Why I love DEF CON

By day I work in corporate security at a pretty sizeable multinational, but like many security “professionals”, security isn’t a just job, it’s a hobby/interest that I’m lucky enough to do as a day job also.

Where am I going with this?  For the past 6 years I’ve been religiously attending DEF CON

“Must be nice for your company to pay”…

…actually, most years the company don’t pay…. a bunch of us take off to Vegas and DEF CON/Blackhat (and now Bsides) as “vacation” (Holiday, for the peeps in the UK).  That’s how much we value and enjoy the con.  I argue that DEF CON is one of the most important cons of the year for a security pro and/or geek. The calibre of talks and speakers is outstanding, it’s cheap and a lot of people are in town.  I view it as a brain dump of security work that takes you the rest of the year to digest (and catch up on thanks to the media archives)

No sales pitches

What I also like, is that there’s not sales pitches….and boy do I hate those sales pitchy type presentations.. I’d like to see it be mandatory that sales pitch presentations have the text “infomerical” in the header.

 DEF CON always leaves me filled with new ideas and a motivation that can see me through to the following year.  If you’re a regular, you probably get the same buzz and if you’re not, you don’t know what you’re missing.  It’s the same buzz (if you can call it that) you had when you first realized that you could make something do something that the designer hadn’t really intended.  That’s the fire that burns in the belly of every security pro/geek who’s got passion.

Local DEF CON chapters, a serendipitous meeting

On the way home (at Las Vegas Mcarran airport, the metro there to be precise) from DEF CON 15 or 16, I got chatting to another con goer (Note, con goers are easy to spot, they typically wear black t-shirts with geek-ified slogans).  This other con-goer was alien (@alien8 on twitter), a DEF CON  Goon.  alien told me to check out DC4420, the London, UK DEF CON chapter…so about 2 years later I went along. Together with Major Malfunction, alien is the organization genius behind DC4420.

DC4420 – Community

Dc4420 (and I’d assume other DEF CON chapters)  is excellent.  Each month a group of 50-130 hacker/geek types get together, typically for two talks, a tech talk and a fun/lower-tech talk. There’s also plenty of opportunity to chat with folks or “pie of the day” and beer…

…I’ve seen this mentioned on another website, but one of the best ways to meet people is to do a talk. Talking,  or even just sharing what you’re working on can lead to discussions with others who are tackling the same challenge or have complimentary knowledge and skills. 

I let alien know I had a talk about “teaching my dad to be more streetwise online” and before I knew it, I was talking at DC4420. I didn’t really think the talk was DC4420 material, but it seemed to strike a chord with others.  Well, this had a knock on effect of people talking to me about what I was doing in the local village community and opened a door to talk meeet and talk to more people in the UK security community.

Through that one talk, I got chatting to some seriously smart people at DC4420 (Far smarter than I’ll ever be). I’ve had discussion and help on a number of topics (non-work related, for the record) and also shared my learnings with others. Ultimatly, this is what a community is about and I love being part of it. 

What do people talk about?

Everything from ”Disk Encryption Product flaws” (seriously awesome stuff from mu-b)  to building rockets (Rocketry for fun and profit – The Hatter. BTW, the Hatter is seriously funny, not to mention smart) .  Here’s a sample of previous talks…

  • DIY grid computing (tqm)
  • SQL injection, how far does the rabbit hole go? (Justin Clarke)
  • Having Fun with Apple’s IOKit (Ilja Van Sprundel)
  • Torches / Lasers
  • Home built water cannon
  • Interfacing live firearms to FPS games
  • Brain engineering (smart drugs etc.)

 …not everyone’s a genius… well, they might be, but I’m certainly not ;-) so don’t be put off.

So what am I saying?

If DEF CON / DEF CON Chapters have passed you by, maybe it’s time for a rethink..

For me, DEF CON is about hearing what others have been up to (talks are always so much better when it’s clear that the speaker loves his subject matter); It’s about getting excited about things I hadn’t known or thought about; it’s about enjoying security/hacking (in the non criminal sense) in its purest, non-sales-sense; it’s about meeting likeminded people… ah heck, just hunt down the DVD “Hackers are people too“.

DC4420 (DEF CON chapters) are just an extension of that. They provide a year round community, of people willing to collaborate/discuss openly on things they’re geeking out to. Oh, and its free from sales hype, free from phrases like “world class cost structure” and “touching base”.

So, go hunt down your local chapter, or start one up, but we warned, you may end up spending money on rocket kits that you’re eventually going to trash ;-)