editor, Dark Reading | @kjhiggins
BYO MiFi and VPN. Take it from someone who 10 years ago used the show WiFi once and got burned in a very high-profile way (ask Black Hat researchers Robert Graham and David Maynor about that one).

Kimberly Samra, PR Manager, Black Hat | @Kimberly_Samra
I tell everyone attending Black Hat to come prepared – from sorting through the nearly 120 briefings, 80+ trainings and a bustling Business Hall for your ideal agenda, to selecting from various networking events and reviewing your personal security checklist – planning ahead will make for the best experience. 

Rami Essaid, Co-founder, Distil Networks | @ramiessaid
If you’re going to survive going to both Blackhat and Defcon, that’s going to be a really long week. The best way to pace yourself is to get out of the conference rooms and exhibit halls. Find alternative places to hold your meetings that will let you relax a bit. Paul and team @securityweekly have it right, they hang out by the pool the entire week.

Rob Sloan, Cybersecurity Research Director, WSJ Pro | @_rob_sloan
Wear comfortable shoes. The days are long – early starts, hiking between conference halls, walking to the restaurants for meetings, standing at bars in the evening and partying the night away. If your feet hurt, you’ll be miserable. Take care of your feet.

Sean Michael Kerner, Senior Editor, eWeek | @TechJournalist

  1. Planning… it’s hard to just walk into Black Hat and not be totally overwhelmed. There is just too much to see and do. Start by looking at the schedule, make sure you look at both the regular briefings and the arsenal sessions and put together a basic plan for what you want to see.
  2. Coffee – without which I personally could not survive.

 Steve Ragan, Senior Staff Writer, CSO | @SteveD3

  1. Drink lots of water, and remember to eat at least twice a day.
  2. For the love of $deity take a shower and use deodorant.
  3. Talks are great, but whenever possible, connect with someone face to face and have a conversation.
  4. If you’re in town for the talks, make a plan and stick with it, this will help you avoid getting lost or being stuck in a line.
  5. Comfortable shoes, trust me, this is important.
  6. Get sleep, shoot for 5-8 hours, but no less than three.

Kelly leads media relations and editorial programs, driving strong results for clients by developing creative, compelling campaigns and story angles that resonate with a variety of media. Contact Kelly at

Lauren leads day-to-day strategy and execution for Offleash’s cybersecurity practice, and has driven successful PR programs for enterprise technology clients for the past seven years. She also works on Offleash’s social responsibility team, OffleashCARES. Contact Lauren at