So it's your first time at Hacker Summer Camp, and you want to make the most of it

Not sure whether to hit BlackHat, BSides, or DEF CON, or all three? This guide breaks down what each one offers, plus go-bag essentials, social battery management, and Vegas survival tips from five (or six) years of Hacker Summer Camp.

July 8th, 2026

So it’s your first time at Hacker Summer Camp, and you want to make the most of it. This year will be my fifth Hacker Summer Camp (depending if you count DEF CON safe mode? If yes then sixth), and while I am far from an expert I have so far found that every year I go I enjoy the experience more and more. So I thought I’d share some of the things I’ve learned to keep that statement true! 

If you're not aware what Hacker Summer Camp is and why everyone is talking about it: it's the annual migration of hackers from all over the world to Las Vegas in the first week of August for three conferences that run back to back.

At the start of the week you have BlackHat, considered the corporate conference. Here you'll find the Business Hall, a sprawling convention center full of cybersecurity companies, Arsenal, where you can check out open source tools, and, if you've got a full Briefings Pass, access to deeply technical research talks on their Main Tracks. 

Note: All photos taken at DEF CON have the permission of all photographed at the time

But BlackHat gets a lot of really good submissions and there are only so many slots available, so a lot of talks don't make it in — and that's where BSides comes in. BSides originally started as the "B-side" of the BlackHat talks that didn't make the cut. Now it's grown massively, and there are BSides all over the world, some hosted days before or after another big conference (BSidesSF happens the weekend before RSA), but many just happen whenever they can.

Finally you have DEF CON. While it's moved around a few times, from a collection of hotels to Caesars Forum, it now seems to have found its place at the Las Vegas Convention Center. DEF CON is the antithesis to BlackHat: chaotic, community-driven, anarchist. It isn't really an infosec conference, it's a hacker conference, closely aligned to hacker culture. That's gotten it into a bit of hot water at times (venues refusing to work with them), but DEF CON's stages are also home to breaking research, plus community-organized villages spaces where like-minded hackers can get together, running parallel, often unrecorded sessions.

Assuming you are in Application Security like me, which one should you go to? And if you’re lucky (or unlucky, haha!) enough to go to all three, how do you make the most out of the week without burning yourself out?

Las Vegas Tips

My first time in Vegas for DEF CON, back in 2019 when it was at a collection of strip hotels

Before I get into each event, I want to talk about Las Vegas itself for a second, because if you've never been, it's an experience all on its own. And going there the week of Hacker Summer Camp makes it all the weirder, with people chilling in corridors with laptops open. Remember: you don't need to be productive 24/7. Use the hotel pools, bars, or casinos as informal networking spots, and if you have the time, catch a show like Ka or O to experience the full Vegas spectacle. It’s well worth it, particularly if you’ve never been to Vegas before.

There's no right or wrong hotel choice. In August, Vegas is very hot and you're probably not walking around outside for long, and public transport isn't great, even up and down the Strip. Plan for taxis, Ubers, the Vegas Loop, or the monorail no matter where you're staying, since there will always be off-Strip events you'll want to attend. As a tip, hotels and event spaces have specific pickup and drop-off locations for Uber or Lyft, which may not be near the main entrance; taxis, on the other hand, get preferential pickup and drop-off spots at a comparable price.

The Hacker Go-Bag

This is actually what I always pack to travel, but I tend to avoid bringing everything all day it’s heavy

Pack the essentials: a high-capacity power bank capable of charging a laptop, plenty of snacks (especially for DEF CON, where food options can be limited), a reusable water bottle, and retractable USB-C cables to minimize clutter. For a bit of flair, consider a custom e-ink name badge like a Badger 2352.

Take notes throughout the week to ensure you retain key takeaways. Either hand written or using a laptop/tablet. After the conference, you can use AI tools to help you collate your random thoughts and notes into something structured and actionable.

Managing Your Social Battery

Use talks as social refresh points when you need a break. At BlackHat, head upstairs away from the vendor hall for quieter, calmer spaces. At DEF CON, seek out dedicated social spaces or the mental health room often found in the Blue Team Village. Remember: you will miss things, and that's okay. Attending all three events in one week is a lot, and it's important to take breaks and find peace when you've been peopling a lot.

Health & Nutrition

This cucumber salad at Momofuku might be the best salad I’ve ever eaten

Prioritize real meals at local restaurants rather than relying only on snacks to keep your energy up. For those interested in fitness, keep an eye out for the DEF CON run, which often takes place early in the morning before the desert heat really sets in.

You may not be walking outside for long, but you'll be walking inside a lot. Every conference is big, the walk from drop-off to the halls is long. So comfortable shoes are a must. Thankfully, it's often possible to walk through casinos and hotels entirely within the air conditioning, so you won't get sunstroke, but bring a water bottle regardless. You WILL be hitting your step goals without even trying.

