I know some people get fatigued with the scene and some of these conferences, but I personally find the week incredibly valuable. Like with most things, you get out what you put in. Much like the RSA Conference does for the corporate/commercial side of the industry, this week in the desert is the heartbeat of the research and hacker community for the year.
While our challenges in security are tremendous, the intellectual potential in the hallways and bars of Vegas is humbling and inspiring. I look at this week as an asymmetric window of opportunity to:
- determine the thrust and Zeitgeist of our demographic (in the now)
- help to frame and set the tone for the next 12 months
- challenge my various colleagues and teammates (and myself) out of respective ruts and comfort zones
- meet new people and get to know people better in meat space
- find new collaborators
- stimulate new research topics and insights
- eat bacon wrapped, almond stuffed dates (#BWASD) with red wine reduction and bleu cheese crumble
Highlights of Last Year
Here are a few of the things I fondly remember from last year:
At #BsidesLV in 2011, a few of us launched the beginning of acknowledging and studying the levels of fatigue and burnout in our industry and demographic. The room was honest and cathartic and intense. Seeing we had clearly struck a nerve, we later invested in the formal Maslach Burnout Inventory and presented more data at the RSA 2012 conference this spring. While there is much more to do, we’ve brought some of the challenges and support gaps to the surface and have started something needed. You can follow @SecBurnOut on twitter and the expanded IT Burnout Project. Many thanks to Jack Daniel, Dr. Stacy Thayer, KC Yerrid, Martin McKeay, and Gal Shpantzer who helped to kick-start the initiative.
At DEF CON 19, we braved our “Whoever Fights Monsters” panel where we tackled the rise of Anonymous in a substantive way – perhaps for the first time. After Aaron Barr was legal-threatened off the panel and another quit fearing retaliation, we pulled together:
- Joshua Corman (@joshcorman) <- me
- Brian Martin / Jericho (@attritionorg)
- “Baron von Arrrr” / Scot Terban (@krypt3ia)
- Paul Roberts (@paulfroberts) <- As Moderator
The video of our panel and the more intense and meaningful audio of our Q&A room are both posted in the conclusion of our Building a Better Anonymous Series – which Jericho and I researched and wrote over this past year. The exchanges were so intense – and the press/industry/community knowledge was so poor – that we felt we had to drive this dialectic forward.
Winning Hacker Pyramid:
Somehow I went from watching 10,000 cent Hacker Pyramid to joining Dan Kaminsky in defending the crown. While Rogue Clown and Jayson Street were impressive and fought admirably in the final round, Dan and I squeaked out the win. This year, they are “in it to win it” and all manner of smack talk has already begun.
While technically born during Metricon 6 in San Francisco the Tuesday after DEF CON 19… a concept like HDMoore’s Law can really only be born after spending a week in Vegas, surrounded by brilliant hackers and pentesters, getting the bartender at the 303 party to pour HD Moore some stiffer cocktails while listening to nerdcore and then turning your brain inside out with a bunch of statisticians and risk professionals at a Metrics conference. While my brain felt as if it had been through an unnatural act, HDMoore’s Law turns out to have been a pretty useful concept – and many a practitioner is putting it into action in their environments.
Casual Attacker power grows at the rate of Metasploit
My Speaking Slots:
Tuesday, July 24 – 4:00 PM – Black Hat Executive Briefings (Caesars Palace)
Closing Panel – Analytical Response and Discussion
- Joshua Corman
- Rob Joyce
- Rich Mogull
- Kevin Overcash
After a full day of CISO briefings and discussions on this year’s Black Hat presentation themes, we’ll provide some broader context, framing and friendly debate – to help enhance the CISOs’ experiences through out the rest of the week.
Tuesday, July 24 – 6:00 PM – CodenomiCON 2012 (Bellagio)
Unconventional Adversaries vs Conventional Wisdom
I’ll give give a short but hitting look at how two adversary classes have shattered a lot of security “conventional wisdom”.
Wednesday and Thursday, July 25 & 26 – #BSidesLV (The Artisan)
Interviews and Honey Badgers
Martin McKeay and I will be interviewing speakers and attendees on and off for most of the two days. I’ll also be giving away Honey Badger T-Shirts. There are far too few of you wearing Honey Badger T-Shirts. Find me or Martin.
Friday, July 27 – 8:00 PM (pretty sure) – Track 3 – DEFCON 20 (Rio)
25,000 cent Hacker Pyramid
Dan Kaminsky and I will attempt to retain the title.
Saturday, July 28 – 10:00 AM – Track 2 – DEFCON 20 (Rio)
World War 3.0 – Chaos, Control & The Battle for the Net
- Michael J Gross – Moderator and author of World War 3.0 piece in Vanity Fair May 2012
- Jeff Moss (The Dark Tangent)
- Joshua Corman
- Dan Kaminsky
- Rod Beckstrom (playing the part of Vint Cerf)
This panel (FULL ABSTRACT) will build upon the Vanity Fair piece profiling these panelists and the escalating tension/conflict between forces of chaos and control – threatening a free and open internet. The December meetings of the ITU will likely bring these issues to a head. What role will the DEF CON community play in the coming months as this story and the fallout unfold?
Saturday, July 28 – 9:00 PM – Track 2 – DEFCON 20 (Rio)
FILM SCREENING and Q&A: We Are Legion by Brian Knappenberger
We’ll screen Brian’s documentary on Anonymous. I’ve seen an early cut and it was excellent. The film features several DEF CON speakers who will also do a Q&A after the film: Richard Theime, Chris Wysopal (WeldPond), Jericho, myself, Biella Coleman and loads of Anonymous members. Here is the Trailer.
Be sure to:
- pace yourself
- meet NEW people
- see NEW speakers
- be diligent about “how you can I bring this back with me and apply it?”
Hope to see you in Vegas!