Ready to make the most out of your first security conference? Join us as we guide you through the world of security events, from local Bsides conferences and OWASP talks to more established gatherings like RSA and BlackHat. We'll share tips on taking notes, networking, and keeping an open mind to learn from the experts, ensuring you have a rewarding experience.
But we don't stop there! Let's explore DEFCON, where you can dive into various villages and attend talks ranging from basic concepts to advanced topics. We'll discuss what to pack, how to protect your devices, and the potential risks of bringing work gadgets to such events. Don't miss this comprehensive guide to navigating security conferences like a pro!
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: How's it going, everyone?
00:00:03
this is another security unfiltered mentorship episode.
00:00:07
So today what we're going to be talking about is conferences,
00:00:12
what you need to know to be successful If you are going down
00:00:17
the path of having, or going to your first conference This year
00:00:22
.
00:00:22
So it is conference season for us.
00:00:24
Security people Conference season for us typically starts
00:00:28
when RSA begins, so like April, may timeframe, and it goes
00:00:34
really through probably September or October.
00:00:37
Even If you really want to close it off, you know, with the
00:00:42
AWS Reinforce conference I guess you could in like November
00:00:46
, but that's a bit far out there for people.
00:00:49
So I I always say it's safe to assume that it ends, you know,
00:00:54
sometime in August for the most part.
00:00:57
So you know.
00:01:00
First I want to talk about What conferences are best for first
00:01:05
timers.
00:01:06
You know, and I get this question a lot what do you
00:01:10
recommend to go to?
00:01:12
What do you recommend to bring?
00:01:15
What should I be expecting at the conference?
00:01:17
How do I network with people?
00:01:19
How do I talk to other people?
00:01:21
All of these questions We're gonna go over it all.
00:01:25
So first, you know, let's talk about some conferences.
00:01:28
So there's typically a local B sides conference, right.
00:01:32
So there's Nashville B sides.
00:01:34
This year There's supposed to be a Chicago B sides conference.
00:01:38
I believe that that's actually in November or something,
00:01:41
something like that.
00:01:41
You know, but major cities typically have what's called a B
00:01:47
sides conference.
00:01:48
They're cheaper, they're, they're typically on the cheaper
00:01:52
end, but you know the same sort of atmosphere of a bunch of
00:01:58
security professionals going there, hearing different talks,
00:02:01
talking, drinking too much, that sort of thing.
00:02:05
You know it's a good opportunity For you to get out
00:02:09
there and get into the community .
00:02:10
You know and I think that that is something that's important
00:02:13
that You know is honestly overlooked a lot of the times,
00:02:19
and that Us, as a security community, we need to be more
00:02:23
welcoming to new people.
00:02:25
You know, other local cons could be Something like a local
00:02:34
OWASP Talk or discussion.
00:02:37
It's not necessarily a conference or anything like that
00:02:39
, but it gets you Used to how the environment is.
00:02:43
It gets you used to go into new places, meeting new people,
00:02:47
talking to new people, kind of even telling your story or your
00:02:52
background right and making those connections and learning
00:02:55
something as you go.
00:02:57
You know, when I was trying to get into security, one of the
00:03:02
things that I did was actually go to local conferences of I
00:03:07
think it was OWASP talks and a few other, just very local.
00:03:14
You know small talks where, like, one person would get up
00:03:18
there and talk about something interesting.
00:03:19
You know some of it I wouldn't even understand, but I would be
00:03:24
taking notes.
00:03:24
I would be, you know, very, you know very tentative to what
00:03:28
they're saying and I'm trying to learn and I'm taking notes on
00:03:31
the things that I don't quite get, that I want to learn more
00:03:35
about.
00:03:35
And of course, you know, in the beginning That's a lot right,
00:03:38
like you're taking copious amounts of notes.
00:03:41
If you have that mentality You can trust me on that.
00:03:44
But yeah, you know, the local OWASP talks and groups like that
00:03:52
is really the best place to start.
00:03:54
And then you work your way Up to a b-sides conference, a little
00:03:58
bit bigger, still local, right, so you're not going anywhere.
00:04:02
Still, on the cheaper side, we're talking, you know, a
00:04:06
hundred, two hundred dollars, something like that.
