Firewall Wizards mailing list archives
Re: OK, of all the security conferences out there....
From: "Marcus J. Ranum" <mjr () nfr com>
Date: Thu, 27 Dec 2001 09:54:02 -0500
Darren Reed wrote:
Usenix Security Symposium
I figure that as usual the answer is: "it depends" ;) There are 6 conferences I think I've attended fairly regularly: SANS USENIX Interop CSI TISC Black Hat/DEFCON Each has its own unique character and tone, and, depending on what you want to come away with, will have different value for the attendee. At the risk of p*ssing off the conference organizers, most of whom are friends of mine, I'd break it down as: SANS - Atmosphere: Busy and crowded. Lots of attendees are new to security. A good chance to network with system administrators and network administrators. Has a focus on a certification program and tutorial program. Most of the attendees will be going to some classes and boning up on something or other. Level of sophistication: Low. Since there are a lot of beginning security folks, you won't find a lot of discussions of bleeding edge stuff. Types of attendees: More on the "beginner" end of the spectrum. That being said, the attendees are nice and easy to network with, if you fit that mould as well. Most of the folks at SANS are real people with real problems to solve and are easy to get along with on that basis. Quality of tutorials: Very good. SANS is extremely aggressive about pruning tutorials that get poor ratings and promoting instructors that get good ratings. Tutorials have a lot of "back fill" material for introductory students. Other: If I were sending a member of my staff to one conference to get a backgrounder on security, it would be SANS. USENIX - Atmosphere: Researchy, academic, quirky. USENIX is the conference where the big dogs who built the Internet hang out. As a consequence, it may be somewhat clique-ish unless you're a good mixer. Level of sophistication: Very high. Types of attendees: USENIX usually brings the widest mix of nerdy-types, ranging from white tower to operational folks. The white tower researchers tend to dominate the agenda. Quality of tutorials: Excellent. Other: I think USENIX is a very valuable organization and I know I personally owe a lot of my professional development to that conference. If I were sending an employee who already was knowledgeable and wanted to give them a chance to hang with the real gurus I'd send them to USENIX. * Because of USENIX's UNIX roots, it's understandably focused towards UNIX. If you're into NT/Windows expect to hear lots of Microsoft bashing. At USENIX if you ask how to solve a security problem in a Windows system, folks will answer "install BSD" without thinking they're cracking wise on you. Interop - Atmosphere: Harried, huge, corporate. If you like to get lost in a crowd this is a good conference for you. Being one of the nameless mass is easy. Level of sophistication: Low. Focused on networking and products, mostly. Types of attendees: Various; mostly networkers and folks there to see what kind of new products are out. Very little research focus. Mostly operational. Quality of tutorials: Surprisingly good. They cater to such a large audience, though, that you'll find you're lost in the noise and there are few tutorials all at a given level. Other: This is a good conference to send sales reps to, to get training. CSI - Atmosphere: Corporate mainstream I/S department types. Lots of mainframers, big systems types, auditors, CISSP types. A lot of the attendees will come from a more formal security background. I.e.: they tend towards the wearing of neckties rather than labrets. Level of sophistication: High. Types of attendees: Mostly fairly technical, a smattering of law-enforcement and auditors represented. Not a hacker friendly crowd. Most of the attendees don't represent the state of the art. Quality of tutorials: Good. Other: This is an excellent conference but not research oriented at all. If I had someone who wanted to be a CISSP I'd send them to CSI. TISC - Atmosphere: West coast security/operational. Kind of like a mini SANS but more intimate. Level of sophistication: Good. Types of attendees: Lots of west coast system/network admins. Quality of tutorials: Good. Other: This is a good small conference if you're in the San Jose area and can't travel or don't want to travel. Black Hat/DEFCON - Atmosphere: An interesting mix of spooks and hackers. Lots of info-war heads and goofy kids with body piercings who think security begins and ends with getting root. Attracts media attention and since it's held in Vegas tends to have more than its share of hijinks. Level of sophistication: Very low and Very high at the same time. Usually there are a few real security gurus there with really top-notch work, and then a lot of hangers-on with cool Tshirts. Types of attendees: A very eclectic assortment. Quality of tutorials: Good. Other: This is a fun conference if you like the media circus atmosphere. It's simultaneously counter-culture and cliqueish in a way that is hard to describe. mjr. --- Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. Work: http://www.nfr.com Personal: http://www.ranum.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- OK, of all the security conferences out there.... Mike Hancock (Dec 26)
- RE: OK, of all the security conferences out there.... Ofir Arkin (Dec 26)
- Re: OK, of all the security conferences out there.... Darren Reed (Dec 26)
- Re: OK, of all the security conferences out there.... Paul Cardon (Dec 27)
- Re: OK, of all the security conferences out there.... Marcus J. Ranum (Dec 27)
- Re: OK, of all the security conferences out there.... Frederick M Avolio (Dec 27)
- Re: OK, of all the security conferences out there.... Lance Spitzner (Dec 27)
- Re: OK, of all the security conferences out there.... Tina Bird (Dec 27)
- Re: OK, of all the security conferences out there.... dont (Dec 26)
- Re: OK, of all the security conferences out there.... Matt Curtin (Dec 30)
- <Possible follow-ups>
- Re: OK, of all the security conferences out there.... Bill_Royds (Dec 27)
- Re: OK, of all the security conferences out there.... Tony Howlett (Dec 27)