[attrition] news: Back from Vegas: Good, Bad, and Fugly

lyger lyger at attrition.org
Tue Aug 12 00:58:30 UTC 2008 

Back from Vegas: Good, Bad, and Fugly
Mon Aug 11 2008 18:32:51
Lyger

"Lyger Team" made it back from this year's Black Hat and Defcon 
"conferences" (note the quotes) in one piece, but probably only because 
there weren't too many good opportunities to break anything. By now, 
everyone has probably read the media stories about the reporters who were 
banned for life for sniffing the media network, or the legal discussion 
surrounding the state of Massachusetts filing an injunction against three 
college students scheduled to present their research. For some, the event 
as a whole was probably a lot of fun, but there were plenty of things that 
really kept it from being as enjoyable as it could have been. After 
meeting up with Jericho and d2d on Wednesday afternoon, we headed out to 
Black Hat. Since I wasn't an official attendee, I can only offer input as 
to what I saw from an "outsider" point of view.

Disclaimer: This is my opinion and my opinion alone. If you disagree, 
fine. If you agree, fine. Email me your opinions. I'll be polite in my 
responses... unless you're trolling, in which case there will be a 
"suitable" response.

First, I did scan through the list of BH briefings, and there's just no 
way I could justify convincing my employer that sitting in on a handful of 
these over a few days would be worth the $1500 (or so) admission charge. 
Think about it from an economic standpoint: if you're attending a BH 
seminar, chances are good that you're a security professional in some 
sense. If you attend eight seminars (which is highly unlikely because 
you're in VEGAS, HELLO), that's almost 200 bucks a session. Let's not even 
include the hotel and airfare to and from the conference. If your employer 
trusts you enough to go to Vegas on the company dime, attend these 
sessions, retain the information, and use it for business purposes going 
forward, then your employer is quite possibly:

a. uninformed about the general content of Black Hat presentations
b. willing to spend more money on pointless security "solutions" based on 
technology instead of REAL staff training, or
c. a retarded douchebag

[...]

More information about the attrition mailing list