If you are just joining us, this is the sixth post in the series starting here.
Conferences are magical and serendipitous. YouTube can’t capture the electricity you remember in the room as you tell someone “I watched Barnaby jackpot an ATM,” as others echo back “I was there that year too!”
At technical conferences, the content leads the way—it is what brings us to the show. Catching up on that research and work being done at “the tip of the spear” helps re-align our focus, sanity check perceptions, and validate our thoughts about what might be possible in the near future.
This post is about what’s happening OUTSIDE the briefings you decided you just can't miss. There is a lot going on that you need to make time for, some of you should be registering and competing in NCCDC’s Panopoly, checking out the official Black Hat store, book store, buying the videos… and prioritizing attendance for the Pwnies
First up, let’s talk about Sponsor Things.
Sponsors are a catalyst, the investment they bring creates jobs, underwrites research and innovation, helps bring ideas and solution sets to market, and helps make events like Black Hat possible. Check out the evolution and involvement of sponsors at BSides — support is not only unavoidable, events depend on them.
There is always that hipster sentiment reminding us how much better things were years ago, in the most ironic terms available… and that’s cool. So enjoy their reminiscing, but remember that you are here to rock the industry today.
The Business Hall
Call it what you like, you’ll hear terms like sponsor floor, vendor floor, business hall, networking lounge… these labels all filter down to a very simple thing: It's where the companies are.
Ignore the hipsters for a moment and stay with me on this one, dear reader — keep in mind that these companies are underwriting the event. They have paid dearly to make sure the show happens, in hopes that you will come and that they can connect with you in a meaningful way.
When I say paying dearly, I do mean it. This event is a budget breaker. To be clear, and to understand in broad strokes what it costs to put on an event like this, skim the sponsor prospectus—the top tier buys in at ~$150,000 USD. Do some additional math on the back of your cocktail napkin, all five of those Diamond sponsors are also sending another ~50 people (conservatively $1,500, ignoring soft costs and food). The smallest companies get in for ~$30,000 USD, sending 10 people—so let's figure that the smaller booths are spending closer to $100k for the week.
That’s without picking up additional sponsorship opportunities, networking receptions, dinners, or throwing parties… which I can assure you cost a pretty penny in Las Vegas.
So why sponsor? To meet you. That doesn’t mean sell, I mean it simply—they want to connect. What for?
- Don’t kid yourself: Everyone is hiring. They’re growing, building, and our industry has a fierce talent shortage.
- Related—don’t run around handing out copies of your resume on the show floor… no one wants to hire that guy.
That said, if you are looking for tips and advice on looking for a job at big events like Black Hat, I wrote a special post about it:
- Brand Awareness
- Companies (the good ones) spend a lot of time and money to build technology goods and services for you. That’s specific, I actually mean for you, the reader. They know you get it, and that’s why you’re at Black Hat.
- “I am not a decision maker or control a budget, why me?” — If you are attending Black Hat (both an expensive and aspirational event) you are an influencer, and you will be controlling budgets before too long!
- Product Direction and Validation
- As an influencer, you are in touch with the needs of your business, the challenges of your security team, and are tasked with responding to threats to the business.
So that’s why they want to talk to me, but why do I want to talk to sponsors?
Glib answer: Because you’re polite, you want to thank them for making Black Hat possible, and investing in your week.
Slightly-less-glib answer: The Booth Babes.
Yep, you read that right, but before you get out the pitchforks, I’m defining this differently from the standard, because I used to call myself a booth babe. (Fact.)
The folks attending Black Hat fought to be here—or couldn’t get out of it. Point blank, the people working the booths are smart, influential, and have something to offer you. They might have done your job, they might have faced similar challenges you did, or they work with people who do and have new perspectives for you to consider. (Those folks that couldn’t get out of coming? They are here because the company needed them to attend, which makes them both highly influential, and in-demand… you can’t lose!)
For the nerdy guys out there afraid of pretty girls, be warned—if you happen to see a pretty girl in a booth, make no assumptions about why she's there, or her intelligence levels just because of how she looks. She's probably smarter than you anyway. Flipside, companies bringing ‘hired help’ in questionable attire will have a hard time busting that reputation in the future, so buyer beware, and vote with your budget.
One caveat is that some booths will have a carnival act or arcade game needing staffed to manage that activity, badge scanning, and swag distribution. It’s really hard to justify putting a well paid sales engineer or product manager on duty doing this work. So be aware of the economic forces, and withhold judgement even if not everyone you interact with will be one of us, even if they all should be professional in appearance.
Life in the Booth
If you’ve never worked a booth, you need to know what’s going on there. It’s serious business (as you now appreciate the investment), and it is worth understanding who’s there, what they’re doing, and how to have a meaningful interaction in your time on the floor.
Marketing and PR
This is management, they are responsible for the booth, the staffing, messaging, visuals, and every aspect of what you’re seeing as you approach.
- These folks work hard to support our industry—and some of them actually know how to code, even if they don’t consider themselves technical like we do.
- Try to be self-aware, knowing there are different kinds of genius, not all of them are actually ‘technical’ the way you see it. The gift of communication, the ability to quantify and organize people, to design experience, and architect a live event is both art and science.
Sales and Business Development
If you’ve never worked in sales, you probably don’t respect sales people enough. You might scoff, but consider Einstein: “If you can’t explain something simply, you don’t understand it well enough.” Think about that as you consider the following.: When you meet sales people that sound like they have no idea, it may not be their fault. (Remember, not everyone on the floor can run Metasploit from the command line like you do, nor should they—it takes all types!)