00:04:08
And then You know, take it, i would say, a step up.
00:04:14
There's, you know, kind of Conferences, that kind of
00:04:19
branched off from larger conferences like DEF CON.
00:04:22
So in Chicago We have thought con, so really all of the
00:04:27
Midwest people come to thought con.
00:04:29
Mostly Chicago people go to thought con, but again it's a
00:04:36
little bit of a bigger conference.
00:04:38
It's a little bigger, if not the same size, as b-sides.
00:04:41
They have multiple tracks.
00:04:44
They have, you know, several different areas and specialties
00:04:49
that you can go down and learn more about.
00:04:51
A lot of people again drinking too much and You know, talking,
00:04:57
networking, learning more.
00:05:00
The key is to really be more open to learning new things at
00:05:04
these conferences.
00:05:05
In my opinion, you know, and if let's say that you're new to
00:05:09
security, your your insecurity Maybe, or you're a security
00:05:14
analyst And this is your first con This is what I typically do
00:05:20
I'll go to, let's say, three to four talks total for the entire
00:05:27
conference.
00:05:27
That relates directly to my job or maybe my industry that I'm
00:05:33
in.
00:05:34
You know, typically they cover all industries.
00:05:36
They cover, really, you know, all professions within security.
00:05:41
A lot of the times they do, and I think it's unintentional, but
00:05:43
that's just how it works out.
00:05:44
And then the rest of the time that I'm there, i am looking at
00:05:52
or going to talks that I'm interested in, things that I
00:05:55
don't know that much about, and I'm actively taking notes, i'm
00:05:58
actively trying to learn more, you know.
00:06:02
And then we have larger scale conferences like RSA, black Hat,
00:06:07
def Con, the AWS conferences are definitely bigger.
00:06:12
You know, microsoft Azure conferences are definitely
00:06:17
bigger, but we'll start with kind of Def Con, for, you know,
00:06:24
for this purpose, right?
00:06:25
So, really, the next step up is Def Con, in my opinion, and in
00:06:29
my opinion, i think Def Con is the best.
00:06:32
Maybe I'm a little bit biased because that was the first major
00:06:36
conference that I went to, but you know, at Def Con it seemed
00:06:42
like people were more open to networking.
00:06:46
It seemed like they were more open to just talking to you,
00:06:50
especially in the registration line, where it's literally
00:06:53
called line con.
00:06:54
The slogan is line con is the real con.
00:06:59
It's because everyone is typically in a good mood, right?
00:07:05
They're, they're gearing up for the conference, they're getting
00:07:08
ready And it's a long line.
00:07:11
I mean you can be literally walking nonstop through this
00:07:15
line for like 30 minutes with no one in front of you, like you
00:07:20
could literally be walking.
00:07:22
That's how long the line is, but with people in front of you,
00:07:26
you know you could be there a couple hours, and so that's why
00:07:30
I try to get there at like 5am, which is always difficult
00:07:34
because it's in Vegas And I don't really go to sleep until
00:07:38
like 2am in Vegas.
00:07:39
So you know, there's there's that to also account for.
00:07:42
But you know, with Def Con people are more open to network.
00:07:49
I feel, and I'll give you a couple of examples.
00:07:53
You know, just from me being in the line at Def Con
00:07:55
registration, i met hardware hackers, i met pen testers.
00:07:57
I met bug bounty hunters.
00:08:00
You know, and I didn't even know this at the time, it was
00:08:07
kind of groundbreaking to me to understand this.
00:08:11
But bug bounty hunters, you know some of these guys.
00:08:13
They work for four months out of the year right Of looking for
00:08:20
bugs in top tier products from top tier companies like Apple,
00:08:26
microsoft, google, you know, nvidia, you name it right, like
00:08:29
a top tier tech company.
00:08:31
They're actively looking for bugs in those products And
00:08:37
they'll make a couple hundred thousand dollars in those first
00:08:40
four months and they won't do anything else the rest of the
00:08:42
year.
00:08:42
You know they'll do their own side projects.
00:08:45
They'll, you know, maybe dabble if they get bored They'll do
00:08:48
another bug bounty.
00:08:49
But you know, for the most part you know the good ones at least
00:08:55
the good ones were talking about the top.
