Yesterday I attended a Belgian Security conference called “BruCON”, subtitled “Hacking for B33R”. I’ve always had a large interested in the world of it-security but never really played a part in it. However, I always wanted to see how a real security conference would be like. Having seen pictures from DefCon and the likes I was more than curious as to what really happens on these kinds of conferences. In a previous life, I attended several conferences on imaging, video, and the likes, but never one solely devoted to the ‘Art of Security’. In this post, I’ll try to describe what a sec conference feels like to a ‘semi-outsider’ like me. Before reading on: if I exaggerate certain things, this is just to make my point.
Oh and I definitely don’t want to insult anyone, if I do somehow, please excuse me and allow me to rectify this (don’t start hacking me please J )! I have the greatest respect for the security community…even if they tried to MitM attack me yesterday while I tried to use my Exchange on the conference (or perhaps they even succeeded and now can read all my mail …scary thought J ).
“VulnDev- We say jmp, you ask what addr”
My first twit when entering the conference was the following: “Arrived at #brucon. First sec-conf ever. First impression? Many funny&geeky t-shirts”. About one in 5 or 6 attendees had a t-shirt with a very high geek-measure. Following person, for example, was seated right in front of me while tweeting the previous:
Every time someone entered the main conference hall I’d immediately check out their shirts in hopes of reading something funny. The most popular ones were those showing one or several (bash?) commands of some script or contained SQL injection statement.
Appearance if everything
The average multimedia conference attendee can be summarized as follows:
- A non-descript, mono-colour shirt or polo
- Black or dark blue costume-like trousers
- No additional accessories
Some might summarize this simply as “boring’. At Brucon we basically see all kinds of people, but this one. I’ve seen people dressed like hardcore bikers (i.e. people I’d walk around in a big circle when seen at night in my street *grin ), funny t-shirt ones like I just described. I even saw what I can only describe as ” a Viking-with-a-silly-hat” a long blond bearded person wearing a funny white, cone-shaped hat. I’ve seen Christ-like figures: unkempt hair, long beards. Tattooed, broad-shouldered, “don’t mess with me”, fellas and good-old costumed security manageRs. There was one common colour however that clearly prevailed and that was black. Perhaps the average security man needs to blend in with the shadows or something when trying to get in or out a system?
What was obvious when looking around the conference room was the number of Macbooks and iPad used by the attendees. I was still under the impression that the “real ones” (i.e. hardcore security dudes) all used some pimped up ThinkPad-like laptop with Linux on it. As far as I could see almost all users did indeed toyed around in Linux and I think I saw about 2 people using Windows 7…me and my colleague. This wasn’t such a surprise… but the usage of Apples was.
I was always under the impression that social media, twitter in the first place, was a no-go for any self-conscious security man/woman. I thought that the likes of Twitter were the devil: the first crack in the layers of defence each security admin closed immediately. I imagined all kinds of neat social engineering tricks one could do by simply reading twits by or communicating with a sec defence administrator. Guess that was a big misunderstanding by yours truly, check out #brucon on twitter and behold: lots of people, not only the script kiddies like me, are regular tweeps.
Drinking is the devil!
The “Drinking for B33R” was a clear signal that hackers and the likes do like beer indeed. In fact, around 10 in the morning when the first session started and already several people were seen drinking beer. I’ve been to SPIE conferences, to Tech Days and other IT-savvy conferences and never, ever did I see anyone drink beer. A glass of red wine during lunch or around 4 in the afternoon could be seen from time to time…but beer…in the morning. No never. Did I see drunk people? Not that I could see, so probably the average beer drinker there knew when to stop.
Discobar in broad daylight
Upon entering the inter-speaker lounge where all the company booths and catering was housed I first thought I had entered in some fancy underground disco. In the back of the room a deejay was playing fancy tunes all day long, the room was pretty dark and laser lights swarmed over the walls and everywhere people were chilling on the floor, playing with their laptop or even sleeping, with a beer next to them. This was a really psychedelic vision of which I can’t say whether this is typical for a sec conference or only for BruCON… However, it really gave the place a very NON-conference feeling hehe.
So, these were some of the more poignant features of the BruCON conference. For now, I can’t say if what I say was a ‘typical security’ or not. What was clear is that BruCON is a very well-thought-of conference: I’ve seen lots of twits were attendees boasted stuff like ‘best conference ever’ etc. So in this sector, BruCON is definitely a must-see conference. I had a great time trying to understand all the things the speakers presented and really like the overall vibe of it all: I saw lots of cheerful, happy people discussing all the latest sec trends while drinking beer and trying to win the Hex Factor game. I’ll definitely attend next year and perhaps buy a t-shirt by then to wear there.
Een gedachte over “Brucon: How a security conference appears to an “outsider” and the myths of security”
IME infosec was VERY early adopting OS X.