ShmooCon Labs – where the network (usually) works and where Labs attendees, vendors, and Labs staff work and also network (see what we did there?).

“Wait! You want me to help set up the conference production network?  The network used by speakers, villages, contests, attendees, and the awesome live video streaming of the talks to the interwebs?”

You betcha! And hopefully you will learn and teach a few things along the way.

Since 2007 (yeah, we have been doing this for a while) technology has come a long way; troubleshooting duplex mismatches, firewall table limitations, and NAT not really NATting are things we no longer have to (hopefully) worry about.
For the past few years Labs has two fundamental objectives:

  • The good ole make everything work part – that is called BUILD.  Building is very important since without it there is no second part to Labs.
  • Part deux is called OPERATE.

There is a lot to be done for the BUILD part. We do some planning before the conference, pre-configure some basic infrastructure, set up the virtualization environment, and then we all show-up on the Wednesday before the con.

Thursday early in the morning (yes, early like 8am, and yes, EST time zone) we meet in Labs and get things connected, deployed, and working as soon as possible.

We try to get everything working by 5pm on Thursday, but there were cases we were up until 4am on Friday for mysterious interoperability issues. We don’t miss those evenings. By the start of the conference on Friday everything must be up and running.

Once we are done with BUILD, OPERATE comes into play: throughout the remainder of the conference, everyone that helped set the network up can help to not just monitoring the network, but also using the infrastructure to learn (or teach) how a real-world SOC works. A little bit of Threat Hunting, possibly some Malware Analysis, Vulnerability Management, etc.

Is this something you would like to do? Here’s what you need to know…


If you think ShmooCon Labs sounds like a great time, you are prepared to pay a $50 fee and you already have a ShmooCon barcode, then you can apply to be in Labs. Let us know who you are, why you’re interested in labs, and what area you’d like to focus in: Build or Operate. We certainly want those nice folks that help us BUILD the network, but also would like to get more SOC analysts, threat hunters, and malware analysis types interested in Labs with the OPERATE focus.

You can pick from one of the following topic areas:

  • Build
  • Networking (Switching, Routing, cabling)
  • Core Services (DHCP, DNS, Virtualization)
  • WirelessNetwork Security (Firewall, IDS/IPS)
  • Log Collection / Aggregation
  • Operate
  • Security Operations Center
  • Threat Hunting and Log Correlation
  • Vulnerability Management
  • Wireless IDS/IPS
  • Sandbox Technologies for Malware Analysis

We will have a lead for each of these areas as well as participating vendors. Before the con, using our planning mailing list or other collaboration platforms, you will work with your team lead and vendor to set up your focus area and get ready for the event.

Once the event is running, you will assist with your focus area. This won’t be a full time thing (you can still attend the con, watch talks, eat) but we will require some of your time periodically for troubleshooting and maintenance.

For some areas, such as SOC and Threat Hunting, we will have specific times Saturday when you will be “on shift.” This will be a 2 hour time slot where you will work with experts in the field to learn from them and the products we’re using.

Potential Labs Attendees – Sign up here.  Deadline for applications is December 20th, 2023.


ShmooCon Labs sponsorship is not the same as being a general ShmooCon sponsor. What does that mean? At a very very  high-level, it means your company doesn’t have to write ShmooCon a check, nor will you have a table in the sponsorship area.

Instead, you’ll have the opportunity of showing how your equipment plays well with others in a relaxed yet fast-paced environment with a bunch of people who who will be learning about, hopefully like, and then recommend your product(s).

Labs vendors are expected to provide a product expert/engineer that is able to install, troubleshoot interoperability issues, possibly try new features in a real production environment as well as teach and promote your product.  This is a true labs environment, not a sales pitch – so don’t send someone from sales. We find that most engineers who attend have as much fun as at the attendees!

We also request that Labs vendors to be more engaged post-installation of the solutions, mostly through workshops to Labs and conference attendees. Either a deep-dive on the technology (and not the product per-se) or a demo on how to accomplish something meaningful in a live security conference network.

In addition to the hands-on exposure mentioned above, accepted vendors to ShmooCon Labs will receive the following:

  • Logo placement on the ShmooCon Labs badge and on Labs signage (banner outside door)
  • Logo placement on ShmooCon website and in the Labs portion of the program
  • Two ShmooCon Barcodes to attend the conference (one to be used by product expert/engineer)

Vendor opportunities are limited so if you are a vendor that would like to participate in ShmooCon Labs please send an email to with the following information:

  • Company Name
  • Primary Contact Name and email
  • Name and brief description of your product offering
  • What focus area you think it will compliment the ShmooCon network.