I can tell that I’m getting old. I know this because I felt like an old man at Defcon. I couldn’t help but feel like it’s turned into a fashion show. A tourist attraction to helpdesk employees and wannabe’s. Out of the maybe 100 people I spoke to perhaps 10 of us actually know/do/understand some aspect of security. So wtf were those other 90 people? I’ll let you ponder that.
I shouldn’t complain, though. I loved it. I loved every minute of it. Though I wish I was as popular as Bijoux during DefCon, it felt great to see some friends. It was great to talk tech, ponder the future of netsec, and laugh at Dan Kaminski’s expense. (Does ANYONE know why DK was wearing a leather coat in the desert? I fear we’ll never know.)
People have often asked me what’s the difference between Blackhat and DefCon. I’ve heard others say that Blackhat is corporate and DefCon is “real”. But I’m not sure that’s true. In my own humble opinion, Blackhat and DefCon are two ends of the same spectrum.
Blackhat is organized. Each talk is on time. Each break is on time. Each class runs for exactly the amount of time set aside. It’s professional. It’s corporate, private sector, public sector security. It’s the big picture. And you pay for that. The cost is aimed at the corporate budget and is almost prohibitively expensive for the individual nerd. The fun stuff is limited to the Pwnie awards and a workshop or two.
DefCon, on the other hand, is the opposite of that. It’s young. It’s chaotic. It’s less than $200 bucks for 2.5 days of madness. It’s up to 2 hour lines to hear speaker talks. I can proudly say that the black t-shirt uniform was in full swing. It was heavy heavy on the side of caucasian males conforming to non-conformity. It was the love of security at the nearly matrix level granular detail. This specific buffer overflow. This specific exploit. This specific vulnerability.
And there’s fun at Defcon. Lock picking, Capture the flag, video games, scavenger hunts and a glorious beard/moustache competition hosted by Red Beard himself.
The vendor areas are so vastly different that they almost can’t be compared.
Blackhat vendor booths: Firewalls, IDS’s, Security hardware/software and vulnerability assessment/pen testing services.
DefCon vendor booths: Long range wireless antennas, lock pick sets, old school hardware, stickers and black t-shirts.
After nearly 10 days of Blackhat and DefCon I can tell you that it was a blast. I wish I’d seen/done more at DefCon. I wish I’d gone to more parties and met more people. I wish I’d kicked Moxie in the knee. Next year I’ll attempt to partake in more DefCon. More social activity. More convos with real hackers, with real netsec nerds and real digital gangsters. But in all it felt like home. Both sides of the same spectrum. Blackhat and DefCon.
Until then I’m glad it’s over, but I’m already yearning for next year.