From Newbie to Pro: Making the Most of Security Conferences

1 00:00:02
Speaker 1: How's it going, everyone?

00:00:03
this is another security unfiltered mentorship episode.

00:00:07
So today what we're going to be talking about is conferences,

00:00:12
what you need to know to be successful If you are going down

00:00:17
the path of having, or going to your first conference This year

00:00:22
.

00:00:22
So it is conference season for us.

00:00:24
Security people Conference season for us typically starts

00:00:28
when RSA begins, so like April, may timeframe, and it goes

00:00:34
really through probably September or October.

00:00:37
Even If you really want to close it off, you know, with the

00:00:42
AWS Reinforce conference I guess you could in like November

00:00:46
, but that's a bit far out there for people.

00:00:49
So I I always say it's safe to assume that it ends, you know,

00:00:54
sometime in August for the most part.

00:00:57
So you know.

00:01:00
First I want to talk about What conferences are best for first

00:01:05
timers.

00:01:06
You know, and I get this question a lot what do you

00:01:10
recommend to go to?

00:01:12
What do you recommend to bring?

00:01:15
What should I be expecting at the conference?

00:01:17
How do I network with people?

00:01:19
How do I talk to other people?

00:01:21
All of these questions We're gonna go over it all.

00:01:25
So first, you know, let's talk about some conferences.

00:01:28
So there's typically a local B sides conference, right.

00:01:32
So there's Nashville B sides.

00:01:34
This year There's supposed to be a Chicago B sides conference.

00:01:38
I believe that that's actually in November or something,

00:01:41
something like that.

00:01:41
You know, but major cities typically have what's called a B

00:01:47
sides conference.

00:01:48
They're cheaper, they're, they're typically on the cheaper

00:01:52
end, but you know the same sort of atmosphere of a bunch of

00:01:58
security professionals going there, hearing different talks,

00:02:01
talking, drinking too much, that sort of thing.

00:02:05
You know it's a good opportunity For you to get out

00:02:09
there and get into the community .

00:02:10
You know and I think that that is something that's important

00:02:13
that You know is honestly overlooked a lot of the times,

00:02:19
and that Us, as a security community, we need to be more

00:02:23
welcoming to new people.

00:02:25
You know, other local cons could be Something like a local

00:02:34
OWASP Talk or discussion.

00:02:37
It's not necessarily a conference or anything like that

00:02:39
, but it gets you Used to how the environment is.

00:02:43
It gets you used to go into new places, meeting new people,

00:02:47
talking to new people, kind of even telling your story or your

00:02:52
background right and making those connections and learning

00:02:55
something as you go.

00:02:57
You know, when I was trying to get into security, one of the

00:03:02
things that I did was actually go to local conferences of I

00:03:07
think it was OWASP talks and a few other, just very local.

00:03:14
You know small talks where, like, one person would get up

00:03:18
there and talk about something interesting.

00:03:19
You know some of it I wouldn't even understand, but I would be

00:03:24
taking notes.

00:03:24
I would be, you know, very, you know very tentative to what

00:03:28
they're saying and I'm trying to learn and I'm taking notes on

00:03:31
the things that I don't quite get, that I want to learn more

00:03:35
about.

00:03:35
And of course, you know, in the beginning That's a lot right,

00:03:38
like you're taking copious amounts of notes.

00:03:41
If you have that mentality You can trust me on that.

00:03:44
But yeah, you know, the local OWASP talks and groups like that

00:03:52
is really the best place to start.

00:03:54
And then you work your way Up to a b-sides conference, a little

00:03:58
bit bigger, still local, right, so you're not going anywhere.

00:04:02
Still, on the cheaper side, we're talking, you know, a

00:04:06
hundred, two hundred dollars, something like that.

00:04:08
And then You know, take it, i would say, a step up.

00:04:14
There's, you know, kind of Conferences, that kind of

00:04:19
branched off from larger conferences like DEF CON.

00:04:22
So in Chicago We have thought con, so really all of the

00:04:27
Midwest people come to thought con.

00:04:29
Mostly Chicago people go to thought con, but again it's a

00:04:36
little bit of a bigger conference.

