Tweet
I realize that this thread's title is a bit of a loaded phrase, but there's something i'd like to point out here. I brought a number of new people to DEFCON this past summer. Friends, family of friends, and lots of new TOOOL faces were among those who had their DC cherry popped at the Rio hotel.
When reflecting on whether they had fun or not (and, in this same vein, whether they will come to DC 20) a common theme kept arising in discussions... "it was really neat to see everything going on, but i'm not into INFOSEC at all and i felt there wasn't much there for me" was a common refrain.
Naturally, i was as shocked and taken aback as many of you must be while you read that comment. I stood up (as many of you are wishing you could right now) and had to restrain myself from the "DEFCON is what you make of it!" and "you get as much out of DEFCON as you put in... anyone can find fascinating and wonderful activities and talks!" speeches.
Then, one person and i actually sat down with the DC19 program and looked through it, talk for talk, and even read through the contests and events material, as well.
I haven't sat down and attended more than one or two talks at DEFCON since perhaps DC9 or DC10 back at the Alexis Park. Aside from the times i'm on a stage, i'm rarely in the talk rooms. So naturally my view is a bit lacking in background. I suspect many of your opinions may be, too.
Have a look at the DC19 talks. Imagine that you weren't a person who was in information security. What percentage of talks would you say apply to you or even remotely appeal to you?
Well, just because i couldn't believe it myself, i decided to do the math (more or less, and i realize this is very subjective)
Here's what we found...
There were about 125 talks at DEFCON this year (unless i miscounted, and that's meaning actual briefing style talks taking place in the listed track rooms)
If you weren't at all into INFOSEC, there were a little over a dozen that you might have thoroughly enjoyed. Almost half of these had to do with physical security, by the way.*
In addition to those lockpicking and tamper evident seals talks, we see broad politically- and socially-aware topics like the Net Neutrality panel, prez talking about Privacy in the Digital Age, Hackerspaces, and the like.
However, there were a few real gems (at least from the talk summary) that just feel more like "old DEFCON" to me. Top of this list for me was the "Build Your Own Radar" talk. (which i still have to download, so i don't know how it actually went)
Staying Connected during a Disaster is a cool theme, along with some surveillance talks like the Aeral Hardware and Grenade-Launchable Camera and Airport Security that may have required a higher level of techy interest in the audience but also weren't fully INFOSEC talks.
There were also a half-dozen speakers who, in my opinion, always deliver solid material that is appealing to everyone. Johnny Long, Jason Scott, Jayson Street, Richard Thieme, and Moxie Marlinspike (with or without Diffie) are delights on stage and i would gladly recommend them to noobs or non-INFOSEC folk (even if that list gets increasingly harder to understand as you progress, if you don't have any background in computers) The EFF panel would likely fall into this category, too.
Then there were about 15 more talks that, while they were distinctly focused on topics that are of primary relevance to security professionals or INFOSEC workers, they had a broad enough appeal to possibly keep non-computer people entertained for the hour...
Big Brother Big Screen, Battery Hacking, the Fighting Monsters Panel, the Emergency Data Destruction panel, SpiderLabs Stories of Real Pen Tests, maybe the Trolling talk (whatever that was), BitCoin, the Comedy Jam, Getting Your Message Out (when the gov't shuts down the internet), Cyberpsychology, Security of Online Poker, Steg & Crypto, How to Do Research, Car Hacking, and Deceptive Hacking were probably all talks that i might have sent someone to and which they would have enjoyed with the right attitude if they were trying to enjoy DEFCON, even as a non-computer person.
So that's less than one-fifth of the total talks at the "worlds largest hacker conference" having even tangential appeal to people outside of the rather specialized sector of the computer world known as INFOSEC.
I'm not passing judgement here, nor am i saying that the folk who select these talks are doing a bad job. They wade through tons and tons of submissions and pick people who seem competent and interesting and try to balance it all out (and then, lest we forget, they actually cobble it all together into a schedule grid that takes into account all of the contests, games, events, etc!!)
(Speaking of contests, the official site listed 37 entries under "contests and events" but only about 20 of them were actual competitions where people would actively participate in the hopes of being ranked or winning something. i'd say 10 or so of these were contests where people without computer or crypto skills could play. that's not so bad, in my view, and rather on the money)
I guess i was just surprised, that's all. When i first started coming to DEFCON i wasn't a security professional. Many of us weren't. A lot of us have taken jobs in this industry and lived it for so long that we no longer even realize the shift that has taken place in the overall theme of the conference. How many of us would have been as able to feel "at home" at DEFCON today if we were our 17-year-old selves showing up for the first time?
I'm not passing judgement here. And i'm not saying that DEFCON should make a hard turn and try to steer for HOPE or NotACon territory... but you can bet that i absolutely love the off-the-wall "omg i can't believe i built it" nature of many of the speakers at those events. If a few more DEFCON talks came with warnings about causing things to explode or cautioning people to not burn their houses down, would that be a bad thing? If kids today -- who don't get to grow up with the likes of Mr. Wizard -- could witness more inspired DIY tech talks, would that deserve some more support?
Where do you all come down on this topic? Am i just a grumpy old fart bucking a tide of change that should not (and will not) be stopped? Am i seeing history through some odd-colored glasses and comparing current DEFCONs unfairly to a past which doesn't exist?
What talks do you get excited about at DEFCON and how should this conference continue into the future without becoming just three more days of Black Hat?
