I received an interesting email from an colleague concerned that for those working in the intelligence community, attending security events such as the ShmooCon conference may get you on a blacklist or hurt you infosec career.
I went last year and found that around 95% of the people there were corporate-like types that just love doing computer security. There are a few attendees that stand out, but even they seem to be law-abiding people – just with red hair or something.
As far as getting on a black list… I wouldn’t think so. I look at any conference as a chance to learn and meet other people with common interests. Education and networking are important factors in succeeding in your career.
Overall though, it’s a real conference… It’s goal is as an alternative to having to pay $5000 or some other astronomical amount to go to some vendor-focused conference or training. Instead, tickets range from $75 to $300 and is organized and attended by people that love their work and not conference organizations with shareholders/profits in mind.
Those expensive conferences can add a lot of value, but have you ever tried to get your company to pay for one that wasn’t directly contract-related? I understand why they don’t normally pay for them, but I still can’t afford to pay those fees myself so I look to these ShmooCon-type conferences as an alternative for keeping up in my field. Also, attending counts as CPEs for your CISSP.
I may be a little naive in my opinion though… What do you think? Are there such blacklists? Does it hurt your career? How have you been able to get your company to pay for quality expensive conferences (e.g., RSA’s, any of the SANS training ones, or Blackhat)?