There are literally hundreds of cybersecurity conferences hosted around the world each year and as a result it can be difficult to determine which conferences provided the highest value in the domain.  Events like Black Hat remain valuable due to the fact that the talks are selected by an independent expert review board (which I’ve been on since inception) and the fact that so many vendors participate as well as practitioners and buyers in the community.  In fact, one of our OODA Ventures portfolio companies said that Black Hat provided twice as many qualified leads for them as other events at which they’ve exhibited. 

In addition, there are numerous corporate focused events like RSA and a series of grass-roots security conferences such as bSides, DerbyCon, SchmooCon, and even CornCon.  While each of these events bring community value in their own unique way, I think Def Con is the most valuable event of the year for the community. Here’s why.

Not Just a Hacker Party

There is a common perception that Def Con is just one big hacker party.  It’s true that the evenings are filled with dozens of fun parties and events, but many of them serve as great networking events as well. For example, VetCon brought together over 1000 Veterans who were attending the event to share drinks and activities like an indoor archery challenge and a sports-bounce obstacle course.  Localized or topical parties also take place for those with an interest in fields like red teaming or originating from a particular geography (distinguishable by their phone area code designation like the 303 party).

Beyond the parties, the event features three days of multiple-track talks on a variety of technical and community-focused topics.  Just search recent news to explore some of the groundbreaking security research unveiled at the event.  There are various contests that are deemed to be amongst the top contests in the world including a technical capture the flag contest, a social engineering contest, a hack the world contest (focused on ICS and IOT), and numerous other contests catering to a variety of interests and sub-professions of cybersecurity.  The Village infrastructure is so robust, I’ve dedicated an entire section to it below.

In addition, you’ll find lots of ancillary activities. For example, the Hewlett Foundation sponsored a Policy Suite for discussion of policy related topics.  I visited the suite to hear an excellent presentation by Sarah Zatko of the Cyber Independent Testing Lab on their test results derived from testing thousands of IOT devices.

The foundation also sponsored the creation and printing of a Policy Guide to Hacker Summer Camp (a community designation for the trio of events over the week that include Black Hat, bSides LV, and Def Con).  It serves as a great introduction to the events and the community.

Inclusive and Adaptive

The Def Con community fosters one of the most inclusive events you will encounter catering to the unique qualities and personalities of the cybersecurity field.  By design this year, the event badges themselves facilitated interaction amongst the attendees and challenged them to meet each other and interact with different badge types (speakers, artists, vendors, etc).

The event also adapts very quickly with the interests of the community, with new topics, villages, and contests happening all the time.  In fact, nearly half of the villages for 2019 were new villages that did not exist last year but immediately started providing community value this year.  The event is staffed by over 100 security volunteers (referred to as Goons), a full-time dedicated Network Operations Team, and also runs hotlines to report harassment and other security or community issues.

The event also produces a full transparency report noting the types of incidents that occurred at the event and operates a staffed hotline that handled 29 inbound calls.  Automated transcribers project closed captioning for the hearing impaired and a number of sign language volunteers staff Deaf Con, which is focused on providing sign language services for popular talks.

At its core this is really a community driven event and the shared experience results in lasting network connections and lots of future collaboration.  The folks sitting on the carpet sharing ideas this year are the speakers and village operators of next year.

It Takes a Village

The biggest differentiator at Def Con is the robustness of the villages that take place during the event.  The villages are basically micro-conferences that any attendee can visit depending on what they are interested in.  The complete list of villages is provided below, but here are the ones I found to be incredibly valuable.

The Aviation Village was very robust this year and included lots of aviation related hardware that participants could hack.  The highlight of the village was a full size flight simulator that allowed participants to fly a plane and experience the impact an aviation-related breach could have first hand.  The village volunteers were composed of aviation security experts as well as experienced pilots.

The Bio Hacking Village included talks on bio-security issues but also featured a mock hospital room for security testing of medical and embedded medical devices.

The Car Hacking Village included not one, but three complete vehicles for participants to target and included robust prizes for successful attacks.  Challenges ranged from unlocking the doors and honking the horn to taking on more critical systems like braking.

The Hack the Sea Village focused on the security of ships and also maritime systems for logistics, etc.  This was a new village for 2019 and attracted a lot of attendees and attention.

The ICS Village provided a ride range of hardware for attendees to target including common IOT devices (including and internet connected toaster) and also full ICS mock-up environments for power transmission and an oil refinery.  Additionally, they had an ICS hacking beginner environment that stepped participants through 20 capture the flag like challenges to teach them how ICS systems work, how to target them, and how to secure them. This was an incredible learning environment that even my 14 year old was able to take advantage of.

The Lock Pick Village provided ample opportunity to learn and practice lock picking skills against dozens of different lock types including a car door.

The r00tz Village is a kids-only environment where over 300 kids participated in their own capture the flag contest, lockpicking, badge and hardware hacking, and even advanced topics like recognizing misinformation.  

The Voting Machine Village allowed for participants to target a large variety of voting machines, including a secure voting machine prototype provided by DARPA.

For a full listing of villages with descriptions, please visit this Def Con Village page.

• AI Village
• AppSec Village
• Aviation Village
• BCOS Block Chain Village
• Bio Hacking Village
• Blue Team Village
• Car Hacking Village
• Cloud Village
• Crypto & Privacy Village
• Data Duplication Village
• DEF CON Hardware Hacking Village
• DroneWarz Village
• Ethics Village
• Hack the Sea Village
• Ham Village
• ICS Village
• Internet of Things Village
• Lock Bypass Village
• Lock Pick Village
• Monero Village
• Packet Hacking Village
• r00tz Asylum
• Recon Village
• Red Team Offense Village
• Rogue’s Village
• Social Engineering Village
• SkyTalks 303
• Soldering Skills Village
• Tamper-Evident Village
• Voting Machine Hacking Village
• Variety eXploitation Village
• Wireless Village

The Highest Yield Security Event of the Year

Having spoken at hundreds of events over the past 25 years and attended hundreds more, I can honestly say that Def Con provides the highest yield of anything I attend.  If you are on the fence about attending, I’d recommend you give it strong consideration, especially if you are already attending Black Hat and just have to extend that visit by a couple of days.  Def Con also launched a policy liaison process, where policy makers register with the event and receive a fully guided tour by experienced Def Con volunteers.

The best Def Con experience is to pick the talk tracks that are interest to you and then spend the remaining time in the robust village and contest ecosystems.  The Villages are so impactful, you could spend an entire day at just one and engage in continuous learning through village talks and hands-on activities.

If you do make plans to attend next year, reach out to us so you can attend our OODA Network social events as well.