00:04:38
It's a little bigger, if not the same size, as b-sides.

00:04:41
They have multiple tracks.

00:04:44
They have, you know, several different areas and specialties

00:04:49
that you can go down and learn more about.

00:04:51
A lot of people again drinking too much and You know, talking,

00:04:57
networking, learning more.

00:05:00
The key is to really be more open to learning new things at

00:05:04
these conferences.

00:05:05
In my opinion, you know, and if let's say that you're new to

00:05:09
security, your your insecurity Maybe, or you're a security

00:05:14
analyst And this is your first con This is what I typically do

00:05:20
I'll go to, let's say, three to four talks total for the entire

00:05:27
conference.

00:05:27
That relates directly to my job or maybe my industry that I'm

00:05:33
in.

00:05:34
You know, typically they cover all industries.

00:05:36
They cover, really, you know, all professions within security.

00:05:41
A lot of the times they do, and I think it's unintentional, but

00:05:43
that's just how it works out.

00:05:44
And then the rest of the time that I'm there, i am looking at

00:05:52
or going to talks that I'm interested in, things that I

00:05:55
don't know that much about, and I'm actively taking notes, i'm

00:05:58
actively trying to learn more, you know.

00:06:02
And then we have larger scale conferences like RSA, black Hat,

00:06:07
def Con, the AWS conferences are definitely bigger.

00:06:12
You know, microsoft Azure conferences are definitely

00:06:17
bigger, but we'll start with kind of Def Con, for, you know,

00:06:24
for this purpose, right?

00:06:25
So, really, the next step up is Def Con, in my opinion, and in

00:06:29
my opinion, i think Def Con is the best.

00:06:32
Maybe I'm a little bit biased because that was the first major

00:06:36
conference that I went to, but you know, at Def Con it seemed

00:06:42
like people were more open to networking.

00:06:46
It seemed like they were more open to just talking to you,

00:06:50
especially in the registration line, where it's literally

00:06:53
called line con.

00:06:54
The slogan is line con is the real con.

00:06:59
It's because everyone is typically in a good mood, right?

00:07:05
They're, they're gearing up for the conference, they're getting

00:07:08
ready And it's a long line.

00:07:11
I mean you can be literally walking nonstop through this

00:07:15
line for like 30 minutes with no one in front of you, like you

00:07:20
could literally be walking.

00:07:22
That's how long the line is, but with people in front of you,

00:07:26
you know you could be there a couple hours, and so that's why

00:07:30
I try to get there at like 5am, which is always difficult

00:07:34
because it's in Vegas And I don't really go to sleep until

00:07:38
like 2am in Vegas.

00:07:39
So you know, there's there's that to also account for.

00:07:42
But you know, with Def Con people are more open to network.

00:07:49
I feel, and I'll give you a couple of examples.

00:07:53
You know, just from me being in the line at Def Con

00:07:55
registration, i met hardware hackers, i met pen testers.

00:07:57
I met bug bounty hunters.

00:08:00
You know, and I didn't even know this at the time, it was

00:08:07
kind of groundbreaking to me to understand this.

00:08:11
But bug bounty hunters, you know some of these guys.

00:08:13
They work for four months out of the year right Of looking for

00:08:20
bugs in top tier products from top tier companies like Apple,

00:08:26
microsoft, google, you know, nvidia, you name it right, like

00:08:29
a top tier tech company.

00:08:31
They're actively looking for bugs in those products And

00:08:37
they'll make a couple hundred thousand dollars in those first

00:08:40
four months and they won't do anything else the rest of the

00:08:42
year.

00:08:42
You know they'll do their own side projects.

00:08:45
They'll, you know, maybe dabble if they get bored They'll do

00:08:48
another bug bounty.

00:08:49
But you know, for the most part you know the good ones at least

00:08:55
the good ones were talking about the top.

00:08:57
You know 3%, something like that.

00:08:59
Right, they're making all their money in the first four months,

00:09:03
which blew my mind.

00:09:05
I didn't even think that.

00:09:07
You know that was a career option.

00:09:11
You know, before that time, when I met that person, i didn't

00:09:17
even realize that that was more of a career option.

