ShmooCon Labs is a not-so-new concept that has been sort-of proven to work.  At the very least people like it and tend to come back every year – even bringing friends. Cables, Networking and Security Equipment, Humans that have some knowledge about that gear, other Humans providing guidance overall, Caffeine (not provided), Collaboration (definitely provided) and not a lot of time make ShmooCon Labs what it is.

Since 2007, like a long loooong time ago in the basement of the Wardman Park, some attendees, select vendors and ShmooCon Labs Staff have made the internetz happen throughout the ShmooCon venues. The internetz is needed for many reasons: for you, for the speakers, staff and also for the video streaming for those enjoying the good weather at the beach in the Seychelles Islands.

We used to hussle and get everything working, and break it, and then fix it until it is time to leave on Sunday. As of last year, that changed a bit. Now Labs has two fundamental objectives, the good-old make everything work part – we call that BUILD. Without this, there is no second part.  Assuming BUILD goes as planned, the same attendees are more than welcome to join us for the OPERATE side of things.

Let’s break those down: there is a lot to be done for the BUILD part. We do some planning, pre-configure some basic infrastructure, virtualization and then we all show-up sometime on Wednesday to get things going full-throttle on Thursday early in the morning.  By Friday, prior to the conference starting, everything has to be up and running.

This is when OPERATE comes into play: throughout the remainder of the conference, everyone that helped set the network up can help in not only monitoring the network, but also using the infrastructure to learn (or teach) how a real-world SOC works. A little bit of Threat Hunting, possibly some Malware Analysis, Vulnerability Management, etc.

But wait… wait, yes, there is more: In addition to all of the above, Labs now extrapolates beyond, well, Labs… On Saturday we have presentations to anyone attending ShmooCon on what we do, some of the technologies we use, or just some good general network security transfer of information.

Cool? Want to be part of this? Okay, below we explain how that works for both Attendees and Vendors that want to be part of Labs:


If you’re interested in labs, prepared to pay a $50 fee, and you already have a ShmooCon barcode, then you can apply to be in Labs. Let us know who you are, why you’re interested in labs, and what area you’d like to focus in: Build or Operate. We certainly want those nice folks that help us BUILD the network, but also would like to  get more SOC analysts, threat hunters, and malware analysis types interested in Labs this year with the Operate focus.

You can pick from one of the following topic areas:


  • Networking (Switching, Routing, cabling)

  • Core Services (DHCP, DNS, Virtualization)

  • Wireless

  • Network Security (Firewall, IDS/IPS)

  • Log Collection / Aggregation


  • Security Operations Center

  • Threat Hunting and Log Correlation

  • Vulnerability Management

  • Wireless IDS/IPS

  • Sandbox Technologies for Malware Analysis

We will have a lead for each of these areas as well as participating vendors. Before the con, using our planning mailing list, you will work with your team lead and vendor to set up your focus area and get ready for the event. Once the event is running, you will assist with your focus area. This won’t be a full time thing (you can still attend the con) but we will require some of your time periodically for troubleshooting and maintenance.

For some areas, such as SOC and Threat Hunting, we will have specific times Saturday when you will be “on shift.” This will be a 2 hour time slot where you will work with experts in the field to learn from them and the products we’re using.  Also, each focus area will give a brief (15 minute) overview of what they’re doing as a lightning talk in the Chill-Out room. These will be scheduled talks and advertised to the attendees so we’re hopeful to have a good audience for each of the talks.



ShmooCon Labs sponsorship is not the same as being a general ShmooCon sponsor. What does that mean? At a very very  high-level, it means your company doesn’t have to write ShmooCon a check, nor will you have a table in the sponsorship area.

Instead, you’ll have the opportunity of showing how your equipment plays well with others in a relaxed yet fast-paced environment with a bunch of people who who will be learning about, hopefully like, and then recommend your product(s).

Labs vendors are expected to provide a product expert/engineer that is able to install, troubleshoot interoperability issues, possibly try new features in a real production environment as well as teach and promote your product.  This is a true labs environment, not a sales pitch – so don’t send someone from sales. We find that most engineers who attend have as much fun as at the attendees!

What’s new for 2018? We would like to have the vendors to be more engaged post-installation of the solutions, mostly through workshops to Labs and conference attendees. Either a deep-dive on the technology (and not the product per-se) or a demo on how to accomplish something meaningful in a live security conference network.

In addition to the hands-on exposure mentioned above, accepted vendors to ShmooCon Labs will receive the following:

  • Logo placement on the ShmooCon Labs badge and on Labs signage (banner outside door)

  • Logo placement on ShmooCon website and in the Labs portion of the program

  • Two ShmooCon Barcodes to attend the conference (one to be used by product expert/engineer)

  • Opportunity to place one approved item in ShmooCon Attendee swag bag

Vendor opportunities are limited.  

If you are a vendor that would like to participate in ShmooCon Labs please send an email to with the following information:

  1. Company Name

  2. Primary Contact Name

  3. Name of your product offering and

  4. What focus area you think it will compliment the ShmooCon network.



Curious about how ShmooCon builds and operates the network and security infrastructure? On Saturday the ShmooCon Labs staff will be giving short 15-minute presentations describing the inner workings of everything from our network architecture to how we do threat hunting.

Location: The BoF it room:

We don’t have the definitive list of the topics yet, but here is what we did last year (topics and times subject to change):

  • 1030   Networking / Core Services

  • 1045   Wireless Network

  • 1130   Network Security

  • 1145   Infrastructure / Visualization

  • 1530   Log Collection / Aggregation

  • 1545   Security Operations Center

  • 1630   Threat Hunting / Log Correlation

  • 1645   Vulnerability Management

  • 1700   Sandbox Technologies for Malware Analysis