When reflecting on whether they had fun or not (and, in this same vein, whether they will come to DC 20) a common theme kept arising in discussions... "it was really neat to see everything going on, but i'm not into INFOSEC at all and i felt there wasn't much there for me" was a common refrain.
Naturally, i was as shocked and taken aback as many of you must be while you read that comment. I stood up (as many of you are wishing you could right now) and had to restrain myself from the "DEFCON is what you make of it!" and "you get as much out of DEFCON as you put in... anyone can find fascinating and wonderful activities and talks!" speeches.
Then, one person and i actually sat down with the DC19 program and looked through it, talk for talk, and even read through the contests and events material, as well.
I haven't sat down and attended more than one or two talks at DEFCON since perhaps DC9 or DC10 back at the Alexis Park. Aside from the times i'm on a stage, i'm rarely in the talk rooms. So naturally my view is a bit lacking in background. I suspect many of your opinions may be, too.
Have a look at the DC19 talks. Imagine that you weren't a person who was in information security. What percentage of talks would you say apply to you or even remotely appeal to you?
Well, just because i couldn't believe it myself, i decided to do the math (more or less, and i realize this is very subjective)
Here's what we found...
There were about 125 talks at DEFCON this year (unless i miscounted, and that's meaning actual briefing style talks taking place in the listed track rooms)
If you weren't at all into INFOSEC, there were a little over a dozen that you might have thoroughly enjoyed. Almost half of these had to do with physical security, by the way.*
In addition to those lockpicking and tamper evident seals talks, we see broad politically- and socially-aware topics like the Net Neutrality panel, prez talking about Privacy in the Digital Age, Hackerspaces, and the like.
However, there were a few real gems (at least from the talk summary) that just feel more like "old DEFCON" to me. Top of this list for me was the "Build Your Own Radar" talk. (which i still have to download, so i don't know how it actually went)
Staying Connected during a Disaster is a cool theme, along with some surveillance talks like the Aeral Hardware and Grenade-Launchable Camera and Airport Security that may have required a higher level of techy interest in the audience but also weren't fully INFOSEC talks.
* i am absolutely not saying that i or TOOOL deserve any special praise or credit here, by the way. we love that people in this scene enjoy the lock stuff and whatnot, but we do this because we enjoy it. no special recognition is ever deserved, etc.
There were also a half-dozen speakers who, in my opinion, always deliver solid material that is appealing to everyone. Johnny Long, Jason Scott, Jayson Street, Richard Thieme, and Moxie Marlinspike (with or without Diffie) are delights on stage and i would gladly recommend them to noobs or non-INFOSEC folk (even if that list gets increasingly harder to understand as you progress, if you don't have any background in computers) The EFF panel would likely fall into this category, too.
Then there were about 15 more talks that, while they were distinctly focused on topics that are of primary relevance to security professionals or INFOSEC workers, they had a broad enough appeal to possibly keep non-computer people entertained for the hour...
Big Brother Big Screen, Battery Hacking, the Fighting Monsters Panel, the Emergency Data Destruction panel, SpiderLabs Stories of Real Pen Tests, maybe the Trolling talk (whatever that was), BitCoin, the Comedy Jam, Getting Your Message Out (when the gov't shuts down the internet), Cyberpsychology, Security of Online Poker, Steg & Crypto, How to Do Research, Car Hacking, and Deceptive Hacking were probably all talks that i might have sent someone to and which they would have enjoyed with the right attitude if they were trying to enjoy DEFCON, even as a non-computer person.
So that's less than one-fifth of the total talks at the "worlds largest hacker conference" having even tangential appeal to people outside of the rather specialized sector of the computer world known as INFOSEC.
I'm not passing judgement here, nor am i saying that the folk who select these talks are doing a bad job. They wade through tons and tons of submissions and pick people who seem competent and interesting and try to balance it all out (and then, lest we forget, they actually cobble it all together into a schedule grid that takes into account all of the contests, games, events, etc!!)
(Speaking of contests, the official site listed 37 entries under "contests and events" but only about 20 of them were actual competitions where people would actively participate in the hopes of being ranked or winning something. i'd say 10 or so of these were contests where people without computer or crypto skills could play. that's not so bad, in my view, and rather on the money)
I guess i was just surprised, that's all. When i first started coming to DEFCON i wasn't a security professional. Many of us weren't. A lot of us have taken jobs in this industry and lived it for so long that we no longer even realize the shift that has taken place in the overall theme of the conference. How many of us would have been as able to feel "at home" at DEFCON today if we were our 17-year-old selves showing up for the first time?
I'm not passing judgement here. And i'm not saying that DEFCON should make a hard turn and try to steer for HOPE or NotACon territory... but you can bet that i absolutely love the off-the-wall "omg i can't believe i built it" nature of many of the speakers at those events. If a few more DEFCON talks came with warnings about causing things to explode or cautioning people to not burn their houses down, would that be a bad thing? If kids today -- who don't get to grow up with the likes of Mr. Wizard -- could witness more inspired DIY tech talks, would that deserve some more support?
Where do you all come down on this topic? Am i just a grumpy old fart bucking a tide of change that should not (and will not) be stopped? Am i seeing history through some odd-colored glasses and comparing current DEFCONs unfairly to a past which doesn't exist?
What talks do you get excited about at DEFCON and how should this conference continue into the future without becoming just three more days of Black Hat?
Comment