00:08:57
You know 3%, something like that.
00:08:59
Right, they're making all their money in the first four months,
00:09:03
which blew my mind.
00:09:05
I didn't even think that.
00:09:07
You know that was a career option.
00:09:11
You know, before that time, when I met that person, i didn't
00:09:17
even realize that that was more of a career option.
00:09:20
I really didn't.
00:09:20
I thought I thought that it was more for you know, side
00:09:25
projects, you know, or even a hobby kind of you know, nothing
00:09:31
that would ever make you any real money.
00:09:32
But definitely there is people out there that do it, that
00:09:39
actually make a living off of this, which, you know, i find to
00:09:43
be very impressive.
00:09:47
And you know, another thing with Def Con is it is huge.
00:09:51
It is so much bigger than Really every other conference
00:09:56
that I've been to honestly, like , yeah, rsa has, you know, a
00:10:02
large Venue and then a huge place for the vendors and
00:10:07
whatnot, and that's fine at all.
00:10:10
But RSA is more about selling you stuff.
00:10:14
Right, you gotta understand what the conference is and what
00:10:18
you're going to, and stuff like that.
00:10:19
Rsa is more about selling you stuff, introducing new products
00:10:25
and stuff like that.
00:10:25
It's really geared more towards , like, the business leaders,
00:10:30
the business executives.
00:10:31
Right, def Con is more geared towards the technical people.
00:10:38
The people that you know are actually building the tools.
00:10:42
They're building the tech, they're deploying it, they're
00:10:44
running it in the environment.
00:10:46
They're testing different things.
00:10:47
This is for the hackers, the, you know, security engineers,
00:10:51
security analysts, the architects, all of those
00:10:55
hands-on roles.
00:10:57
Def Con is more more for those people and So you know, nine
00:11:02
times out of ten, if you talk to someone at at Def Con, you know
00:11:06
you're gonna be able to find something in common with them
00:11:09
because you're doing a very similar role to theirs.
00:11:12
You know, being hands-on is not Uniform throughout security.
00:11:16
Right, there's different roles that roll under security that
00:11:20
are not hands-on, which is It's a give-and-take, right, like
00:11:26
it's not the best, it's not the worst, it's it's something right
00:11:30
.
00:11:30
And Then we'll go into really the more advanced cons.
00:11:35
And what do I mean by this?
00:11:38
You know you're not gonna go to Def Con and Grab a CISSP
00:11:43
certification.
00:11:44
You're not gonna go to Def Con and get an AWS certification or
00:11:48
an Azure certification Or anything like that.
00:11:51
You're not gonna get sans training.
00:11:53
It's Really not a place for that.
00:11:56
I don't even think it's offered .
00:12:00
I've never even heard of it being offered before.
00:12:02
When we go to black hat, black hat is more training geared.
00:12:08
It's where you know it's some extremely expensive training is
00:12:12
going on and Yeah, i mean that's exactly what it is like.
00:12:18
You're going to black hat and you're typically walking away
00:12:21
with, you know, some sort of training under your belt,
00:12:24
potentially a certification under your belt, and Of course,
00:12:29
you know black hat leads right into Def Con and so then you
00:12:32
have Def Con right there, you know.
00:12:35
Another thing that I want to point out is Def Con is Def
00:12:39
Con's, you know, way less expensive than black hat.
00:12:43
Black hat Last time I checked actually last time I went was
00:12:47
probably 2017.
00:12:48
I think a Basic ticket, low-level pass, was like $2.
00:12:54
For Def Con this year is $460.
00:13:03
So Is it?
00:13:05
is it pricey?
00:13:06
Sure, you know it's not.
00:13:08
It's not cheap, that's for sure , you know.
00:13:11
You can't call it cheap if it's $460 and what?
00:13:16
not right.
00:13:17
But is it black hat?
00:13:20
expensive, you know, and that's the biggest, that's like the
00:13:24
biggest Thing when we start talking about conferences and if
00:13:28
companies will pay for them and things like that, they look at
00:13:32
Def Con prices and they're like, oh, this is nothing.
00:13:35
I'm used to people asking for black hat.
