Okay, I need some help.

Currently prepping for #BlackHat2023 and considering grabbing a VPN for my device.

My husband (developer / test automation engineer for cryptography products, so more professionally knowledgeable than I) thinks it's really not useful, for several reasons:

1. VPNs encrypt traffic to and from endpoints -- not necessarily doing anything at the destination itself. Basically, it can't save me from myself by preventing my falling for DNS spoofing or phishing, which seem like a more realistic concern at a #cybersecurity conference anyway.

2. I should already have all my device traffic encrypted, without needing a VPN to do it for me. (My phone's default settings are for encryption -- I did check.) There's bigger, internet-breaking implications if they can break / interrupt known secure connections between an endpoint and a known secure domain.

3. Data gleaned from sniffers is more of an overview of activity, not specifics of logins / etc, unless sent in the clear. (See Point No.2 above.) It could help with #spearphishingattacks but not really make or break anything in the bigger scheme.

... I don't have enough personal expertise to argue, but I feel like he's wrong in some way.

So, questions for anyone who knows better:

1. Is Husband Unit right? What is he missing, if anything?

2. If Husband Unit *is* right, then is a VPN really necessary for Black Hat?

3. What security measures *are* necessary when going to an event like Black Hat or DEF CON?