Safety & Security

The safety concerns at Hacker Summer Camp are a bit exaggerated, it’s very safe, but if you’re worried: Stick to mobile data (4G/5G) or a local eSIM rather than public Wi-Fi. On the physical side, keep your wits about you to avoid pickpockets, don't walk around holding your phone loosely in your hand. 

Of course, the real risk in Vegas is usually the blackjack table, not a hacker.

Embrace the Weird

Las Vegas is a city of extremes, so embrace the weird side of it. Check out experiences like Omega Mart, an immersive Meow Wolf art installation dressed up as a surreal grocery store, full of hidden passages, puzzles, and stories that don't fully make sense, and that's the point. It's genuinely weird, and I love it. Be open-minded and try things you wouldn't normally do at home, it's all part of the Summer Camp spirit.

In 2025 the Semgrep team took over Omegamart, here is us busy checking people in

Making the Most of Your Time

My biggest regret from past years: trying to be everywhere. I spent too much time walking between different venues chasing every talk or village that looked interesting, when I would have had a much better time picking one place and settling in. Hacker Summer Camp rewards depth over coverage, you'll get more out of properly spending time in one village or one "ground" than sprinting between six of them and seeing none of them properly.

  • Mindset: Approach these conferences with a 100% focus on learning. Expose yourself to new tools, ideas, and skills, seek out the niche stuff you wouldn't find anywhere else.

  • Note-taking: Don't feel obligated to avoid your laptop, but definitely bring something to take notes on, whether that's a laptop, paper and pens, or just your phone.

  • Etiquette: Be very respectful with photography at DEF CON. Do not take crowd shots, and always get explicit permission before taking photos of anyone.

  • Trading: Be it stickers, badges or information, trading is a big part of hacker culture. If you have electronic badges or stickers from other conferences, bring them along to trade with other attendees, there are dedicated areas at every event.

  • Networking: If you feel intimidated, focus on finding your community. Join a local group (like a regional DEF CONers group), volunteer at a village, attend workshops, or simply spend quality 1:1 time with people rather than trying to navigate huge crowds.

BlackHat

You’ll find plenty of people at BlackHat without a full pass, but it’s well worth it if you’re looking for the cutting edge security research

Many hackers aren't big BlackHat fans — it's a very corporate event, with a mosh pit of vendors trying to scan your badge if you make eye contact at a booth. Think of the vendor hall like a zoo: interesting to observe from a distance, but don't get too close to the cages. I recommend an 80/20 split between attending high-quality research talks and navigating the vendor hall.

But if you're looking at buying a solution, the Business Hall is where you want to be. Instead of just talking to sales and marketing reps, look for booth talks hosted by technical researchers, these often provide the real depth you're looking for. And remember, the external events hosted in the evenings are often the best part of the whole week, offering a chance to connect in a more relaxed environment.

Look for "Green Flag" booths: staff who prioritize conversation over scanning your badge, admit when they can't help, are technical and professional, and host events that are actually relevant and non-salesy.

Wear business casual for BlackHat, then change into jeans and a hoodie for BSides and DEF CON, it helps with the psychological transition between the corporate environment and the community-run vibe.

A lot of events happen outside the conference, the conference hotel, or even the Strip, and while you may initially be reluctant to leave, don't skip these. It's tempting to be lazy and order food to your hotel room, but these side events are often the best way to meet new people, network with other AppSec professionals, and chat more one-on-one with vendors and researchers. 

In 2025, Semgrep took over Omega Mart, the immersive Meow Wolf art installation at Area15, for a night — and it's still one of the best examples I can point to of what a good evening event looks like: no slides, no pitches, just wandering interdimensional grocery-store portals with a drink in hand and ending up in genuinely great conversations in the strangest possible setting. The DEFCON parties website is a great way to see what unofficial events are happening throughout the week. Most are networking events rather than sales pitches.

The BlackHat NOC or Networks Operation Centre is the security team responsible for the security of BlackHat, they have a viewing area where you can view these monitors and see attacks in real time

Outside of the Business Hall, the research talks at BlackHat are NEXT LEVEL, you are guaranteed to find the best talks, the breaking research and the conversations here will impact the way you think about security. Many talks, particularly the niche ones, are very quiet so it’s a great opportunity to network with the speakers if you’re working in the same area. Also definitely stop by the BlackHat NOC if you want to see what it takes to keep an entire conference safe..

BSidesLV

If you’re on your own, don’t forget to start a conversation with others, that’s how you make friends!

If BlackHat is the corporate conference, BSides is its friendly, community-driven cousin, and it's the best place to start if your main goal is meeting people and networking. The layout is filled with tables that actively encourage you to pull up a chair and chat with your neighbors, and the talks are generally more 101-level and approachable than the heavy-hitting research at DEF CON, which makes it a genuinely good entry point if you're newer to the field or feeling nervous about the bigger events.

