Thursday08 December 2022

Black Hat 2022, Def Con 30 and the Return to Vegas

Reading time is around minutes.

After a three-year absence from Hacker Summer Camp, I finally returned to Vegas. Two of those years were related to Covid of course. However, three years is a long time to be out of the environment and the craziness that is both Black Hat and Def Con. To say I was excited to return to Vegas and everything that both cons have to offer would be an understatement. Both cons have their place in what I do here at DecryptedTech, but it was more than just the articles and conversations about security that I enjoy, it is getting to catch up with people I only see during the con and also the prospect of meeting new people and developing new relationships.

With that in mind I landed in Las Vegas on Monday looking forward to the days ahead.So, remember when I said I had been gone for three years? Well, I quickly found out that I was not ready for the days ahead. In the past coming out to Vegas almost had a magical quality to it where sleep, food, etc. did not matter. I could be up and running with 2 hours of sleep for days in a row. That magic was just not there this time. The first day where I only was able to grab 2 hours of sleep was a rough one. The next day I could tell that I was not on my game. The meeting pattern also felt off even if the conversations and information were excellent. I truly enjoyed each meeting and quickly fell back into my patterns of focusing on the overall impact of the information from security companies on the landscape instead of just copying down marketing crap.

Still Black Hat felt off; there was less press out covering the event. Black Hat on its own felt more chaotic than usual and there was not the same theme. It was as if the industry was still recovering from the massive change in how businesses operate. Normally when there is a shift (or inflection point) the industry approaches it with a “we got this” attitude and it shows in the conversation. This year, the same confidence seemed to absent. There was ownership and acknowledgement of the new challenges presented by the fallout from Covid, but no bravado. This is not to say there was fear or no confidence, it was just not the same, which is a good thing. If the industry is confident in what they are already doing, there is not likely to be any significant change. Maybe this subdued acceptance will be what pushes for real change in the security industry. I am cautiously optimistic that it will be.

After the surprisingly tame close of Black Hat (I miss the All-In Party) we moved on to Def Con. Def Con 30 has the title of Hacker Homecoming, but walking into the Caesar’s Forum it did not feel like a homecoming to me. From getting yelled at by one of the Forum’s security people (not a goon) for not having my mask on quickly enough to the crowded and seemingly chaotic layout of the show it just did not feel like the Def Con I remembered (and loved). That may be due to not going for three years, but it was palpable to me. Perhaps it was the inclusion of new items like the disinformation village where I heard a speaker say that more active monitoring of social media, chats and other messaging services were needed as part of a talk on how to avoid an authoritarian government in the context of misinformation.
I am not saying Def Con was not fun or that it was a bad show. There were still great talks and I always enjoy the lock picking village. It was just not as social as I remember it and that is part of why I enjoy going. It is not just the new information that I gain from attending talks, or getting to report on new and interesting ideas, it is the social interaction and conversations with people that I truly enjoy. The masking and specter or Covid seemed to hang over the event and make those conversations and interactions lessened.

At the last Def Con I attended (Def Con 26) the badges were designed to encourage more interaction and my press badge was connected with so often the connector broke off. I had to get it fixed during the show. It was awesome. This year’s badge was also designed to encourage interaction with the notes printed on the badges, etc. However, I could count the number of people that asked about it on one hand despite the lack of press present at the show. In talking to other friends of mine in the press they made similar comments on interaction (those that actually walk the show floor and don’t just sit in the press room). Perhaps this was due to someone posting all the note patterns the second day of the show, or perhaps it was just due to the fear of Covid. I really cannot say, but it was a much less social show to (for) me.

My hope is that both shows feeling “off” was just due to my three-year absence and the lingering concerns over Covid. Still, I cannot get over the feeling that the impacts of Covid will have a lingering impact on both Black Hat and Def Con for the foreseeable future and what I see as a difference in how social the shows are normally is the new norm for them. The good news is that people are nothing if not adaptable and these norms will quickly become a part of the show feel. Other more political changes might be more complicated to get used to, but like many parts of the show, I can just not visit those if they have no interest to me or contain what I might view as contradictory information (misinformation?).

In the end I still had a great time getting back out to Black Hat and Def Con. Three years is way too long to be away from either show and I plan on making sure I can attend them in the future (barring another pandemic). If you are in the security industry, or just into hacking, I highly recommend you getting out to Vegas for Def Con (if it is not already in your plans) at least. If you have the time and funds Black Hat is also a good idea although, to be 100% honest it is much more of a marketing event these days and not as informative as Def Con is from a learning perspective. Hacker Summer Camp will remain one of the events that I look forward to every year despite any changes. I look forward to attending for many years to come and being able to write about both what the industry thinks is going on (Black Hat) and what is really going on (Def Con).

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.