00:13:37
I'm used to people asking for RSA, because I think RSA passes
00:13:41
are even right, around $2, maybe even more expensive, like
00:13:47
4 or something, which is just absurd to me.
00:13:51
But you know that this is more down the advanced route, right
00:13:59
And so at these advanced cons like AWS, reinforce, aws,
00:14:03
reinvent, azure, ignite I believe that's the conference
00:14:07
name for Azure.
00:14:08
You know all these more advanced cons.
00:14:12
You're literally going to them, hearing about new products, new
00:14:17
things that they're launching.
00:14:19
You're getting training, you are Learning about their product
00:14:23
even more and whatnot.
00:14:24
You're drinking the Kool-Aid, so to speak.
00:14:26
You know they're more expensive .
00:14:31
You're getting more training from it, so it's a give-and-take
00:14:34
right.
00:14:35
So, in my opinion, if you're going there for training, it's
00:14:40
probably not really worth it, to be completely honest, because
00:14:44
it is so expensive, it's so cost prohibitive, you know, um, i
00:14:49
actually just purchased my training materials, my
00:14:55
certification passes for three certifications this year and I
00:15:01
think the total for three certs and All training was, i want to
00:15:10
say, $1.
00:15:11
I think it was $1.
00:15:13
All right, $1 would not get you into black hat.
00:15:18
It wouldn't even get you in, let alone training by a company
00:15:24
or someone or, you know, any sort of sans training or
00:15:27
anything like that.
00:15:27
Like it would not get you anything a black hat, okay.
00:15:31
And so to me, if you're going to a con to get training in or
00:15:36
whatnot, if the company's paying 100% Good on you.
00:15:40
You know that's great, but I would rather use That money or
00:15:45
that opportunity on a different conference like Defcon, where
00:15:51
I'm learning new things.
00:15:52
There's multiple tracks.
00:15:54
There's typically, i think, between four and six tracks.
00:15:57
You know, if you go to thought con, there's about two to three
00:16:00
tracks.
00:16:01
At Defcon there's about four to six tracks and a track is just
00:16:06
a different lineup of Talks that people are giving.
00:16:11
It's not necessarily based around a specific topic.
00:16:15
I mean, it could be, you know, you could have days that are a
00:16:19
little bit more overloaded with, you know, hardware hacking or
00:16:23
Bio hacking or hacking drones.
00:16:25
You know, whatever it might be right, but for the most part you
00:16:31
know they're they're.
00:16:32
They do kind of stay around the same thing roughly, but there's
00:16:38
no like set.
00:16:39
You know track one is For, i don't know, pen testing, right,
00:16:45
and then track two is for bio hacking and whatever, right.
00:16:49
It's nothing like that.
00:16:51
And another part of Def Con that I absolutely love is the
00:16:55
villages.
00:16:55
You know, at Def Con It's a huge area, right, so they
00:17:01
typically take up like two or three resorts in Vegas.
00:17:05
That's how big this conference is.
00:17:07
The last time I went, which was Probably, maybe, maybe 2021,
00:17:17
maybe, i don't quite remember it , but the last one that I went
00:17:23
to There was over 40 people registered over 40 people,
00:17:31
you know, and that's just day one registrations.
00:17:33
It was insane, i could not believe it.
00:17:36
But it takes up several.
00:17:39
You know resorts in Vegas and they're all typically, you know,
00:17:43
right next to each other and whatnot.
00:17:47
But, that being said, the villages are also an extremely
00:17:51
interesting place Because you get hands-on learning with these
00:17:54
different things.
00:17:55
There's a social engineering village where you learn how to
00:17:59
socially engineer people.
00:17:59
There's potentially, you know, something like a pen testing
00:18:04
village or a lockpicking village or a car hacking village.
00:18:08
There is so many different kinds of villages at Def Con and
00:18:15
it's really where you're getting hands-on Experience.
00:18:19
You're talking to the experts, you know, face-to-face, there's,
00:18:21
there's no one else, it's more one-on-one And you're learning
00:18:24
about how to actually do the work, which You know.
