I've been participating in an ongoing, online panel hosted by the Information Security Buzz website. The latest question is, "Based on your experience and knowledge, what would you say is the BEST Information Security event to attend and why?"
I answered with ShmooCon, though since I'll be attending DEF CON in August for the first time in forever, my opinion might change. Anyway, what follows is my answer, cross posted from Information Security Buzz. Check out their online panel to see which conferences other respondents chose and why.
This Event Has Inspired A Lot Of Thinking Outside The Box
In recent years, I've found some of the best content at ShmooCon, and I've learned a lot. It's also an excellent place to meet other security practitioners that can become important allies. Some of the most important contacts I've made were at ShmooCon.
The unfamiliar usually chuckle or cock their heads in puzzlement when I tell them about ShmooCon. The name throws them off, and it's not a traditional business conference.
ShmooCon is organized by the Shmoo Group, a security think tank started by Bruce Potter in the late 1990s. Attendees represent the full cross section of the security industry. There are hackers, CSOs, government security types and everything in between. More than a few people have compared it to the Black Hat conferences of old or a smaller version of Defcon.
The event has inspired a lot of thinking outside the box -- not just in terms of the talks, but in how attendees travel and network. In recent years people have carpooled to ShmooCon.
For three years in a row I traveled to and from the event in what we called the Shmoobus -- An RV crammed with hackers making the journey from Boston to Washington DC. Those 12-hour drives made for a lot of bonding.
With such a long trek, there's time to delve into deep discussions about the challenges of our jobs.
The Shmoobus is no more, unfortunately. But what I learned about security on those journeys will last a lifetime.