How experts stay safe at the Black Hat security conference.

SAN FRANCISCO — Pen and paper instead of a laptop. Cash instead of credit cards. Face-to-face chats instead of cell phones. That is the drill for the most cautious at two big computer security conferences this week in Las Vegas.

Together they are a gathering of the worlds best hackers, which is why security professionals need to be there — but also on their toes, said Richard Blech, CEO of Secure Channels, a digital information security company based in Irvine, Calif.

Black Hat, which begins Tuesday, will fill the Mandalay Bay hotel with upwards of 9,000 security executives, hackers, academics, government and law enforcement staffers.

it is immediately followed by Def Con, a more hacker-oriented conference held at the Paris and Ballys hotels. Last year, Def Con attracted nearly 16,000 people.

Both feature demonstrations, lectures and presentations about the most cutting-edge computer security issues — attended by thousands of people with the tools and the knowledge to break into just about any system imaginable.

It is one-stop shopping, a place were every major security executive is gathered. You do not have to travel around the globe or hunt them down on the Internet — they are all here, said Brad Taylor, CEO of security company Proficio in Carlsbad, California.

That means the rules are a little different, said Stan Black, chief security officer for Citrix in Fort Lauderdale, Fla.. For example, he is bringing his schedule printed out on a piece of paper so he does not have to turn on his cell phone to check it.

The most wary will also turn off WiFi, power down Bluetooth and book hotel rooms halfway across town.

The threats include everything from script kiddies using programs they found online to nation-state actors out to pry loose sensitive information from large international corporations.

And they are all staying in the same hotel, said Steve McGregory, director of threat and application intelligence for Ixia, a security firm in Austin, Tex.

Jon Miller, vice president of the security firm Cylance in Irvine, Calif., does not see the hacking at Black Hat as malicious so much as it is simply intellectually curious. But he still turns off WiFi and Bluetooth on his phone and only logs on to the Internet from his hotel room using a virtual private network.

And all my communications are encrypted, he said.

Taylors not even sure how safe VPNs will be. I am just a little concerned that somebodys got something they have figured out — and this is the time they will use it, he said.

Perhaps the biggest danger is the one most people would not think twice about — using the hotel or conference WiFi to connect to the Internet. And that means Starbucks too, Taylor said.

At DefCon, That is made abundantly clear by what is known as the Wall of Sheep. Most years a self-appointed group of watchers monitor the conference WiFi system and post a continuous stream of passwords, IDs and other information unwittingly transmitted in the open by those not using safe computing techniques.

To guard against having their cell phones hacked, some attendees use burner phones instead. These are cheap, pre-paid cell phones that contain none of their personal information. They just throw away when they are done with the conference.

With multiple sessions demonstrating how easy it is to read credit card data remotely with an electromagnetic sniffer, lots people leave their credit cards back in their hotel room safe.

They can just be standing behind you in the line. They come up to you and kind of bump into you and they are electronically lifting the information, it just takes second, Blech said.

He counsels staff and clients to keep their credit cards in specially shielded envelopes to or stack them one on top of the other so the signals are jumbled up.

Laptops are such a treasure trove of information that many conference-goers leave theirs at home, bringing only a sterile machine that contains nothing but the presentations they are making. No email. No web browsers. No personal files.

Even though his machines are encrypted and all the security they should have, Brad Taylor at Proficio only plans to carry a clean iPad.

If somebody has got something new and they are testing it out, I do not want to be one of the people who gets hit, he said.

All of this makes Black Hat and Def Con somewhat daunting to attend, but That is the world these security professionals live in every day.

Having to protect a single laptop isn not that big a deal, Black said. We get over 20,000 unauthorized probes on our system every minute, he said.