00:18:29
If you're someone that is new to security, that's trying to
00:18:31
really just get started in security, the villages honestly
00:18:33
are is a little bit more Enticing, a little bit more
00:18:40
valuable for you to spend your time in rather than the talks,
00:18:42
because the talks, the talks, can be extremely advanced and
00:18:45
they can also be very basic, right like I'll give you an
00:18:50
example, there was one talk One year that I went, that the
00:18:57
person was talking about how he was reverse engineering the
00:19:01
security features of intel cpus And how he stumbled upon secured
00:19:05
memory And how he was trying to break into that secured memory,
00:19:10
doing some advanced techniques that I've never heard of.
00:19:16
That I can barely remember, to be quite honest.
00:19:18
But I just remember that literally probably about 95 of
00:19:23
what this guy was saying was going straight over my head And
00:19:26
I looked to my right.
00:19:27
I was there with a friend That I considered to be smarter than
00:19:34
me and it was going straight over his head.
00:19:35
He did not follow it at all either.
00:19:36
You know and there can be other talks that are talking about,
00:19:40
you know, how we need to do a better job of Training people in
00:19:44
security, kind of More soft skills, type of things right,
00:19:50
which is totally different.
00:19:51
Those are two totally different ends of the spectrum.
00:19:54
And then you have villages somewhere, you know, in the
00:19:56
middle, where, yeah, it's advanced, you're learning new
00:20:00
things, but you're doing something different.
00:20:02
Yeah, it's advanced, you're learning new things, but you're
00:20:06
doing it.
00:20:06
You're doing it hands-on and you're learning From the very
00:20:09
best you're.
00:20:10
You're talking with them face to face.
00:20:12
There's no intermediary or anything like that.
00:20:15
It's just a really good experience.
00:20:20
Now, you know, let's talk about what to bring.
00:20:24
So, obviously, you know, you bring your own personal items.
00:20:28
Um, whatever You know, whatever you need to get you through a
00:20:32
trip at in vegas, for instance, for defcon if we're just talking
00:20:36
about defcon, um, you know.
00:20:39
And then, on top of that, i typically I always break a
00:20:42
laptop.
00:20:43
Uh, i have my phone on me, i have my smartwatch on me and You
00:20:50
know, with that being said, you should really consider a fair
00:20:54
day either, a fair day bag.
00:20:57
Um, one of the products that I am looking into right now,
00:21:01
personally, is from this company called slnt It's probably
00:21:06
pronounced something, but that's how I know it as Where they
00:21:10
make, you know, laptop sleeves, sleeves for your phone, sleeves
00:21:14
for Really every electronic device that you can think of, um
00:21:19
to protect it from any outside connections.
00:21:23
And so that's actually pretty important, because when you're
00:21:26
at this conference, you know you'll, you'll see this sign
00:21:29
that says if you Cross this line , you are fair game.
00:21:33
So if you get hacked, if your device gets hacked, you know
00:21:38
That's, that's on you.
00:21:39
You should have known to turn off the wi-fi, to turn off the
00:21:43
bluetooth, to turn off, you know nfc or any other outbound
00:21:48
connection or inbound connection to your device, which Basically
00:21:53
turns your cell phone into a brick, like I don't know if
00:21:57
you've ever done that before, but it basically turns it into a
00:22:00
brick.
00:22:00
Um, it turns your laptop into really only a note taking device
00:22:06
.
00:22:06
So do you need a laptop?
00:22:09
Maybe not.
00:22:10
Do you feel like hacking people and probably getting hacked
00:22:14
back?
00:22:14
Then maybe you need a laptop.
00:22:18
You know, i know someone that actually goes to conferences
00:22:22
with a backpack that he designed that holds a bunch of Wi-Fi
00:22:27
gear in it And all it does is scan all local connections
00:22:34
nearby and immediately starts running through different
00:22:39
attacks, you know, on all these different devices, and at the
00:22:44
end of the day, he goes and looks at all the different
00:22:46
information that he gathered from these devices And he said
00:22:49
that it will be hundreds, if not thousands of devices when he
00:22:53
goes to DEF CON of.
00:22:55
You know unsuspecting people that are not paying attention,
00:22:58
that are trying to use their phone they haven't hooked up to
00:23:01
Wi-Fi or something like that, you know, and they don't.
00:23:05
They don't realize it's happening, but he literally all
00:23:09
he does is walk by and he hacks the device just like that.
