In the ecosystem of cyber security conferences, there are many types ranging from industry to subject matter within a specific industry. In the cyber security world, two main types exist, vendor specific and vendor agnostic. Before recently, I only attended general security conferences to be exposed to a broader range of material. However, since my trip to the Carbon Black conference I wanted to discuss which are better to attend for new folks in the industry.
What's Carbon Black?
First stop is a brief overview of Carbon Black (CB). This is considered an Endpoint Detection/Response tool(EDR) capable of providing insight in to host based behaviors. Most businesses who have an EDR, will use it in conjunction with their other suite of tools. I have used the tool in the past and it truly is a magnificence animal but this also happens to be the only EDR tool I have experience with. These tools are great for incident response, allowing the analyst to not only isolate the host but to continue to do forensics and analysis remotely after the host has been isolated. CB provides an in depth look of activity on hosts, primarily anything that changes, such as process, registries, connections, etc.
Alright, now to the good stuff. Let's start our discussion with Carbon Black(CB). I am going to generalize here some because I don't have other vendor conferences to rely on. CB was fun all around: they had socials, multiple tracks of talks, a handful of non-CB people leading the talks, and a genius bar to take their product for a spin. For the most part, the CB employee talks were informative however very shallow on the details; they provided product updates and road maps of where they were going. In my conversations with other attendees, I gained more insight into how to deploy CB in creative ways and issues I may face using CB. Non-employee talks were by far the most informative. Some walk through analysis case studies using the tool and exposed on increased detection capabilities. Others discussed the EDR tool from an engineering perspective, detailing code and steps of how they integrated CB into their other existing tool sets such as SIEM, SOAR, and Ticketing Systems. I found these fascinating and they most certainly got my creative juices flowing.
Unlike vendor specific conferences, general security conferences are all over the place with topics. From how to find a job to picking locks to stories of cyber crime and everything in between. No offense to Carbon Black but the attendees are also a little less stuffy. You can probably tell I am a little biased with vendor agnostic conferences. They are a great time and typically have something for everyone. Even the smaller ones. My first conference was Grrcon over in Michigan and after the two days, I left and my head just hurt. My mind was literally blown. I sat in on talks about malware reverse engineering, hardware hacking, linux forensics, social engineering, wireless hacking and even picked my first lock. I had a blast.
My suggestion to new comers is to go enjoy the vendor agnostic conferences like BSides, Grrcon, Circle City Con, and Derby Con. These are fun and low key. As you get more mature in the space and need to support some specific product, go check out their cons. But only if you work is paying ... lol. But the good news is, you don't have to wait for the next conference to roll around. Look on YouTube for the talks. Just about every major con posts their videos for free!!!
Here are some conferences and links to talks. Enjoy.
Circle City Con
If you have any questions or have other conferences in mind that you think others should check out, comment them below and I will update this blog.
Tell us about your con experiences and let everyone know what they have been missing!!!
Last but not least check out the accompanying YouTube video.