• United States




Why DEF CON still matters 25 years later

Jul 25, 20174 mins

Hackers from around the globe are converging in the Nevada desert to celebrate DEF CON's 25th Anniversary.

As I type this, tens of thousands of security-minded people of all stripes are in their cars or on planes converging upon sweltering Las Vegas to attend one of the world’s most famous hacker conferences, DEF CON. This year is a special one: it marks the 25th DEF CON and its silver anniversary.

DEF CON (or DC) has grown to be a staggering event — last year’s attendance was somewhere over 20,000 attendees and I expect this year to eclipse that. It’s certainly come a long way from the first conference, where 100 or so like-minded hacker and security types met at the Sands to party in the desert. With DC’s continued success, I thought I would take some time to talk about why DC still matters, and what you can take from this year’s conference. 

About 15 or 20 years ago as a much younger man, I read magazine articles about DC and desperately wanted to go — stories of ballrooms filled of people who were interested and devoted to the world of hacking, research and security… all in one place. Reading stories about people who “spotted the fed” and were rewarded with a special t-shirt for their sleuthing, I remember being in awe of all the amazing names and groups like L0pht and Cult of the Dead Cow (CdC). I remember learning about CdC’s release of BackOrifice at DC 6 and being blown away by what it could do. Back then I was just getting started on my professional career in technology and could only dream of being able to travel to places like DC to meet these elite hackers.

I’ve been attending DC for 8 or 9 years now, and even though it has grown to a staggering size, every year I take something new home with me. The opportunities for curious minds at DC to learn is unlike any other place in the world. The vendor village is always full of interesting gadgets, surplus hardware, hacker tools, books and other gems to experiment with. The workshops are free for attendees and you have the chance to learn from some of the most talented people in the hacker world on a multitude of subjects — some for the absolute beginner, some for the best of the best. The talks themselves touch every corner of the security world, and the practical village areas will teach you cool things like lockpicking, how to get started with Capture the Flag-type games, soldering small gadgets, and the basics of wireless hacking and auditing. There really is something for everyone, at every level of skill. If you’re interested in learning something new, then don’t hesitate to jump in head first, ask questions and experiment. I’ve found that the vast majority of people I’ve interacted with were thrilled to be able to share some of their knowledge with me.

Beyond that though, DC is an incredible place to meet up with people you may have never met before, and only interacted with online. Researchers, enthusiasts, executives, journalists… and maybe even a “fed” or two. They all show up in the desert to celebrate the world of cybersecurity. If you’re a developer or working in product security for a tech or security vendor? Take some time to meet up with researchers you may have interacted with online. I can tell you that when you put a face to a name and sit down and have a beer or two and just talk about security, it really does build a better relationship in the future. At the end of the day, just about all of us are on the same side of the fence and just trying to keep people safe and deliver better products.

This year I’ll be teaching a four-hour introductory workshop on the basics of radio scanning using Software Defined Radio hardware and software. I’m flattered to have been chosen to be able to give back and share some of my own knowledge to others. If you see me around, please say hello. 

Here’s to another 25 years of hacker fun in the desert. I hope you have a blast this week, meet new faces, and learn something new. Stay hydrated, stay curious, and wear comfortable shoes. I hope there will be cake!


Richard Henderson is Global Security Strategist at Absolute, where he is responsible for trend-spotting, industry-watching and idea-creating. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground.

He is a researcher and regular presenter at conferences and events, and was lauded by a former US DHS undersecretary for cybersecurity as having an “insightful view” on the current state of cybersecurity. He is also a skilled electronics hacker: he was one of the first researchers in the world to defeat Apple’s TouchID fingerprint sensor on the iPhone 5S.

Richard can be found speaking at industry conferences including Gartner’s Security and Risk Summit; he also provides media commentary for publications ranging from Wired to CSO.

Richard also helped edit colleague and friend Tyson Macaulay’s latest book on IoT Security: RIoT Control: Understanding and Managing Risks and the Internet of Things. He is currently co-authoring a 2nd edition of Cybersecurity for Industrial Control Systems.

The opinions expressed in this blog are those of Richard Henderson and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.