00:23:13
So that is definitely something that you should keep in mind.
00:23:18
You know, just understand that there's.
00:23:20
There is that risk.
00:23:22
You know there's.
00:23:22
There's people out there that find it funny.
00:23:25
They find it fun to hack someone to really get as much
00:23:31
information from them as they possibly can.
00:23:33
You know, in some opinions right, some people's opinions
00:23:40
that's malicious.
00:23:41
You know that's that's not good .
00:23:43
They shouldn't be doing that.
00:23:45
But at the same time, there is a really big sign when you enter
00:23:48
the conference that says if you go past this point and your
00:23:51
devices are live, you can expect to be hacked.
00:23:54
It is on you to, you know, manage your own devices and
00:23:58
protect your own devices.
00:24:00
They even say that Now I would absolutely recommend against
00:24:06
hard recommend against bringing any work device.
00:24:12
Leave your work phone at home.
00:24:14
Leave your work laptop at home.
00:24:16
If there's a work tablet, leave it at home.
00:24:19
Do not bring it to the conferences because that opens
00:24:24
you up to a lot of different liabilities.
00:24:26
Because there is a very good chance that when you took
00:24:30
possession of that laptop, you had to sign an acceptable use
00:24:34
policy form And more than likely , somewhere in that acceptable
00:24:38
use policy form said that you want to take it into an
00:24:42
adversarial environment knowingly, that you wouldn't
00:24:46
knowingly do that, that you wouldn't knowingly put that
00:24:49
company device at risk of being breached, of being hacked.
00:24:55
And you know, when you go to these conferences, there is
00:24:59
science, everyone knows it There's.
00:25:02
I mean, there even used to be warnings when you purchase the
00:25:05
badge, whether it's online or in person.
00:25:09
There would be notices saying, like you know you're at this
00:25:12
conference, just take notice.
00:25:13
You need to be aware of where you are and whatnot.
00:25:16
Now, if you're just a normal tourist right in Vegas because I
00:25:22
mean, vegas has millions of people you know, in the city at
00:25:26
all times, basically all times of the year, there's going to be
00:25:29
a lot of different tourists there too You know, if you're
00:25:33
outside of that con, you're, basically you're not fair game
00:25:37
for any semi friendly hackers.
00:25:39
Now, if there is, you know, someone that is bored and drunk
00:25:45
and they're, they're looking for something to do, you know all
00:25:49
bets are off, right, it's a little bit of a higher risk than
00:25:52
what it would be if you went to Vegas in like December or
00:25:56
something like that for vacation .
00:25:57
But you know, for the most part , right, you really have enough.
00:26:02
You have very little to worry about outside of the conference,
00:26:07
just walking around the strip, things like that.
00:26:10
For me, personally, i tend to go with a fair day bag.
00:26:14
You know, put the laptop in the fair day bag, disable the
00:26:17
wireless and the Bluetooth.
00:26:19
The fair day bag is kind of just like that, that, that extra
00:26:24
level of protection, right?
00:26:25
Like, i'm pretty sure I just disabled the Wi-Fi on this
00:26:28
device, but who knows if Apple is still using it silently in
00:26:33
the background and they're still sending out connections and
00:26:35
whatnot, right, like I don't know that because I haven't
00:26:38
analyzed my laptop.
00:26:40
Same thing with my phone, same thing with my watch, all that
00:26:43
stuff.
00:26:45
And so I just try to put it all into a fair day bag.
00:26:48
My watch is a little bit different, because I may have a
00:26:51
schedule to follow, right, i may have different conferences that
00:26:54
I want or different talks that I want to go to, and so with
00:26:58
that, i need to be aware of what the time is, and so just
00:27:02
understand the risk, right?
00:27:04
And another key tip that I think is overlooked often for people
00:27:10
talking about going to conferences make sure you have a
00:27:14
backup of all your devices before you even go, before you
00:27:17
get on the plane to go, make sure that you have a backup of
00:27:22
all your devices, just in case something happens, right, just
00:27:25
in case someone does an attack on you and completely breaks
00:27:28
your device.
00:27:29
You have a backup.