00:09:20
I really didn't.

00:09:20
I thought I thought that it was more for you know, side

00:09:25
projects, you know, or even a hobby kind of you know, nothing

00:09:31
that would ever make you any real money.

00:09:32
But definitely there is people out there that do it, that

00:09:39
actually make a living off of this, which, you know, i find to

00:09:43
be very impressive.

00:09:47
And you know, another thing with Def Con is it is huge.

00:09:51
It is so much bigger than Really every other conference

00:09:56
that I've been to honestly, like , yeah, rsa has, you know, a

00:10:02
large Venue and then a huge place for the vendors and

00:10:07
whatnot, and that's fine at all.

00:10:10
But RSA is more about selling you stuff.

00:10:14
Right, you gotta understand what the conference is and what

00:10:18
you're going to, and stuff like that.

00:10:19
Rsa is more about selling you stuff, introducing new products

00:10:25
and stuff like that.

00:10:25
It's really geared more towards , like, the business leaders,

00:10:30
the business executives.

00:10:31
Right, def Con is more geared towards the technical people.

00:10:38
The people that you know are actually building the tools.

00:10:42
They're building the tech, they're deploying it, they're

00:10:44
running it in the environment.

00:10:46
They're testing different things.

00:10:47
This is for the hackers, the, you know, security engineers,

00:10:51
security analysts, the architects, all of those

00:10:55
hands-on roles.

00:10:57
Def Con is more more for those people and So you know, nine

00:11:02
times out of ten, if you talk to someone at at Def Con, you know

00:11:06
you're gonna be able to find something in common with them

00:11:09
because you're doing a very similar role to theirs.

00:11:12
You know, being hands-on is not Uniform throughout security.

00:11:16
Right, there's different roles that roll under security that

00:11:20
are not hands-on, which is It's a give-and-take, right, like

00:11:26
it's not the best, it's not the worst, it's it's something right

00:11:30
.

00:11:30
And Then we'll go into really the more advanced cons.

00:11:35
And what do I mean by this?

00:11:38
You know you're not gonna go to Def Con and Grab a CISSP

00:11:43
certification.

00:11:44
You're not gonna go to Def Con and get an AWS certification or

00:11:48
an Azure certification Or anything like that.

00:11:51
You're not gonna get sans training.

00:11:53
It's Really not a place for that.

00:11:56
I don't even think it's offered .

00:12:00
I've never even heard of it being offered before.

00:12:02
When we go to black hat, black hat is more training geared.

00:12:08
It's where you know it's some extremely expensive training is

00:12:12
going on and Yeah, i mean that's exactly what it is like.

00:12:18
You're going to black hat and you're typically walking away

00:12:21
with, you know, some sort of training under your belt,

00:12:24
potentially a certification under your belt, and Of course,

00:12:29
you know black hat leads right into Def Con and so then you

00:12:32
have Def Con right there, you know.

00:12:35
Another thing that I want to point out is Def Con is Def

00:12:39
Con's, you know, way less expensive than black hat.

00:12:43
Black hat Last time I checked actually last time I went was

00:12:47
probably 2017.

00:12:48
I think a Basic ticket, low-level pass, was like $2.

00:12:54
For Def Con this year is $460.

00:13:03
So Is it?

00:13:05
is it pricey?

00:13:06
Sure, you know it's not.

00:13:08
It's not cheap, that's for sure , you know.

00:13:11
You can't call it cheap if it's $460 and what?

00:13:16
not right.

00:13:17
But is it black hat?

00:13:20
expensive, you know, and that's the biggest, that's like the

00:13:24
biggest Thing when we start talking about conferences and if

00:13:28
companies will pay for them and things like that, they look at

00:13:32
Def Con prices and they're like, oh, this is nothing.

00:13:35
I'm used to people asking for black hat.

00:13:37
I'm used to people asking for RSA, because I think RSA passes

00:13:41
are even right, around $2, maybe even more expensive, like

00:13:47
4 or something, which is just absurd to me.

00:13:51
But you know that this is more down the advanced route, right

00:13:59
And so at these advanced cons like AWS, reinforce, aws,

00:14:03
reinvent, azure, ignite I believe that's the conference

00:14:07
name for Azure.

