Wrapping up DerbyCon 7.0
Louisville, Kentucky. Definitely not the sort of place that comes to mind when thinking about a super-fun weekend getaway, especially if you’re a security-doer. But that changed 7 years ago when Dave Kennedy and co. founded DerbyCon, the South’s premier security conference, which is where I’ve had the pleasure of spending my last weekend — both attending and presenting.
DerbyCon is not your typical security conference; It’s rather small, people are super friendly, there is a lot of emphasis on the “family” feel, you can even see that on Twitter when people are talking about the “DerbyCon Fam”. Other than spending the time listening to security talks from the best minds in the industry, there is also “Lobbycon” — a random and perpetual gathering of people in the lobby of the venue — the Louisville Hyatt Regency hotel.
LobbyCon is an experience of its own, perhaps the best thing about DerbyCon — people from all over the US and the world just standing around, making random conversations and making new friends. The atmosphere is relaxed, people are always smiling and there is always something happening in LobbyCon; from a random guy dressed as a wizard who’s preaching the gospel of the PoC||GTFO bible from the second floor of the lobby, or the DerbyCon rootbeer float crew led by the wonderful hacks4pancakes (Lesly Carhart) who were literally, making rootbeer floats and handing them out for free along with Ed Skoudis and his crew who were handing out amazing pies to the lucky people at LobbyCon. If you are smoking, or just want to breathe some fresh air, the gathering overflows to the street outside the hotel. People are everywhere, and most of them are eager to meet new people and make friends.
And of course, just like any other con — there are the talks. Some of the brightest minds in the industry were there. Sharing anything from new exploitation techniques to tips on how to make your home office automated JARVIS style. In all the talks that I’ve seen, the presenters were friendly, funny and presented very well. The atmosphere, just like LobbyCon, was relaxed as if you were at a dinner party and not a security conference. And if that’s not enough, Dave Kennedy himself popped up randomly during every talk from behind the speaker, offering him the wonderful experience of being “iced” or “V8'ed” on stage. Dave would present the speaker a hot (not warm, HOT!) can of Smirnoff ice or V8 tomato juice as a very amusing way of saying “thanks for coming to speak at derbycon”. Those who were lucky (like myself) even received the full treatment of hot Zima. And in case you were wondering — it tastes as if death and the plague had a baby and it was born in the toilet.
This year, I’ve had the pleasure of being a speaker at DerbyCon, presenting my research about vulnerabilities in hundreds of thousands of internet-connected security cameras. And here is my confession: I am an experienced public speaker. I’ve presented many times before in conferences around the US and the world(RSAC, LayerOne, CircleCityCon, BsidesTLV, and the list goes on…) but DerbyCon was a personal milestone for me, I was really excited about it. So excited that I couldn’t sleep for two days. When the moment of truth came, I was shocked to see people queuing up to hear me speak — a truly humbling experience. If you haven’t been to my talks, I tend to… Err… Drop a lot of f-bombs. While I was setting up for my talk, I asked the audience if it’s okay with them that my talk will indeed have some f-bombs embedded in them, the answer was — “fuck yeah!” it was that moment where I realized that I’m home.
As I said, Derbycon is all about “the fam” feel. You won’t find any rude goons that disrespect the participants or just walking around the hallways shouting at everyone — it is all about respect and hospitality. I experienced nothing but respect, courtesy, and professionalism from every one of the DerbyCon crew members. This was later taken to the next level where at the second night of the con, the main event of the party, a live show by Busta Rhymes was canceled due to Mr. Rhymes simply not showing up. Dave Kennedy invited everyone to drinks. On him.
As DerbyCon was getting to its final hours, it was my time to head out to the airport for our journey back to Boston. I came to a conclusion — it was the best con that I had ever been to. While my first DerbyCon was last year, I was then preoccupied with our big move to the US and a health emergency with one of our cats. This year, all was well and I was fully invested in experiencing DerbyCon to it’s fullest, from speaking and attending other talks and participating in other activities such as the hilarious “who’s slide is it anyway” in which I won second place and the amazing PoC||GTFO bible as a prize.
When I got back to Boston, I realized that I have the PDB — post DerbyCon-blues and apparently I wasn’t the only one.
I can’t wait for next year’s DerbyCon — even if it would be half of the fun as this year’s DerbyCon — it would still be perfect.
