Unshakeable Salt

DEFCON 28 Safe Mode

DefCon 28 Safe Mode has ended and we never even left the office. COVID has prevented us from being within the 40┬░C heat of Las Vegas. We still made the ‘virtual’ conference and without the temptation of Sin City, we still remember most of what we learnt.

DefCon 28 Safe Mode

First of all, let’s take about the impact of going virtual. These events are not only the formal/scheduled activities. Most of what can be gained from these events come from the networking opportunities. Meeting new people, seeing new things, observing inter person reactions. The shift to virtualised conferences prevents these opportunities.

Using Discord is fine for those people who already know other people. Someone new to the field or subject matter will find it hard to get an introduction, find a mentor or even get a word in edgeways when there’s hundreds of people talking at once.

We infosec/secops people can be an intimidating clique at times and unfortunately virtualised conferences channel that segregation. DefCon managed well to try to break the barriers, but overall we still need to do more.

SANS Courses

It’s that time of year when we get the call from the accountants to let us know how much tax we need to pay. As usual that means we now release further budget for our employees to go and do some more training. As well as being ISC2 orientated, we tend to favour SAN Certifications. Like conferences, training packages have had to make the jump to being virtual.

Training packages have many benefits. Not only the course content and the potential qualification, but they tend to be another great networking event of people in exactly the same position as yourself. They are also facing the same challenges and they are an opportunity to change ideas and approaches to specific problems.


It’s unfair for calling Sans out for this, as I’m sure the other training providers are just as guilty. A virtual course doesn’t have the same benefits as a face-to-face physical course. It has some others (such as flexibility on times and being able to replay whats just been said) but they are not as valuable. So why are virtual courses being sold at the same price ?

Virtual courses do have a set up and hosting fee. That can be recouped by 1000’s over people over the term of the certificate ( usually 3 years ). Physical courses have venue and staff fees, shared only by 20 or so people.

When a course is $7000 it is a major investment for an individual to pay. If we want more people to join our profession and address the skills gap, we all need to be challenging our training partners.

Director of Unshakeable Salt, an Information security specialist who first started contracting in 1997.

DEFCON 28 Safe Mode DEFCON 28 Safe Mode DEFCON 28 Safe Mode

View Comments

Brute force and ignorance
Next Post