Defcon always worked out as the most cost effective broad technical training for my penetration testers and technical security teams - even though I had to approve budget for them to fly from the UK to Vegas and stay there for the week.
Defcon gives
- cutting edge training
- direct experience of 'black hat' activities
- value for money
Blackhat is a much more difficult argument - in my opinion it is only really valuable if you must be seen there with certain people, or can use the networking time valuably.
Blackhat gives
- exposure to senior representatives of security organisations
- limited training on new enterprise security products
Local conferences can potentially work out cheaper (I'm thinking of OWASP for web app security people, local Defcon meets, BlackHat Europe for Europeans etc) but it is worth weighing up the differences in scale.