00:14:08
You know all these more advanced cons.

00:14:12
You're literally going to them, hearing about new products, new

00:14:17
things that they're launching.

00:14:19
You're getting training, you are Learning about their product

00:14:23
even more and whatnot.

00:14:24
You're drinking the Kool-Aid, so to speak.

00:14:26
You know they're more expensive .

00:14:31
You're getting more training from it, so it's a give-and-take

00:14:34
right.

00:14:35
So, in my opinion, if you're going there for training, it's

00:14:40
probably not really worth it, to be completely honest, because

00:14:44
it is so expensive, it's so cost prohibitive, you know, um, i

00:14:49
actually just purchased my training materials, my

00:14:55
certification passes for three certifications this year and I

00:15:01
think the total for three certs and All training was, i want to

00:15:10
say, $1.

00:15:11
I think it was $1.

00:15:13
All right, $1 would not get you into black hat.

00:15:18
It wouldn't even get you in, let alone training by a company

00:15:24
or someone or, you know, any sort of sans training or

00:15:27
anything like that.

00:15:27
Like it would not get you anything a black hat, okay.

00:15:31
And so to me, if you're going to a con to get training in or

00:15:36
whatnot, if the company's paying 100% Good on you.

00:15:40
You know that's great, but I would rather use That money or

00:15:45
that opportunity on a different conference like Defcon, where

00:15:51
I'm learning new things.

00:15:52
There's multiple tracks.

00:15:54
There's typically, i think, between four and six tracks.

00:15:57
You know, if you go to thought con, there's about two to three

00:16:00
tracks.

00:16:01
At Defcon there's about four to six tracks and a track is just

00:16:06
a different lineup of Talks that people are giving.

00:16:11
It's not necessarily based around a specific topic.

00:16:15
I mean, it could be, you know, you could have days that are a

00:16:19
little bit more overloaded with, you know, hardware hacking or

00:16:23
Bio hacking or hacking drones.

00:16:25
You know, whatever it might be right, but for the most part you

00:16:31
know they're they're.

00:16:32
They do kind of stay around the same thing roughly, but there's

00:16:38
no like set.

00:16:39
You know track one is For, i don't know, pen testing, right,

00:16:45
and then track two is for bio hacking and whatever, right.

00:16:49
It's nothing like that.

00:16:51
And another part of Def Con that I absolutely love is the

00:16:55
villages.

00:16:55
You know, at Def Con It's a huge area, right, so they

00:17:01
typically take up like two or three resorts in Vegas.

00:17:05
That's how big this conference is.

00:17:07
The last time I went, which was Probably, maybe, maybe 2021,

00:17:17
maybe, i don't quite remember it , but the last one that I went

00:17:23
to There was over 40 people registered over 40 people,

00:17:31
you know, and that's just day one registrations.

00:17:33
It was insane, i could not believe it.

00:17:36
But it takes up several.

00:17:39
You know resorts in Vegas and they're all typically, you know,

00:17:43
right next to each other and whatnot.

00:17:47
But, that being said, the villages are also an extremely

00:17:51
interesting place Because you get hands-on learning with these

00:17:54
different things.

00:17:55
There's a social engineering village where you learn how to

00:17:59
socially engineer people.

00:17:59
There's potentially, you know, something like a pen testing

00:18:04
village or a lockpicking village or a car hacking village.

00:18:08
There is so many different kinds of villages at Def Con and

00:18:15
it's really where you're getting hands-on Experience.

00:18:19
You're talking to the experts, you know, face-to-face, there's,

00:18:21
there's no one else, it's more one-on-one And you're learning

00:18:24
about how to actually do the work, which You know.

00:18:29
If you're someone that is new to security, that's trying to

00:18:31
really just get started in security, the villages honestly

00:18:33
are is a little bit more Enticing, a little bit more

00:18:40
valuable for you to spend your time in rather than the talks,

00:18:42
because the talks, the talks, can be extremely advanced and

00:18:45
they can also be very basic, right like I'll give you an

00:18:50
example, there was one talk One year that I went, that the

00:18:57
person was talking about how he was reverse engineering the

00:19:01
security features of intel cpus And how he stumbled upon secured

00:19:05
memory And how he was trying to break into that secured memory,

00:19:10
doing some advanced techniques that I've never heard of.

