Well another year has come and gone in the infosec world. Just as accountants have their financial year, I think it’s safe to say that the infosec community revolves around the yearly Vegas ritual that is Blackhat and Defcon.
Some of you m ay have noticed that there was a distinct lack of blogging fro me during this years events, and for that I apologize. This year I really wanted to spend more time really talking to people and experiencing the hallway track that so many people miss entirely. You can never attend all the talks, and the best laid plans of mice (and men) amount to nothing once the first good discussion starts! So why fight it. I find that I can get much more out of a 4am discussion with somebody than I can get from even the most well researched presentation. Plus, if you want to see the talks, you can always buy the DVD set, or wait till they’re released! The hallway track and events like the Skytalks are limited to on-site. Be there, or miss out!
So with these things in mind here’s some comments from Vegas…
This years BSides event prior to Defcon was amazing… There are almost no words to describe the hotel that was selected to house this years event. I can’t think of a better place to hold the event, and I can’t wait to see what they come up with in 2012! BSidesLV is getting big… there’s no two ways around it. From it’s humble beginnings it’s grown to over 600 people attending and a large amount of people blowing off Blackhat entirely just to attend. BSides tickets were the hottest in town with walk-ups being turned away and requests for tickets (mostly through twitter) coming thick and fast.
I commented once that the size of BSidesLV means that it’s lost some of it’s interaction that it originally touted. I know Vegas is always going to be bigger, better, faster, more! but I stand by that comment. I loved the event and had some great discussions. The most memorable being the PTES discussion that started from the “Fuck the PTES” presentation. It was a great and frank exchange of views, knowledge and thoughts, and drives home what I consider to be the real plus behind BSides events!
With that said though, I saw a lot of people just attending… and the manta of BSides was always that there are no attendees. Everyone participates. I didn’t see that this year. Maybe it was too big, maybe it was the fact that there was a topless swimming pool! Who knows for sure. I just think things need to be tweaked in order to bring back that feeling of community sharing for next years event.
Thank goodness for the Rio! Yes I said it… the Riviera was too small for Defcon 17, far too small for Defcon 18, and might well have crumbled under the number if they’d held Defcon 19 there. The Rio has a lot to learn when it comes to handling hackers, but they tried, and that’s what counts. The extra space, better flow and just general “not as shitty as the Riv” feeling was a welcome change from the last few years. Sure you still have to line up to get into the popular talks, but that’s to be expected. There was room for all, and enough spare for things that needed to be done. The Rio even catered for the last minute blood drive, which from all accounts went very very well I hear.
The talks this year were varied and interesting. Although I found some to be less than inspiring when it came to the actual presentation itself. Just because you’re a great researcher, penetration tester, or developer, doesn’t automatically mean you’re a great speaker. Still, there’s not much Defcon can do to change that unless they start free classes on how not to use Powerpoint! If you presented and want feedback, ask. People are happy to give it, if you ask in the right way. If you ask “What do you think?”, most people will say “It was good”. Be specific. Ask what people thought of the slides, or the presentation style, of the content. Anyway, I’m getting off topic, sorry.
As always the hallway track and the smaller contests, Skytalks and general banter were much more important to me than the content in most cases. Don’t get me wrong, I went to some talks and saw some great stuff… but taking the time to really chat to the speakers afterwards is where the real content is.
If you take one thing from this blogpost, it’s that interaction is the most important thing at these sort of events. Talk to people, introduce yourself to new people. Make contacts, and take the time to really enjoy yourself!
See you all next year I hope! It’s the start of a new Infosec year…
PS: No, Mr Evans didn’t show up!
Defcon 12,000 : Evans 0