Each has its own unique character and tone, and, depending on what
you want to come away with, will have different value for the attendee.
At the risk of p*ssing off the conference organizers, most of whom are
friends of mine, I'd break it down as:
SANS -
Atmosphere:
Busy and crowded. Lots of attendees are new to security.
A good chance to network with system administrators and
network administrators. Has a focus on a certification
program and tutorial program. Most of the attendees will
be going to some classes and boning up on something or
other.
Level of sophistication:
Low. Since there are a lot of beginning security folks, you
won't find a lot of discussions of bleeding edge stuff.
Types of attendees:
More on the "beginner" end of the spectrum. That being said,
the attendees are nice and easy to network with, if you fit
that mould as well. Most of the folks at SANS are real people
with real problems to solve and are easy to get along with on
that basis.
Quality of tutorials:
Very good. SANS is extremely aggressive about pruning
tutorials that get poor ratings and promoting instructors
that get good ratings. Tutorials have a lot of "back fill"
material for introductory students.
Other:
If I were sending a member of my staff to one conference
to get a backgrounder on security, it would be SANS.
USENIX -
Atmosphere:
Researchy, academic, quirky. USENIX is the conference
where the big dogs who built the Internet hang out. As a
consequence, it may be somewhat clique-ish unless you're
a good mixer.
Level of sophistication:
Very high.
Types of attendees:
USENIX usually brings the widest mix of nerdy-types, ranging
from white tower to operational folks. The white tower
researchers
tend to dominate the agenda.
Quality of tutorials:
Excellent.
Other:
I think USENIX is a very valuable organization and I know I
personally owe a lot of my professional development to that
conference. If I were sending an employee who already was
knowledgeable and wanted to give them a chance to hang
with the real gurus I'd send them to USENIX.
* Because of USENIX's UNIX roots, it's understandably focused
towards UNIX. If you're into NT/Windows expect to hear lots
of Microsoft bashing. At USENIX if you ask how to solve a
security problem in a Windows system, folks will answer
"install BSD" without thinking they're cracking wise on you.
Interop -
Atmosphere:
Harried, huge, corporate. If you like to get lost in a crowd
this is a good conference for you. Being one of the nameless
mass is easy.
Level of sophistication:
Low. Focused on networking and products, mostly.
Types of attendees:
Various; mostly networkers and folks there to see what
kind of
new products are out. Very little research focus. Mostly
operational.
Quality of tutorials:
Surprisingly good. They cater to such a large audience,
though,
that you'll find you're lost in the noise and there are
few tutorials
all at a given level.
Other:
This is a good conference to send sales reps to, to get
training.
CSI -
Atmosphere:
Corporate mainstream I/S department types. Lots of
mainframers,
big systems types, auditors, CISSP types. A lot of the
attendees
will come from a more formal security background. I.e.:
they tend
towards the wearing of neckties rather than labrets.
Level of sophistication:
High.
Types of attendees:
Mostly fairly technical, a smattering of law-enforcement and
auditors represented. Not a hacker friendly crowd. Most of
the attendees don't represent the state of the art.
Quality of tutorials:
Good.
Other:
This is an excellent conference but not research oriented
at all.
If I had someone who wanted to be a CISSP I'd send them
to CSI.
TISC -
Atmosphere:
West coast security/operational. Kind of like a mini SANS but
more intimate.
Level of sophistication:
Good.
Types of attendees:
Lots of west coast system/network admins.
Quality of tutorials:
Good.
Other:
This is a good small conference if you're in the San Jose
area
and can't travel or don't want to travel.
Black Hat/DEFCON -
Atmosphere:
An interesting mix of spooks and hackers. Lots of info-war
heads and goofy kids with body piercings who think security
begins and ends with getting root. Attracts media attention
and since it's held in Vegas tends to have more than its
share of hijinks.
Level of sophistication:
Very low and Very high at the same time. Usually there are
a few real security gurus there with really top-notch work,
and then a lot of hangers-on with cool Tshirts.
Types of attendees:
A very eclectic assortment.
Quality of tutorials:
Good.
Other:
This is a fun conference if you like the media circus
atmosphere.
It's simultaneously counter-culture and cliqueish in a
way that
is hard to describe.
mjr.
---
Marcus J. Ranum Chief Technology Officer, NFR Security, Inc.
Work: http://www.nfr.com
Personal: http://www.ranum.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Intro
