The Black Hat Conference has been going on for years. For me, I’ve always said I would like to get there some day. Instead, I’ve always opted for making it to the RSA conference because the companies I’ve worked for were willing to send me to one or the other each year.
I used to believe the Black Hat conference was on the forbidden list for those of us certified with CISSP. Maybe this was true. I did a quick scan of the ethics policy on www.isc2.org web.
It touches on many points which could be argued for and against when deciding to attend conferences like the Black Hat. I would argue for attending because I’ve always believed I might actually learn something about tips and tricks I’m trying to protect against.
I also believed Black Hat was more technical in nature. As I continue in my career, where I’ve been managing for a good number of years, I drift further away from solid keyboard interactions. I did notice in this years track there are topics for folks like me. Even if I’m not a hard core hands on technical professional, it still is good to attend classes that are. For me it keeps me plugged in with how things work at that level, which helps me understand appropriate needs in managing security analysts.
Nowadays I don’t worry as much about maintaining the status of my certifications. I always do my best to operate in an ethical manner and don’t think attending venues, such as the Black Hat, would cause me to do something unethically.
At any rate, I am not planning to be there this year either. I’ve been to RSA. Perhaps next year, I’ll opt for the Black Hat instead.