• United States



DefCon 17 – What You Are Missing Out On – Part 1

Aug 01, 20093 mins
Core Java

You might be a security professional who could not get time off for DefCon.  Perhaps you could not justify it to your manager (who is probably a DefCon veteran).  Or you just didn’t know what it was all about.  I will be your guide into the DefCon world.  So sit back, get comfy – we’re reading, we’re reading….

DefCon 17 is a raid to the senses, especially for the first-timer. July 30, 2009 kicked off the fevered exploration of all things technology and security. It may be obvious to the initiated that DefCon is not BlackHat, but this statement does not fully convey to magnitude of these difference. BlackHat is the polished face that information security professional express to their business customers. DefCon is the raw, savage expression of the passion these professionals bring to their work.


DefCon, like BlackHat, hosts presentations offered by information security researchers and luminaries. DefCon stands out because it also attracts the security “outlaws” – those intrepid “hackers” who exploit the fundamentals of technology. Small break-out sessions allow for more intense discussions around granular topics. These dialogues are sometimes controversial, but they are critical in stimulating attendee dialogue.

Capture the Flag

If you did not image your only laptop before entering this competition, you should reconsider participating. This exercise puts your knowledge of system exploits to the test in a competitive environment where your performance is displayed on a wall monitor for all to see. Most Capture the Flag events outside of DefCon adhere to a code of honor – don’t hack your opponent. Don’t assume that this code is shared among the cyber gladiators you will challenge.


If you’ve ever want to learn how to pick a lock or solder components to a circuit board, DefCon villages are the place to be. This is a must for the people who wish to enhance the functionality of their convention badge. I had the pleasure of contributing my press badge to a project where the different badges where arranged into a circle that flashed in sequential patterns of light. I will post pictures in an upcoming installment. These villages extend individual security awareness by highlighting the role that various components play in a system.


No convention is complete without festivities to offset information overload. If you want to get an insight into the hacking subculture, a DefCon party is required field work. The parties range from mild meet-ups in hotel rooms/bars to bacchanalian balls that redefine your party archetype. Regardless of your comfort zone, I recommend party attendance highly. If nothing else, they are great labs in which to practice social engineering.

Stayed tuned for the next installment to this series.  I will include some cool pictures and stories from DefCon. 


Steven F. Fox provides security guidance to ensure compliance with Federal standards and requirements as a Senior Security Architecture and Engineering Advisor for the IRS. Fox contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup and the Security and Privacy workgroup. He brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, an IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. He is a syndicated blogger covering IT Governance, Risk Management and IT-Business fusion topics. He also volunteers his time to the Ponemon Institute and Security BSides Detroit. Follow him on Twitter - Join his LinkedIn network -