00:27:30
So, yes, it is frustrating as hell for the days that you are
00:27:34
there without that device, but when you get back home, you have
00:27:38
all your data, you have the device operational and you know
00:27:42
what's going on.
00:27:45
I actually know people and I've done it myself that will take
00:27:48
the backup.
00:27:49
They'll go to DEF CON And then when they come back, they just
00:27:53
restore to that backup.
00:27:54
The reason why they do it is because they don't know if
00:27:56
someone was able to, you know, insert some root kit or boot kit
00:28:01
on their device And you know who knows what information
00:28:05
people are gathering and whatnot .
00:28:06
You know, not everyone is an upstanding citizen, right, like,
00:28:10
not everyone is going to have the best intentions for everyone
00:28:13
at heart, and so you should prepare yourself and act
00:28:17
accordingly.
00:28:18
At least that's my opinion.
00:28:20
You know.
00:28:21
Just prepare yourself, right.
00:28:22
I think that's the biggest thing by far.
00:28:26
So what to expect?
00:28:29
you know, i already kind of talked about what to expect with
00:28:33
how the conferences are laid out, with how the villages are
00:28:37
laid out, where they are.
00:28:39
You know, they're typically across a couple of different
00:28:41
resorts, so you get to learn the ins and outs of these resorts
00:28:45
pretty well by the end of the week.
00:28:48
Also talked about, you know the difference between the
00:28:52
different cons and you know talked more about line con,
00:28:57
right.
00:28:57
So I think that that is a really undervalued or underappreciated
00:29:02
part of the conference for new people, Because you know, this
00:29:08
is when you get to network with people.
00:29:09
This is when you get to kind of advance your career.
00:29:12
Even, you know there's, there's people that I never would have
00:29:16
met outside of the podcast, right, because the podcast
00:29:20
wasn't even a thought in my head at the time when I was going to
00:29:23
DefCon for the very first time.
00:29:25
There was people that I never would have met, that I met in
00:29:29
the line that opened my eyes to security and different domains
00:29:32
of security in totally different ways, and that's really
00:29:36
important.
00:29:36
When you're starting out, when you're early on in your career,
00:29:40
you want to learn as much as you possibly can And that's a great
00:29:43
place to start.
00:29:44
That's a great place to actually expand, expand your
00:29:47
mind and expand what you you believe are is possible.
00:29:52
Basically, so, to close it out, what is the best conference?
00:29:58
What do I like to go to the most?
00:30:00
Nothing compares to DefCon.
00:30:02
In my opinion, every single year that I even have like a 10%
00:30:08
chance of going, i try to go.
00:30:10
I really do.
00:30:11
You know, last year I didn't go because I have my vacation in
00:30:14
Germany And that trip alone is like 10 grand.
00:30:18
I mean, all in, like that trip alone is like 10 grand And I
00:30:24
can't rationalize another trip, especially when I'm paying for
00:30:26
Germany myself.
00:30:27
You know I might even be rounding up on that number, but
00:30:34
you know it's a lot of money.
00:30:35
That's the point.
00:30:35
And so I just couldn't swing DefCon right.
00:30:40
But this year I am 100% going to DefCon.
00:30:43
I am very excited to be going to DefCon.
00:30:48
I will be handing out security unfiltered stickers at DefCon.
00:30:52
So if you're at DefCon then you find me ask for a sticker.
00:30:56
If I have any available I'll give them to you.
00:30:58
But if not, you know I'll be placing them randomly, you know,
00:31:03
at slot machines and bars and all the just random locations.
00:31:08
But yeah, you know it's going to be a great time.
00:31:12
I may even have, if you're lucky, i may even have a first
00:31:17
like prototype of security unfiltered t-shirt.
00:31:19
Very excited about that.
00:31:21
But that is to come later on, right, like we got all the way
00:31:26
until August and it's about to be June.
00:31:28
So with that, guys, thanks for listening.
00:31:32
As always, i really appreciate all the support.
00:31:35
You guys are fantastic.
00:31:36
I mean I feel like I have, you know, the best audience, the
00:31:39
best group of people listening to this podcast possible.
00:31:42
So I really thank you guys and I appreciate all of the people
00:31:47
that are listening and our avid listeners.
00:31:50
So thanks everyone.
00:31:52
We'll see you next week.