00:19:16
That I can barely remember, to be quite honest.

00:19:18
But I just remember that literally probably about 95 of

00:19:23
what this guy was saying was going straight over my head And

00:19:26
I looked to my right.

00:19:27
I was there with a friend That I considered to be smarter than

00:19:34
me and it was going straight over his head.

00:19:35
He did not follow it at all either.

00:19:36
You know and there can be other talks that are talking about,

00:19:40
you know, how we need to do a better job of Training people in

00:19:44
security, kind of More soft skills, type of things right,

00:19:50
which is totally different.

00:19:51
Those are two totally different ends of the spectrum.

00:19:54
And then you have villages somewhere, you know, in the

00:19:56
middle, where, yeah, it's advanced, you're learning new

00:20:00
things, but you're doing something different.

00:20:02
Yeah, it's advanced, you're learning new things, but you're

00:20:06
doing it.

00:20:06
You're doing it hands-on and you're learning From the very

00:20:09
best you're.

00:20:10
You're talking with them face to face.

00:20:12
There's no intermediary or anything like that.

00:20:15
It's just a really good experience.

00:20:20
Now, you know, let's talk about what to bring.

00:20:24
So, obviously, you know, you bring your own personal items.

00:20:28
Um, whatever You know, whatever you need to get you through a

00:20:32
trip at in vegas, for instance, for defcon if we're just talking

00:20:36
about defcon, um, you know.

00:20:39
And then, on top of that, i typically I always break a

00:20:42
laptop.

00:20:43
Uh, i have my phone on me, i have my smartwatch on me and You

00:20:50
know, with that being said, you should really consider a fair

00:20:54
day either, a fair day bag.

00:20:57
Um, one of the products that I am looking into right now,

00:21:01
personally, is from this company called slnt It's probably

00:21:06
pronounced something, but that's how I know it as Where they

00:21:10
make, you know, laptop sleeves, sleeves for your phone, sleeves

00:21:14
for Really every electronic device that you can think of, um

00:21:19
to protect it from any outside connections.

00:21:23
And so that's actually pretty important, because when you're

00:21:26
at this conference, you know you'll, you'll see this sign

00:21:29
that says if you Cross this line , you are fair game.

00:21:33
So if you get hacked, if your device gets hacked, you know

00:21:38
That's, that's on you.

00:21:39
You should have known to turn off the wi-fi, to turn off the

00:21:43
bluetooth, to turn off, you know nfc or any other outbound

00:21:48
connection or inbound connection to your device, which Basically

00:21:53
turns your cell phone into a brick, like I don't know if

00:21:57
you've ever done that before, but it basically turns it into a

00:22:00
brick.

00:22:00
Um, it turns your laptop into really only a note taking device

00:22:06
.

00:22:06
So do you need a laptop?

00:22:09
Maybe not.

00:22:10
Do you feel like hacking people and probably getting hacked

00:22:14
back?

00:22:14
Then maybe you need a laptop.

00:22:18
You know, i know someone that actually goes to conferences

00:22:22
with a backpack that he designed that holds a bunch of Wi-Fi

00:22:27
gear in it And all it does is scan all local connections

00:22:34
nearby and immediately starts running through different

00:22:39
attacks, you know, on all these different devices, and at the

00:22:44
end of the day, he goes and looks at all the different

00:22:46
information that he gathered from these devices And he said

00:22:49
that it will be hundreds, if not thousands of devices when he

00:22:53
goes to DEF CON of.

00:22:55
You know unsuspecting people that are not paying attention,

00:22:58
that are trying to use their phone they haven't hooked up to

00:23:01
Wi-Fi or something like that, you know, and they don't.

00:23:05
They don't realize it's happening, but he literally all

00:23:09
he does is walk by and he hacks the device just like that.

00:23:13
So that is definitely something that you should keep in mind.

00:23:18
You know, just understand that there's.

00:23:20
There is that risk.

