In previous years, I’ve gone to Splunk and CrowdStrike conferences. These compare to BlackHat only in size and reputation.
- Splunk – Known in IT as both a cybersecurity and analytics tool. Their conference focuses on two main things: how to use the tool and positioning themselves as a data ingestion destination (more than just cybersecurity).
- CrowdStrike – Laser-focused on one thing: how to use their tool effectively.
BlackHat: Big-Picture Security & Vendor Wins
BlackHat stands out because it focuses on solving cybersecurity challenges across the board. You’ll hear discussions ranging from big-picture questions like, “How do we secure our systems and applications against modern attacks?” to more niche problems like, “How do we meet this new PCI 4.0 requirement?” — which often leads to vendor conversations.
For me, the talks I attended and the people I met were far more valuable than anything I’d experienced at other conferences. Every session I joined had direct, actionable takeaways I can apply as both a consultant and an employee.
A bonus highlight: I got to meet Network Chuck, David Bombal, and John Hammond — huge names in the YouTube tech space.
DEFCON 33: My Favorite by Far
Even with its downsides, DEFCON 33 was my favorite. It’s primarily focused on the offensive side of cybersecurity, and the variety is unmatched. You can explore just about every niche in the field.
- Here’s what I did this year at DEFCON:
- Wireshark training – A four-hour deep dive with Chris Greer.
- Botnet Lab – Hands-on work at the Packet Hacking Village.
- Packet Analysis – More time in the Packet Hacking Village.
- Cloud CTF – at the Cloud Village.
On top of that, I wandered through different villages watching incredibly smart people break into systems they’re passionate about. One that stood out was in the Aerospace Village, where a team was simulating an attack on an airplane landing strip. It was both mind-blowing and a reminder of how high the stakes can be when cybersecurity failures put lives — not just systems — at risk.
Is It Worth the Price Tag?
- It depends on who you are:
- BlackHat will save you thousands on renewals and new subscriptions (if you have the budget ready).
- DEFCON is great for headhunting and assessing skills in action.
- BlackHat training is expensive if your company isn’t paying for it.
- DEFCON offers affordable workshops to sharpen your skills — and might even help you land a job that will send you to both in the future.
- Cybersecurity leaders / department heads: Yes, go to both.
- Engineers or aspiring cybersecurity pros: Skip BlackHat for now, focus on DEFCON.
In short: BlackHat gives you the big-picture strategy and vendor connections. DEFCON gives you the hands-on skills, community, and inspiration to push your craft further. If you’re serious about a career in cybersecurity, both have their place — but the one you start with depends entirely on where you are in your journey.