Last week I attended what is affectionately known as HackerSummerCamp, a combination of several events that happen in Las Vegas, USA, during the same week. There are several events, but the main ones you are likely to hear about are Black Hat, Def Con, B-Sides Las Vegas and the Diana Initiative.
This blog post will detail preparing for the event, what happened, cool people I met, and a few things that I learned along the way.
Okay, now that the bragging is over, let's talk about safety and preparation for attending such an event. This was my 3rd hacker summer camp, and ever since I got malware in the first 11 minutes of my first workshop, the first time I attended Def Con, I have been very, very cautious. Although most of the people that attend this series of events have good intentions, (unfortunately) this does not describe everyone.
Here are the steps I take to ensure my devices come home in one piece/are restored when I return.
- Do not connect to any wifi with a device that you love. Bring a burner phone or laptop if you must connect.
- Make a backup of your laptop, then ghost it, attend Hacker Summer Camp, then ghost it again when you get home, then restore from disk. This helped a lot when I had gotten "the gift of malware" in 2016.
- Turn off your blue tooth and wifi. Ensure they won't turn themselves back on or do any scans.
- Use cellular, it's safer.
- Ensure that YOU are safe at all times. Do not go to a party alone or with people you don't know. Don't accept drinks from strangers. Don't go back to someone's hotel room unless you feel safe to do so. Exercise all the caution and then some more. Even if you have met someone before, be careful; you are the most valuable thing you have.
- Register for parties in advance to make sure you get a ticket.
- Buy tickets to conferences in advance to make sure you get in.
- If you go to Def Con prepare to wait in line for at least 50% of the time. Seriously. If you are an extravert like me this can be fun, but if you are an introvert be prepared.
- If you can network and make friends in advance it's a good idea to do so. Attending in a group is always safer and usually more fun as well.
- If something happens, TELL SOMEONE. If a person has done something obviously inappropriate to you, they will (sadly) likely do it to more people if you let them get away with it. Please report. For DEFCON there's a hotline. And the people working there are super awesome and kind. They will help, regardless of the situation you're in, regardless of the persons involved. You can even report anonymously over the hotline. Again: please report.
- If you have to do live demos I suggest recording them (I KNOW! Then they are not live). That's what I did and guess what? My laptop is fine!
Now let's talk about all of the different events I had the opportunity to attend. This was a jam-packed week of exciting things, many happening at the same time, and choosing was tough.
First I met up with my new friend Jeny Teheran, who accompanied me to the Cybersecurity Woman Of The Year Awards.
Jeny was a total blast, she let me drag her all over before the ceremony. My good friend Vandana Verma joined us at our table for dinner, and Chloé Messdaghi of WoSEC SFO was cheering louder for me than anyone else. SO MANY amazing women were there, I could not possibly name them all. One of the people presenting the awards was Ann Johnson of Microsoft, who gave me a hug after I won! I can now put "Hug from Ann" on my performance review this year. ;)
The next day was theoretically a day off, however I spent the day meeting up with many of my friends that I only see at events, which meant brunch with Miriam Wiesner, Sarah Young, Lidia Guiliano and Vandana Verma.
That day I also received my Microsoft Trading Cards. Each employee had trading cards made, instead of business cards, sort of in the style of a baseball card. Silly facts and a photo meant all of us spent some serious time trading with each other. Here's mine.
In the evening I spoke at #Codenomicon, an event by Synopsis. There I was on a panel with Chenxi Wang, Julie Tsai and Meera Rao. We all seemed to agree that DevSecOps was good, but everyone had different ideas on how to achieve the best and most secure end state.
The next day was Black Hat and I immediately headed to the Arsenal to finally meet a few people in person:
Mohammed Aldoub, he made an open source tool called BARQ, we had never met in person before!
Microsoft's own Miriam Wiesner presenting "EventList"
Ian Coldwater, Duffie Cooley: The Path Less Traveled: Abusing Kubernetes Defaults
Kelly Shortridge, Nicole Forsgren: Controlled Chaos: The Inevitable Marriage of DevOps & Security
Thursday night I went to the Cyberjutsu Awards
My friend Vandana Verma won the Secure Coder category! I could not be more proud of or happy for her! <3
Hosted by Mari Galloway and MC'ed by Jules Okafor, Vandana Verma receiving her well-deserved award!
I also got to meet SO MANY new amazing humans. You can see another write up here by Mansi Thakar.
Then I went to the Canadian Hacker Party, which has no photos, but it did involve maple syrup, hockey sticks and a "screeching in ceremony". I ended up being too tired and missed the Microsoft Appreciation Party, which was a disappointment for me. I'll have to ensure I make it next year to I can get an "Enable MFA!" shirt that actually fits.
Then my friend Aaron Hnatiw and I went to the Hacker1 Live Hacking event to 'cause a ruckus' as we had last year. It was pretty cool; I chatted with a lot of people about various angles of bug hunting and finally met Jocelyn Chan from WoSEC Sweden in person. I even got a very short visit with my friend Tiffany Long.
Friday I was the opening keynote for the first-ever AppSec Village at Def Con! It was amazing, and I'm so happy that AppSec has finally found its place within Def Con. You can see my slides here: http://aka.ms/purpleslides
Then I spoke at the Cloud Security Village, which was also super fun! If you missed my talk at Def Con you can see it here when I did it at Microsoft Build with Teri Radichel. Of course, it's even better with Teri. ❤
(note: many are missing, I didn't get photos of everyone)
This was my best Hacker Summer Camp yet, and not only because I won an award, got to speak 4 times and received 100 hugs. I feel that the atmosphere has changed since the first one that I went to in 2016, for the better, and I don't think that this is only because there were more women attending. I think that the organizers and many other groups (especially WISP and Diana Initiative) have worked really hard to create a safer and more-inclusive edition of this year's Hacker Summer Camp. THANK YOU!