00:23:22
You know there's.

00:23:22
There's people out there that find it funny.

00:23:25
They find it fun to hack someone to really get as much

00:23:31
information from them as they possibly can.

00:23:33
You know, in some opinions right, some people's opinions

00:23:40
that's malicious.

00:23:41
You know that's that's not good .

00:23:43
They shouldn't be doing that.

00:23:45
But at the same time, there is a really big sign when you enter

00:23:48
the conference that says if you go past this point and your

00:23:51
devices are live, you can expect to be hacked.

00:23:54
It is on you to, you know, manage your own devices and

00:23:58
protect your own devices.

00:24:00
They even say that Now I would absolutely recommend against

00:24:06
hard recommend against bringing any work device.

00:24:12
Leave your work phone at home.

00:24:14
Leave your work laptop at home.

00:24:16
If there's a work tablet, leave it at home.

00:24:19
Do not bring it to the conferences because that opens

00:24:24
you up to a lot of different liabilities.

00:24:26
Because there is a very good chance that when you took

00:24:30
possession of that laptop, you had to sign an acceptable use

00:24:34
policy form And more than likely , somewhere in that acceptable

00:24:38
use policy form said that you want to take it into an

00:24:42
adversarial environment knowingly, that you wouldn't

00:24:46
knowingly do that, that you wouldn't knowingly put that

00:24:49
company device at risk of being breached, of being hacked.

00:24:55
And you know, when you go to these conferences, there is

00:24:59
science, everyone knows it There's.

00:25:02
I mean, there even used to be warnings when you purchase the

00:25:05
badge, whether it's online or in person.

00:25:09
There would be notices saying, like you know you're at this

00:25:12
conference, just take notice.

00:25:13
You need to be aware of where you are and whatnot.

00:25:16
Now, if you're just a normal tourist right in Vegas because I

00:25:22
mean, vegas has millions of people you know, in the city at

00:25:26
all times, basically all times of the year, there's going to be

00:25:29
a lot of different tourists there too You know, if you're

00:25:33
outside of that con, you're, basically you're not fair game

00:25:37
for any semi friendly hackers.

00:25:39
Now, if there is, you know, someone that is bored and drunk

00:25:45
and they're, they're looking for something to do, you know all

00:25:49
bets are off, right, it's a little bit of a higher risk than

00:25:52
what it would be if you went to Vegas in like December or

00:25:56
something like that for vacation .

00:25:57
But you know, for the most part , right, you really have enough.

00:26:02
You have very little to worry about outside of the conference,

00:26:07
just walking around the strip, things like that.

00:26:10
For me, personally, i tend to go with a fair day bag.

00:26:14
You know, put the laptop in the fair day bag, disable the

00:26:17
wireless and the Bluetooth.

00:26:19
The fair day bag is kind of just like that, that, that extra

00:26:24
level of protection, right?

00:26:25
Like, i'm pretty sure I just disabled the Wi-Fi on this

00:26:28
device, but who knows if Apple is still using it silently in

00:26:33
the background and they're still sending out connections and

00:26:35
whatnot, right, like I don't know that because I haven't

00:26:38
analyzed my laptop.

00:26:40
Same thing with my phone, same thing with my watch, all that

00:26:43
stuff.

00:26:45
And so I just try to put it all into a fair day bag.

00:26:48
My watch is a little bit different, because I may have a

00:26:51
schedule to follow, right, i may have different conferences that

00:26:54
I want or different talks that I want to go to, and so with

00:26:58
that, i need to be aware of what the time is, and so just

00:27:02
understand the risk, right?

00:27:04
And another key tip that I think is overlooked often for people

00:27:10
talking about going to conferences make sure you have a

00:27:14
backup of all your devices before you even go, before you

00:27:17
get on the plane to go, make sure that you have a backup of

00:27:22
all your devices, just in case something happens, right, just

00:27:25
in case someone does an attack on you and completely breaks

00:27:28
your device.

00:27:29
You have a backup.

00:27:30
So, yes, it is frustrating as hell for the days that you are

00:27:34
there without that device, but when you get back home, you have

00:27:38
all your data, you have the device operational and you know

00:27:42
what's going on.

