ShmooCon Labs registration is now closed.

ShmooCon Labs – where Labs attendees, select vendors and ShmooCon staff come together and make magic happen.  Seriously.

Since 2007, like a long loooong time ago in the basement of the Wardman Park, ShmooCon Labs have made the internetz happen throughout the ShmooCon venues. The internetz is needed for many reasons: for you, for the speakers, staff and also for the video streaming for those enjoying the good weather at the beach in the Seychelles Islands.

We used to hustle and get everything working, then break it, and then fix it again until it was time to leave on Sunday. We’ve changed things up a bit over the years. Now Labs has two fundamental objectives, the good-old make everything work part – we call that BUILD. Without this, there is no second part.  Assuming BUILD goes as planned, the same attendees are more than welcome to join us for the OPERATE side of things.

Let’s break those down: there is a lot to be done for the BUILD part. We do some planning, pre-configure some basic infrastructure, virtualization and then we all show-up sometime on Wednesday to get things going full-throttle on Thursday early in the morning.  By Friday, prior to the conference starting, everything has to be up and running.

This is when OPERATE comes into play: throughout the remainder of the conference, everyone that helped set the network up can help in not only monitoring the network, but also using the infrastructure to learn (or teach) how a real-world SOC works. A little bit of Threat Hunting, possibly some Malware Analysis, Vulnerability Management, etc.

But wait… wait, yes, there is more: In addition to all of the above, Labs now extrapolates beyond, well, Labs… On Saturday we have presentations to anyone attending ShmooCon on what we do, some of the technologies we use, or just some good general network security transfer of information.

Sound fun? Want to be part of this? Here’s what you need to know…

ATTENDEES – Registration is now closed.

If you think ShmooCon Labs sounds like a great time, are prepared to pay a $50 fee, and you already have a ShmooCon barcode, then you can apply to be in Labs. Let us know who you are, why you’re interested in labs, and what area you’d like to focus in: Build or Operate. We certainly want those nice folks that help us BUILD the network, but also would like to  get more SOC analysts, threat hunters, and malware analysis types interested in Labs this year with the OPERATE focus.

You can pick from one of the following topic areas:

  • Build
  • Networking (Switching, Routing, cabling)
  • Core Services (DHCP, DNS, Virtualization)
  • WirelessNetwork Security (Firewall, IDS/IPS)
  • Log Collection / Aggregation
  • Operate
  • Security Operations Center
  • Threat Hunting and Log Correlation
  • Vulnerability Management
  • Wireless IDS/IPS
  • Sandbox Technologies for Malware Analysis

We will have a lead for each of these areas as well as participating vendors. Before the con, using our planning mailing list, you will work with your team lead and vendor to set up your focus area and get ready for the event. Once the event is running, you will assist with your focus area. This won’t be a full time thing (you can still attend the con) but we will require some of your time periodically for troubleshooting and maintenance.

For some areas, such as SOC and Threat Hunting, we will have specific times Saturday when you will be “on shift.” This will be a 2 hour time slot where you will work with experts in the field to learn from them and the products we’re using.  Also, each focus area will give a brief (15 minute) overview of what they’re doing as a lightning talk in the Chill-Out room. These will be scheduled talks and advertised to the attendees so we’re hopeful to have a good audience for each of the talks.

Potential Labs Attendees – Sign up here.


ShmooCon Labs sponsorship is not the same as being a general ShmooCon sponsor. What does that mean? At a very very  high-level, it means your company doesn’t have to write ShmooCon a check, nor will you have a table in the sponsorship area.

Instead, you’ll have the opportunity of showing how your equipment plays well with others in a relaxed yet fast-paced environment with a bunch of people who who will be learning about, hopefully like, and then recommend your product(s).

Labs vendors are expected to provide a product expert/engineer that is able to install, troubleshoot interoperability issues, possibly try new features in a real production environment as well as teach and promote your product.  This is a true labs environment, not a sales pitch – so don’t send someone from sales. We find that most engineers who attend have as much fun as at the attendees!

We also request that Labs vendors to be more engaged post-installation of the solutions, mostly through workshops to Labs and conference attendees. Either a deep-dive on the technology (and not the product per-se) or a demo on how to accomplish something meaningful in a live security conference network.

In addition to the hands-on exposure mentioned above, accepted vendors to ShmooCon Labs will receive the following:

  • Logo placement on the ShmooCon Labs badge and on Labs signage (banner outside door)
  • Logo placement on ShmooCon website and in the Labs portion of the program
  • Two ShmooCon Barcodes to attend the conference (one to be used by product expert/engineer)
  • Opportunity to place one approved item in ShmooCon Attendee swag bag

Vendor opportunities are limited so if you are a vendor that would like to participate in ShmooCon Labs please send an email to with the following information:

  • Company Name
  • Primary Contact Name and email
  • Name and brief description of your product offering
  • What focus area you think it will compliment the ShmooCon network.


Curious about how ShmooCon builds and operates the network and security infrastructure? On Saturday the ShmooCon Labs staff will be giving short 15-minute presentations describing the inner workings of everything from our network architecture to how we do threat hunting.

Location: The BoF it room:

We don’t yet have the final line-up for what will be presented in 2020, but here is what we did last year:

• 1030   Networking / Core Services

• 1045   Wireless Network

• 1130   Network Security

• 1145   Infrastructure / Visualization

• 1530   Log Collection / Aggregation

• 1545   Security Operations Center

• 1630   Threat Hunting / Log Correlation

• 1645   Vulnerability Management

• 1700   Sandbox Technologies for Malware Analysis
We will post an updated schedule as we get closer to the con.