Applications for Labs 2018 are now closed.


After 10 years of the ShmooCon Labs existence the inevitable has arrived. No! Labs is not over, ShmooCon still needs a network for staff, speakers, video streaming and YOU!

But certainly in the past couple of years we noticed that things have changed from when we originally envisioned Labs; from technologies, security, to actually what people want to do ( teach and learn from Labs) the world has changed and Labs needs to change as well.

Ultimately Labs is all about participants learning, in a challenging, fast-paced environment while still delivering a reliable network to the conference. Over the last few years we’ve moved to a more virtualized infrastructure, pre-staged more infrastructure components, adopted more advanced network gear, and even tried to address the pre-conference craziness that sets in the day before the con starts. Overall, it worked great. Maybe too great? As Labs has matured, we lost a bit of the original edge and some of the challenge associated with throwing together a network in a hotel right before the con. We want labs to be engaging and education not just for the labs attendees but for the conference attendees as well. After some discussion, soul searching, and beers, we decided it was time for a change.

So here’s Labs-NG.

ShmooCon labs will still be responsible for building and operating the network and systems the conference needs. So we will still be staging some infrastructure ahead of time to make sure we can at least constitute a functional network. That said, we’re going to try to add structure to both the building and the operating of the network.

We can’t get away from the building part of labs, so having a little bit of staging or even a plan-B in terms of having something up the sleeve if things go totally sideways is an option. But in addition to that, we would like to complement this building part of part with something more formal in terms of Monitoring, Visualization and some hands-on investigation style/ threat-hunting-palooza.

What does this mean? Let’s break this down in two parts, Attendees and Labs Sponsors:


If you’re interested in labs and you have a ShmooCon barcode, then you can apply to be in Labs. Let us know who you are, why you’re interested in labs, and what area you’d like to work in. This year we’ve changed the focus areas quite a bit and split them into two large sections, Build and Operate. We’re hoping to get more SOC analysts, threat hunters, and malware analysis types interested in Labs this year with the Operate focus.

You can pick from one of the following topic areas:


  • Networking (Switching, Routing, cabling)
  • Core Services (DHCP, DNS, Virtualization)
  • Wireless
  • Network Security (Firewall, IDS/IPS)
  • Log Collection / Aggregation


  • Security Operations Center
  • Threat Hunting and Log Correlation
  • Vulnerability Management
  • Wireless IDS/IPS
  • Sandbox Technologies for Malware Analysis

We will have a lead for each of these areas as well as participating vendors. Before the con, you will work with your team lead and vendor to set up your focus area and get ready for the event. Once the event is running, you will help with running your focus area. This won’t be a full time thing (you can still attend the con) but we will require some of your time periodically for troubleshooting and maintenance.

For some areas, such as SOC and Threat Hunting, we will have specific times Saturday when you will be “on shift.” This will be a 2 hour time slot where you will work with experts in the field to learn from them and the products we’re using.  Also, each focus area will give a brief (15 minute) overview of what they’re doing as a lightning talk in the Chill-Out room. These will be scheduled talks and advertised to the attendees so we’re hopeful to have a good audience for each of the talks.

Still interested? Apply now. Spots are limited.


ShmooCon Labs sponsorship is not the same as being a a general ShmooCon sponsor. What does that mean? At a very high-level, it means your company doesn’t have to write ShmooCon a check, nor will you have a table in the vendor area.

Instead, you’ll have the opportunity of showing how your equipment plays well with others in a relaxed yet fast-paced environment with a bunch of people who who will be learning about, hopefully like, and then recommend your product(s).

Labs sponsors are expected to provide a product expert/engineer that is able to install, troubleshoot interoperability issues, possibly try new features in a real production environment as well as teach and promote your product.  That being said – this is a true labs environment, not a sales pitch.  We find that most engineers who attend have as much fun as at the attendees!

What’s new for 2018? We would like to have the vendors to be more engaged post-installation of the solutions, mostly through workshops to Labs and conference attendees. Either a deep-dive on the technology (and not the product per-se) or a demo on how to accomplish something meaningful in a live security conference network.

In addition to the hands-on exposure mentioned above, accepted vendors to ShmooCon Labs will receive the following:

  • Logo placement on the ShmooCon Labs badge and on Labs signage (banner outside door)
  • Logo placement on ShmooCon website and in the Labs portion of the program
  • Two ShmooCon Barcodes to attend the conference (one to be used by product expert/engineer)
  • Opportunity to place one approved item in ShmooCon Attendee swag bag

Vendor opportunities are limited.  

If you are a vendor that would like to participate in ShmooCon Labs please send an email to with the following information:

  • Company Name
  • Primary Contact Name
  • Name of your product offering and in what focus area you think it will compliment the ShmooCon network.


Curious about how ShmooCon builds and operates the network and security infrastructure? On Saturday the ShmooCon Labs staff will be giving short 15-minute presentations describing the inner workings of everything from our network architecture to how we do threat hunting.

Saturday in BoF It

  • 1030   Networking / Core Services
  • 1045   Wireless Network
  • 1130   Network Security
  • 1145   Infrastructure / Visualization
  • 1530   Log Collection / Aggregation
  • 1545   Security Operations Center
  • 1630   Threat Hunting / Log Correlation
  • 1645   Vulnerability Management
  • 1700   Sandbox Technologies for Malware Analysis