00:27:45
I actually know people and I've done it myself that will take

00:27:48
the backup.

00:27:49
They'll go to DEF CON And then when they come back, they just

00:27:53
restore to that backup.

00:27:54
The reason why they do it is because they don't know if

00:27:56
someone was able to, you know, insert some root kit or boot kit

00:28:01
on their device And you know who knows what information

00:28:05
people are gathering and whatnot .

00:28:06
You know, not everyone is an upstanding citizen, right, like,

00:28:10
not everyone is going to have the best intentions for everyone

00:28:13
at heart, and so you should prepare yourself and act

00:28:17
accordingly.

00:28:18
At least that's my opinion.

00:28:20
You know.

00:28:21
Just prepare yourself, right.

00:28:22
I think that's the biggest thing by far.

00:28:26
So what to expect?

00:28:29
you know, i already kind of talked about what to expect with

00:28:33
how the conferences are laid out, with how the villages are

00:28:37
laid out, where they are.

00:28:39
You know, they're typically across a couple of different

00:28:41
resorts, so you get to learn the ins and outs of these resorts

00:28:45
pretty well by the end of the week.

00:28:48
Also talked about, you know the difference between the

00:28:52
different cons and you know talked more about line con,

00:28:57
right.

00:28:57
So I think that that is a really undervalued or underappreciated

00:29:02
part of the conference for new people, Because you know, this

00:29:08
is when you get to network with people.

00:29:09
This is when you get to kind of advance your career.

00:29:12
Even, you know there's, there's people that I never would have

00:29:16
met outside of the podcast, right, because the podcast

00:29:20
wasn't even a thought in my head at the time when I was going to

00:29:23
DefCon for the very first time.

00:29:25
There was people that I never would have met, that I met in

00:29:29
the line that opened my eyes to security and different domains

00:29:32
of security in totally different ways, and that's really

00:29:36
important.

00:29:36
When you're starting out, when you're early on in your career,

00:29:40
you want to learn as much as you possibly can And that's a great

00:29:43
place to start.

00:29:44
That's a great place to actually expand, expand your

00:29:47
mind and expand what you you believe are is possible.

00:29:52
Basically, so, to close it out, what is the best conference?

00:29:58
What do I like to go to the most?

00:30:00
Nothing compares to DefCon.

00:30:02
In my opinion, every single year that I even have like a 10%

00:30:08
chance of going, i try to go.

00:30:10
I really do.

00:30:11
You know, last year I didn't go because I have my vacation in

00:30:14
Germany And that trip alone is like 10 grand.

00:30:18
I mean, all in, like that trip alone is like 10 grand And I

00:30:24
can't rationalize another trip, especially when I'm paying for

00:30:26
Germany myself.

00:30:27
You know I might even be rounding up on that number, but

00:30:34
you know it's a lot of money.

00:30:35
That's the point.

00:30:35
And so I just couldn't swing DefCon right.

00:30:40
But this year I am 100% going to DefCon.

00:30:43
I am very excited to be going to DefCon.

00:30:48
I will be handing out security unfiltered stickers at DefCon.

00:30:52
So if you're at DefCon then you find me ask for a sticker.

00:30:56
If I have any available I'll give them to you.

00:30:58
But if not, you know I'll be placing them randomly, you know,

00:31:03
at slot machines and bars and all the just random locations.

00:31:08
But yeah, you know it's going to be a great time.

00:31:12
I may even have, if you're lucky, i may even have a first

00:31:17
like prototype of security unfiltered t-shirt.

00:31:19
Very excited about that.

00:31:21
But that is to come later on, right, like we got all the way

00:31:26
until August and it's about to be June.

00:31:28
So with that, guys, thanks for listening.

00:31:32
As always, i really appreciate all the support.

00:31:35
You guys are fantastic.

00:31:36
I mean I feel like I have, you know, the best audience, the

00:31:39
best group of people listening to this podcast possible.

00:31:42
So I really thank you guys and I appreciate all of the people

00:31:47
that are listening and our avid listeners.

00:31:50
So thanks everyone.

00:31:52
We'll see you next week.