How to Make the Most of Hacker Summer Camp

• Hacker Summer Camp brings together Black Hat, DEF CON, BSidesLV and more for a high-energy week of security insights and hacker culture.
• These conferences have helped shape cybersecurity by fostering collaboration, championing broader industry representation and surfacing bold new ideas.
• In a place where it’s hack or be hacked, basic precautions like using a VPN, limiting devices and other tips we’ll share can keep your data safe.

Every summer, members of the InfoSec industry and the world of hacking come together in the Nevada desert for a gathering of the tribes. For one jacked week in Las Vegas (this year, it’s Aug. 2-7), attendees can sample from a seemingly endless buffet (it’s Vegas, after all) of events and gatherings: There’s Black Hat 2025, of course, but so much more, including BSidesLV, DEF CON and The Diana Initiative. In a city that literally never sleeps, you’ll have plenty to keep you busy with nonstop vulnerability disclosures, product launches, research releases and practitioner sessions you won’t see anywhere else—or at the very least, you’ll see here for the first time.

Some of us like to call it Hacker Summer Camp.

Hack or be hacked: the birth of DEF CON

The phenomenon of Black Hat and all that orbits it started in 1993 with the first DEF CON—a gathering that actually was created as a party for members of a Canadian hacker network. Over the years it blossomed into being the world’s largest hacking conference, and has been host to some pretty pivotal moments in our industry’s history. 

In 1997 came Black Hat. Established by Jeff Moss, the same chap who launched DEF CON, Black Hat was born out of the recognition that cybersecurity professionals would benefit from a chance to convene with their hacker brethren. Black Hat eventually became its own kind of evolutionary force, making us all think differently about security. (Hackers and defenders working together? That was new—and, as it turns out, essential.) BSides Las Vegas followed in 2009 after an overwhelming number of Black Hat talk submissions showed the need for another venue. The Diana Initiative, launched in 2017, aimed to boost the representation of women and minorities in the industry, rightly believing that new perspectives in the spotlight can make a valuable and lasting impact.

Have fun without getting pwned

Other smaller events are spread out across the Las Vegas strip that week. No matter which you attend, you should find this to be a rewarding week.

For first time attendees, though, Hacker Summer Camp can be a little intimidating. Virtually all shades of hats are in attendance, and not everyone has your best interests in mind (although most of the shenanigans of the week are all in good fun). But to play it safe—we’re in cybersecurity after all—here are a few pointers that will hopefully dispel some myths and reduce your anxiety. These tips should allow you to confidently attend Hacker Summer Camp while keeping your data construct safe.

Keep your always-on VPN always on

A lot of attendees like to play around and exploit wireless signals of any stripe, whether LTE or Wi-Fi networks. Some of those folks can intercept that traffic and analyze it. If you doubt the security of the LTE network, consider the Electronic Frontier Foundation’s open source Rayhunter project, which is designed to help you sniff out cell site simulators that trick your phone into connecting with a nefarious device rather than a legitimate cell tower. These systems are not isolated to government and law enforcement uses. 

To showcase the potential security perils of using wifi without appropriate safeguards, DEF CON features a Wall of Sheep display that throws attendees’ unencrypted wireless communications onto a giant screen for all to see. This disclosure is meant to put pressure on attendees to learn and do better. The easiest way to mitigate this is to keep an always-on VPN configured on your devices. It doesn’t really matter if it is a commercial VPN, an employer-provided VPN (although it’s probably wisest to leave work devices at home or powered off) or a roll-your-own VPN like mine. As long as robust encryption is on your device’s signal, your personal information is acceptably safe and should be spared the indignities of the Wall of Sheep.

Better yet, bring only essential electronics and disable Bluetooth on whatever device you do bring in conjunction with the VPN. This is a people conference, and if you are not competing in contests, you likely don’t need to bring a laptop. If you do need to bring a laptop, bring something you are comfortable with wiping at the end of the event.

Encrypt sensitive data at rest

If you must keep a device that has personal or sensitive information, make sure that your data is encrypted at rest. This is not specific to Hacker Summer Camp; it’s just a good rule to live by. When you’re in a crowd of that size, it’s too easy to lose track of a device or leave it where someone could easily just walk off with it. Having the hardware itself stolen is an expensive problem; having sensitive data stolen can be a disaster.

Get cash from casino ATMs

You’re in Vegas, where it’s helpful to have cold hard cash for tips, gambling and whatnot. But ATM skimmers, which record your ATM card number and PIN, are often impossible to detect from simply looking at the ATM terminal. Rather than pull cash from some sketchy, off-strip ATM, choose an ATM that is much likelier to be safe and, since you’re in Vegas, will be very convenient. I’m talking about ATMs located in casinos. Why? 

Casinos are covered by a network of surveillance cameras–part of some of the strongest physical security protections you’ll find anywhere in a commercial space. So if you need cash and are worried about the threat of an ATM skimmer, just head to an ATM on the casino floor. Take it from someone who lives in Las Vegas: While some skimmers can be installed in as little as 3 seconds, having an entire staff of armed security guards watching you 24x7 tends to put a damper on plans for criminal highjinks. 

Keep your friends close and your data closer

Vegas is a party town. (And when I say party, I mean par-tay. I should know: I live here.) When folks are out late, drinking and gambling, they often let their guard down. In that environment, it’s important not to overshare. This is critical for all, but specifically if you have an executive or principal role professionally. There is no technical fix for a HUMINT failure, but I would tell you to educate yourself on social engineering techniques, and try to notice them in use. The vast majority of people in attendance are friendly and just trying to meet new friends in the scene. But some will take advantage, and it’s often hard to distinguish one type of person from the other. Just keep personal details where they belong: with you.

Check yourself before you wreck yourself

Hacker Summer Camp takes place in the desert in August. It gets hotter than blazes out there, but most people in our community have to dress for chilly convention halls and breakout rooms. That’s understandable. But just to be safe, wear sunscreen, bring sunglasses and for the love of life itself, limit your time in the sun because that big yellow ball of searing heat and radiation creeps up on you fast. Perhaps the most key precaution of all: Hydrate like crazy, seek out shade and AC, and consider keeping an electrolyte drink or powder packs in your backpack. Here in the desert, the heat and dry air tricks you into thinking you’re not perspiring at all, when in fact you’re sweating all day. It just evaporates when it hits that desert air. And whatever you do, don’t try to Ironman it on foot from one end of the strip to the other. Heatstroke is not your friend.

Conversely, when it rains here (which isn’t often, but still), muggy Vegas is a whole other level of unpleasant. There isn’t much you can do, but I definitely recommend avoiding travel between locations during heavy rains because flash flooding is a real risk.

Have a (relatively) FOMO-free week

Hacker Summer Camp is a terrific experience for veterans and newbies alike. There’s so much energy, so many great ideas, such an array of opportunities that you may experience bouts of FOMO when you hear of something you want to attend but can’t. You won’t have enough time to do everything you want, but if you think through your priorities for the week and align them with all the events and sessions that sound cool, you should at least come up with a list you can live with.

One final pro tip, and I’ll be on my way: Download the HackerTracker app and start building your personal schedule now. That app is critical for navigating Hacker Summer Camp. It will make your life easier while mitigating that FOMO.

But one thing you shouldn’t miss? The chance for us to chat live at Black Hat in the Business Hall at Booth 5045, where you’ll find yours truly explaining how it’s possible for organizations of all sizes to protect themselves with enterprise-grade security. The way things are going, it seems security teams can use all the help they can get.