2010 has been a very intersting year for me in terms of information security conference. I'm almost ashamed that this has been the first year that I've ever attended DEFCON, but with reason.

For most of my security career I've steered way clear of most grey-area conferences; working in the DoD arena will do that to you, but I've had other reasons.  I started in the information security world at a young age in the mid-90s. Living in Southern Jersey I typically hung out in the 609 BBS scene and sought out like-minded individuals. Of course, this journey led to local 2600 "hacking" groups. However, it took just one meeting for me to leave bewildered and dissatisfied. It seems most of the attendees were there to just find places to buy drugs, find places to do drugs, and brag about how badass they were at hacking. Being a non-drug user, I left disgusted and turned off from the scene. That image stayed with me for many years. I ended up in 'other' scenes, none of which got together in person. In the late 90s I longed to Greyhound it out to Vegas for DEFCON, but then learned that so were all of the local skiddies in the area. I then had to sit through their stories of long nights of drugs and vandalism, leaving me to wonder why I was even interested in going. I never went, and never thought twice about it. I wanted to go to learn and have fun, but I was given the wrong impression of the InfoSec scene.

Due to this belief, most of my con activity was stuck to "official" (read: boring) cons. The DoD Cyber Crime Conference, various military Information Assurance conferences, etc. It was a great atmosphere to teach and speak with those in the trenches who needed constant help and reinforcement. But, it was a completely different scene. I was the young, motivated guy in his 20s surrounded by seasoned investigators in their 40s and 50s. 

ShmooCon came to the DC area. Working with Johnny Long, he gave it a great buzz and it was the first real infosec conference I felt myself drawn to since the old days. However, scheduling was a nightmare. ShmooCon typically ran during, or immediately after, the DoD Cyber Crime Conference, which my agency put on.  It was impossible to justify to my family to spend two weeks away for DoD, then come back and immediately go to DC for a few days.  It was for 2010 that I decided to just do it, and even paid completely out of pocket (thank you Priceline) and it was one of the best conferences I've ever attended (thanks to Snowpocalypse ;)).

After spending time with some new and old friends at ShmooCon, and working during that time of year with Jayson Street, I was talked into giving DEFCON another try.  I even did the unthinkable and asked my company and/or my client to send me... and the client agreed. A fully paid trip to Vegas definitely made it nice.  Riding the recent release of Dissecting the Hack, Jayson Street agreed to be my personal tour guide for much of the week.  

BSides Vegas was my first BSides event, and a definite epic start to the week. It was my first time also meeting some good friends that I'd only known online.

Jayson introduced me to some of the good people and places during the after-hours BlackHat events, and I soon shed my existing preconceptions of the Vegas scene. Everyone was laid back, having drinks, and sharing ideas and debates.

DEFCON was its own experience. While on client time I was in talks, transcribing them (for my 26-page brief-back). Afterwards I floated between different friends and groups. I met Wish Lam from Chicago, who I was working with in the InfoSec Mentorship program, who got me into the SpiderLabs party. Syngress threw a nice dinner for their authors, preceding the EFF party where I found myself catching up with a malware analyst friend, Dan Raygoza.  And while I'll self-admit that I was not cool enough for a Ninja Networks Badge (though I really, really wanted one), Savant42 was awesome to give me his +1. Ninja Party was... pretty awesome. Thomas Wilhelm and his lovely wife then invited me over to the 303 party afterwards; they were awesome to offer me a +1 earlier for the Ninja Party if I didn't have one.  

 

All in all, I left with a different idea of DEFCON and the hacking scene. Yes, the hardcore druggies (for lack of a better term) were there, but instead of dominating the scene they were just in their own area doing their thing. I found that most attendees were just laid back people. Impression++  So I was one of those lamers that came into DEFCON late in the party, but will make the effort to get out as much as possible now.

Afterwards I hit up a few small conferences. After the success of BSides Vegas I took interest in BSides DE and was accepted to give a talk there. I found myself really enthralled with the small, casual conferences after that point.

I was fortunate enough to close out the year at DojoCon in the the ReverseSpace hacking space in Virginia -- a true casual unconference. The room was thrown together by attendees minutes before the kick-off. Everyone brought their own food to share, everyone pitches in to help, and everyone works together. A far cry from the large conferences that are run by professional groups (though I love my friends at Technology Forums).

2010 was definitely a year in which I broke most of my preconceptions of my peers. I focused on the small subsets and projected them to the larger community. That was wrong. The only way to know what a community is like is to just jump in with both feet and determine it yourself. What you get from an experience is only what you put into it.