BSidesLV runs its own "grounds" system rather than traditional tracks, spaces like Breaking Ground (new security research), Hire Ground (career development), Proving Ground (a mentorship track for first-time speakers), and Password Track (three days on authentication challenges) each operate almost like their own mini-conference with their own organizers and community. Breaking Ground is where you'll find solid new research, but personally I gravitate toward Ground Truth, which focuses on 101 talks. I love coming away having learned something genuinely new, or at least new to me, vs. hearing a polished version of the same talk I could find at any other conference this year (sorry AI).

Me learning about hardware hacking in ground truth in 2025

BSidesLV also runs the ever popular workshops, but these can fill up VERY quickly, so if you see a workshop you’re interested in register early to avoid disappointment. Last year, I took a great workshop on going from Hacker to trusted advisor, and I learned a lot about presenting security cases to business leaders.

The standout feature, though, is Skytalks. It's an off-the-record, Chatham House Rules track with a strict no-recording, no-photography policy. This is the place to find the spicy content that challenges the status quo, from sharp criticism of vendors to topics that wouldn't get a slot anywhere else. I haven’t made it to a Skytalk since they moved to BSidesLV from DEF CON, but talking to people who have, the appeal is obvious: electronics go into airplane mode, masks stay on, and what's said in the room stays in the room. Speakers can go places they can't on a recorded stage.

Getting in takes a bit of extra effort: you need a BSidesLV badge, and a token for the specific talk you want to see. Tokens are handed out for free during scheduled "token drops" at set times and locations during the event, check the BSidesLV schedule for when and where, and get there early, since it's first come, first served and they are particularly busy.

DEF CON

My first ever DEF CON, it was very overwhelming!

My biggest piece of advice for DEF CON: skip the Main Stage talks. Wait, really? Yup — they're all recorded and streamed live, and the popular ones fill up fast anyway. Instead, focus your energy on the villages. Villages are self-contained, community-run spaces that host their own talks, workshops, and activities, or just provide a place to meet up. For AppSec folks, I'd personally recommend checking out the AppSec, Bug Bounty, Blue Team, and AI Villages, but honestly, this is the best part of DEF CON, so visit whatever interests you. Car Hacking, Soldering Skills, Tamper Evident, Maritime, it goes on and on. You can really customize your DEF CON experience just by choosing the right villages and honestly there’s not really a wrong choice.

I've spoken at both Bug Bounty Village and Blue Team Village, and they couldn't be more different in flavor. At Blue Team Village last year, I hosted an interactive threat modeling session built around robbing a bank, except the bank was underground and guarded by a monster. It sounds silly, but that's the point: turning threat modeling into a game makes people actually engage with the process instead of glazing over at another whiteboard exercise. That's the kind of thing you only find by actually spending time in the villages, it’s different, it’s quirky, it’s not something that works at other events.

On logistics: a DEF CON badge covers access to the whole con, villages included, there's no separate village ticket to buy. Pre-registering online gets you a guaranteed "human" badge (rather than risking a paper one if the con sells out). This year it will be a hardware badge so DO pre-register. If you'd rather skip pre-reg, DEF CON also runs its traditional cash-only, at-the-door "LineCon" registration, just budget extra time for the line, and bring cash, since cards aren't accepted at the door. Linecon is an experience in itself though.

The coveted DEF CON electronic badges

Volunteering at a village is also a fantastic way to get involved, and I always volunteer at the AppSec Village. I love the mix of talks and hands-on experiences it gives you. I learn something new every single time, and honestly you could spend your entire DEF CON at one village volunteering and still have a brilliant time. I'll once again be volunteering at the AppSec Village, so come by and say hi if you're around.

DEF CON villages are one of the things that makes the experience really unique

If you're into hardware, head to the vendor area, you'll find technical tools there you won't see anywhere else. Many of the vendors are smaller stores and independent brands, so you'll be supporting fellow hackers. Keep an eye out for Miscreants streetwear. It's hacker-inspired, sells out fast, and it's my first stop in the vendor area. Also if you have a tactical style bag (you’ll see many of these on the DEF CON floor), you can also find patches with hook-and-loop backing, so you can stick them right to your bag, without needing an iron.

Finally, a warning on merch: the lines are massive. Unless you're specifically looking to experience "LineCon" for its own sake, or really want a t-shirt to remember the conference, I'd skip it - there's a lot happening elsewhere that you'll miss out on for a hoodie. If you have to wait in line, be prepared with something to do, carry cash, and use it as a social opportunity, be friendly, introduce yourself, or even throw a beach ball to a fellow attendee.

You Can’t DO Hacker Summer Camp Wrong

There are a ton of side events happening in Las Vegas during Hacker Summer Camp

Outside of these main events there are tons of other things happening in Vegas, from meet ups to whole other conferences, to 1:1 dinners with vendors. However you choose to spend your week, the best version of Hacker Summer Camp is the one that matches what you actually came for, whether that's deep technical talks, a new community, or just meeting people who get it. 

If you're around, come find us at the Semgrep booth (#4943) at BlackHat, join us for fun and networking at It’s All Fun And Games, or catch me volunteering at the AppSec Village at DEF CON I'd love to say hi.