I’ve been to many other security conferences, but there’s nothing quite like DEF CON.
Thirty years down the line, the world’s biggest hacking and security gathering continues to capture the flag.
Following hot on the heels of the Black Hat conference in Las Vegas (for cybersecurity professionals), the dynamic and demographic shifts significantly, as DEF CON organizers roll out a strictly “come as you are” policy. It’s a conference for hackers – but anyone is welcome – white hat, black hat, or grey hat plus a fair few federal agents under cover. That’s the beauty of the event – diverse thinking, learning, discovery, and knowledge sharing, irrespective of your background.
This was my ninth DEF CON, and a welcome return to in-person attendance after the virtual experience of 2020 and hybrid approach to 2021. DEF CON 30 truly felt like a homecoming and a return to line-conning – a.k.a physical queuing to get into talks and villages!
A couple of quick takeaways from my experience at the conference:
- Quantum is firmly on the agenda: A Quantum Village featured for the first time at DEF CON this year. It was a space for people to engage, discuss and explore the many applications of quantum technologies, and reflects the rapidly growing number of risks and opportunities presented by this computational progress. In a hacking sense, quantum computers will prove a game-changer in terms of the pace at which hackers could break through existing encryptions. Such is the level of potential threat, a Years 2 Quantum (Y2Q) date has been set by the Cloud Security Alliance by which time organizations must enhance their infrastructure to raise awareness of this issue. Although not a fixed date (as Y2K was), April 14, 2030, is what the CSA has settled on for now.
- OT Security is gaining ground on IT Security: Information Technology (IT) has long been a focus for hackers and cybersecurity experts, in efforts to protect the flow of data from bad actors. However, Operational Technology (OT) is now where much attention is being turned to as devices, hardware, and other “Internet of Things” applications open up a much broader surface area for hackers to exploit. The level of connectivity in manufacturing or agricultural equipment – such as the John Deere tractor that was overridden by hacker “Sick Codes” – means this kind of industrial equipment presents a potentially huge risk to the disruption of farming processes, as well as manufacturing production lines in other industries with similar equipment. Ultimately, if you can hack them, you can control them.
Coming away from DEF CON 30, I feel withdrawal symptoms already – the people, the atmosphere, and the incredible learnings we can take away to apply professionally. And the best is yet to come – or at least the full story of what happened at the conference. With so many villages – or conferences within the conference – and a dizzying amount of Capture The Flag live hacking events ongoing during DEF CON, the definitive “highlights” of vulnerabilities exposed and uncovered will take some time to distil.
If you are thinking of attending DEF CON in 2023, you should expect to have an exciting time with 30,000 like-minded hacker nerds that love to break things. You should also expect the Quantum Village, OT-focused Villages, and Girls Hack Village to return with new and innovative talks.
Leaving Las Vegas a few days later you’re guaranteed to come away with knowledge and awareness of next generation vulnerabilities and hacking techniques, opening your mind to trying new and exciting things, and fun memories with new friends you made during line-conning or hacker jeopardy.