- May be new to our industry
- May be pitching something so bleeding edge, they’ve not figured out how to effectively describe it (it *does* happen)
- May have not been trained (by someone like you or me) to effectively understand what they’re representing
- May work for a company WHERE CLUE=0
- Slept through new hire orientation (and won’t be employed that much longer…)
The bottom line is you’ll meet people in all industries that aren’t operating at 100% of peak, all the time, in any given role. For whatever reason, infosec loves to bag on sales people.
Don’t be a jerk, you’ve probably said stupid stuff too. Help them improve.
If you don’t like public speaking, you’d HATE making cold calls or selling. Just try selling something you don’t completely understand—it’s difficult and embarrassing. If you want to really make it in this industry, partner with the sales people you interact with, and help them do their two jobs effectively:
- Manage the relationship
- They are tasked with getting to know you and your company. This might surprise you, but I am still in touch with the coolest sales folks that I’ve worked with for the last 20 years- and many of them are close friends.
- Help you buy
- You’ll meet sales people you like, and you’ll meet some that give you the heebie-jeebies. You’ll know the folks who are honest about strengths and weaknesses, and you will honor them for their transparency. You’ll also never forgive the jerk that sold you snake oil, damaging your reputation.
- If you've never watched a project fail due to a missing product- you will.
Good sales people will inform you about their offerings, and how to understand their competitors. GREAT sales people will help you manage the buying process, specification and procurement… you’d be surprised how hard it is to get some companies to take your money when you want to buy something!
Take the time to meet your company’s account executive if you’re both in town. The logo on your paychecks will change, friendships can last a life time.
Business development is a lot like sales, except focused on more strategic arrangements, product bundling, technology considerations, market access, joint development ventures, and plans hidden behind the NDAs of their employer and partners. You won’t see these folks much- they’re usually double booked at all hours, but man do they have the scoop on what’s going on.
Technical Sales, Sales Engineers, Product Management
So this collection (and they won’t like me grouping them this way at first) is what I think are some of the coolest folks out there. Here’s the deal: If you are amazing at what you do in your day job, odds are you’ll wind up working for a vendor at some point in your career.
First, you’ll get picked off by a recruiting sniper, because you know the pain points their customers face, and you know the product better than anyone because you have used it daily, for ages. Eventually, as your ability to speak human approaches your comfort level on the command line, you’ll find your way from product specialist into technical sales, supporting the occasional sales call. Later, you’ll see the good technical sales folks move away from managing sales workflows and demo environments into full-fledged sales engineers, working closely with sales folks tied to a vertical or specified region. (Pro-Tip: The closer you work with sales and prospective customers, the better the food… yet another reason to meet with your account rep!)
Some sales engineers are customer champions, and they understand the customer need, the challenges you face, and can articulate it to their employer. Product Managers wear a great many hats, and (depending on their employer) will ultimately own the direction of a named product or development initiative.
The folks at every phase of this curve are smart, clever, amazing people. They are all growing, they have their fingers on the pulse and their ear to the ground. Ask them what they’re thinking on, what they are excited about—the good ones will break your brain. (Sidenote: Product Management training changed my life… and our PM team at Rapid7 is AWESOME. /biased)
Sponsors have a lot more going on than just folks hanging out in the booths—if you want to get hands on, or hear from some of the sharp folks at specific vendors, you’ve got some options.
- Check out one of the 21 sponsored sessions. Be advised, this content, unlike the briefings, is pay to play. There was a vetting process whereby sales pitches should have been stripped out, and if it gets out of bounds, report it to event management (via email, no need to be a jerk on social media.)
- Get hands on in one of the 10 workshops. These are opportunities to to learn new skills, sharpen your tool kit with the very latest, or test yourself in various contests.
This is near and dear to me, even if we don’t bother pitching Metasploit as an arsenal submission (and maybe we should?)
Arsenal this year is bigger, badder, and better than ever. This is Black Hat’s tool space where over 50 of the top open-source tool developers and independent researchers will be showcasing their latest features. So if you’ve got a tool you love, or can’t seem to get running, here’s your chance to meet someone to builds or maintains it face to face. Check the schedule for Wednesday and Thursday, try to catch your favorites, or find new ones to use (these are all open source, freely available.)
Before signing off, this is probably the elephant in the room that needs addressed. You will get a badge at check-in, and that is important—some cons use bar or QR codes, some are business card only, Black Hat uses RFID with basic info from your name badge (as printed) and a unique identifier.
Remember when we discussed that companies spent a small fortune to meet you? They want to connect with you, and follow-up after the show. Yes, you will probably get emails and phone calls. That is how they justify spending their precious money on giving you an incredible week.
Security professionals are privacy conscious, and we don’t trust folks to protect our information. Believe me, I get it.
When it comes to badge scanning, can we be real about your OpSec? You’re defending your phone number and an email address. If you can’t create rules, you don’t belong. If you’re using your primary email for conference registration, you deserve the spam you’re complaining about. If you’re worried about your identity at the point of the badge scan, you’ve thought about it too late
You’re trading a scan for a piece of swag or access to a party. The company wants to build a relationship with you. The conference organizers want to make sure only paying attendees access the show content. You want to let them do this because you want a conference and a party next year.
I’d have written a shorter post if I had the time—I hope this gives you some inside baseball on the rest of the show. It's going to be a great week!
If you’ve got edits or feedback, say hi here or on Twitter.
Read a special supplemental post to this one - Part 6a: On Job Hunting & Recruiting at Black Hat
Read the next post in this series: Part 7 - Your Survival Kit