1 Comment

Summary:

Both DEF CON and Black Hat Briefings are influential conventions in the world of security, but they’re still very different. See how they compare.

cyber security
photo: Thinkstock

This week, two of the biggest security events are descending on the same city. Cut from the same cloth, launched by the same founder, and overlapping for a day in Las Vegas, DEF CON and Black Hat Briefings seem like the same conference split into two different venues. But actually, there’s a lot more nuance to their message.

Here’s the lowdown on both conferences. While both have significantly changed how hackers and security experts do their work, they definitely have their own standout features.

DEF CON: For the Hackers

DEFCONHistory: DEF CON was started in Vegas after hacker and security consultant Jeff “The Dark Tangent” Moss organized a going away/shutting down party for a Canada-based hacker network. When a fellow hacker, the guest of honor, had to leave the country for the party, Moss decided to throw the party in Las Vegas anyway. A hundred hackers showed up, and DEF CON was born, taking the “DEF” as an homage to the movie War Games and to make a reference to phone phreaks.

Program: Now in its 20th year, DEF CON stands out for its hacking-related contests, which explore everything from cryptography to malware development and even lockpicking. Some interesting games include Crack Me If You Can, which challenges hackers to crack as many passwords as possible, and Hack Fortress, where gamers play a round of Team Fortress 2, while a team of hackers solves puzzles. There are also panels, featuring the ACLU, the Electronic Frontier Fund, and hackers of all stripes.

Audience: DEF CON is by hackers, for hackers. Although representatives from federal agencies have attended in the past (and even been the subject of DEF CON games), Moss has asked that all government folks remain outside of DEF CON’s walls. There’s no pre-registration, and it’s $180 at the door for four days of hacking.

Black Hat Briefings: For the Security Experts

Black HatHistory: After the success of DEF CON, Moss created Black Hat Briefings in 1997. What was once a stand-alone event has turned into a network of conferences in different parts of the world, including a European conference (held this year in March in the Netherlands) and summit meetings in Sao Paolo and Istanbul. The focus of Black Hat Briefings is “sharing practical insights and timely, actionable knowledge” related to information security — much closer to what Moss does in his day job as a security consultant.

Program: Black Hat Briefings is split into two sections: Black Hat Briefings and Black Hat Training. On the Briefings end, there are keynotes about long-term research projects, like the scheduled talk from Trustwave SpiderLabs on breaking into smart home hubs, and scenarios like hacking into connected cars or a security analysis of BlackBerry OS. Training largely involves classes on security techniques that would help analysts better analyze and test attacks.

Audience: Due to its highly technical nature and education-focused program, Black Hat Briefings is largely for career security consultants from both private and public institutions. It’s all research papers and exploit stories, not wacky interactive games. This isn’t the place for the part-time hacker — Black Hat Briefings focuses on security and protection. It’s also the more expensive of the two: the four-day conference now costs the “Late Registration” price of $2,595.

  1. I’ve attended both conferences multiple times. You’ve done a nice job describing each one. My biggest frustration about DEFCON was how oversold it was. There usually were too many people lined up for a given talk, so if you were in the back of the line you wouldn’t get into the room.

    Most days I was only able to go to every other session I wanted, each time spending over an hour standing and waiting, often outside in the Las Vegas day time heat. The talks were mostly good, but I don’t miss that part!

    Share

Comments have been disabled for this post