As one of the biggest security conferences of the year draws closer, the #HWCyberSquad decided to examine other key cybersecurity events that are of value from both a networking and PR perspective. With so much noise around RSA and Black Hat, smaller events are becoming increasingly valuable in publicizing research and for networking with influential contacts in both media and security.
Highwire’s own Ben Wolfson chatted with several notable security influencers from Ars Technica, VICE, Motherboard, WIRED and VirusBulletin on their experiences at some of the lesser-known, but rising-in-influence conferences.
CyberWarCon [inaugural conference was held on Nov. 28, 2018, TBD on 2019 edition]
CyberWarCon kicked off it’s inaugural conference as a one-day, single track event in DC in November of last year. Organized by FireEye’s John Hultquist the content was geared around nation-state topics, ICS cybersecurity and cyber policy debates.
It featured a keynote from Thomas Rid and a compelling debate on U.S. cyber deterrence operations featuring Jason Healey and Neil Jenkins. Both Wired’s Lily Newman and Wall Street Journal’s Dustin Volz voiced their enjoyment of the event. The show generated a lot of engagement on infosec Twitter accounts with other DC-area security reporters in attendance along with many practitioners and incident responders.
Derbycon [Sept. 20 – 22, 2019]
DerbyCon celebrated its eighth iteration this October. The Louisville-based conference has an elite attendee profile comprised of recognized practitioners and more technical security media. According to national security editor at Ars Technica, Sean Gallagher, “media that attend DerbyCon are hardcore security people – [there are a] small number of reporters there [that are] deep in the industry. Outside of DEFCON, [it’s] probably one of the more well-known hacker conferences with high-quality content.”
The content is extremely technical and now gets over 1,000 attendees. From a PR standpoint, many speakers attend to workshop and present material they hope to submit to DEF CON later in the year. Key takeaway: This conference is of high value to network and learn. Note: Founder Dave Kennedy recently announced the September 2019 show will mark the last edition of DerbyCon.
HOPE — Hackers on Planet Earth [July 20-23, 2018; TBD for next edition]
Typically a bi-annual event held in Manhattan, the content and attendees are very much in-line with the cyberpunk movement. Topics that are popular include internet free speech/regulation, encryption, privacy and more. While this might not be an event to recommend your client participate in, it is a great one to meet reporters on-site and attend as a PR practitioner.
According to VICE Motherboard’s cybersecurity reporter, Lorenzo Francheschi-Biccherai, “the audience is more activists and political than other conferences. Talks are less research driven and are more political. There are some interesting talks but totally different style than Black Hat and DEFCON.”
VirusBulletin [Oct. 2-4, 2019]
VirusBulletin is a magazine solely dedicated to the prevention, detection and removal of malware which has an annual conference in late-September or early-October for cybersecurity pros. The location changes each year (2018 edition was in Montreal) making it a global conference, albeit more expensive to travel to. The speakers and attendees are often the who’s who of security researchers with the majority of influential security companies represented.
Lily Newman, cybersecurity reporter at WIRED, attended this year’s event and confirmed the crowd is largely researcher focused, but not academic like USENIX. It’s one she felt was very valuable and hopes to attend again. According to VirusBulletin editor, Martijn Grooten, “Virus Bulletin is the main event where researchers and others working in threat intelligence get together to discuss the latest threats and the tools to detect and analyze them.”
ShmooCon [Jan. 18-20, 2019]
ShmooCon has rocketed in popularity over the last few years and with 2,200 attendees at January’s event, it’s difficult to get in. From a PR standpoint, you’re unlikely to get a ticket unless you work with a sponsor company. Shmoo, along with DerbyCon, functions as a workshop for practitioners to present material they hope will be accepted at DEFCON. This is an intimate venue and conference and that works to your advantage by providing direct access to practitioners and media. Given its location in DC there is usually a strong mix of media that attend — if your client is presenting it’s an opportunity to set up 1:1 reporter meetings.
Sean Gallagher is a huge fan and frequent attendee of Shmoo. He enjoys it as its a lower paying threshold for people to attend and the audience is all security practitioners meaning a lot of sources to network with. Given the location in DC, ShmooCon still has a good audience mix of students, government agency and vendor practitioners.
For 2019, look at these shows if you want to learn something new or take advantage of the locale to set up media briefings. And if you’re headed to RSA 2019, Highwire’s security practice will be there so reach us at firstname.lastname@example.org if you want to catch up!