I've been attending security conferences for 12 years now and find myself learning about more than new technology—I also learn about community and humanity as a whole. When it comes to DEFCON 21, I’ll let other people complain about the latest injustice from some booth babe debacle or about a speaker who got too drunk and said something inappropriate. I'd much rather focus on the positives that I took away from this year.
Lesson #1: Stutter
I sat in a presentation over the weekend with a seemingly new presenter. He was a bit unsure of himself, didn't always convey some of his points very well, and ended up muttering rather than speaking loudly and directly to the audience. It appeared that this gentleman was having a pretty bad case of jitters and maybe wasn't quite ready to give his talk.
Then something happened. I noticed a stutter; a few times subtly and one time very pronounced. Frankly, I wrote it off as the sort of thing that happens to nervous people in a high stress situation.
Later that night, though, I happened to sit across from this presenter at a bar. When he spoke to the bartender, it was in an unmistakable and elongated stutter. I was shocked. I couldn't believe the same person who just spoke in front of hundreds of people was having such an issue just ordering a drink.
In that moment, I felt a tremendous amount of pride for him. He clearly overcame a huge hurdle that was very real to his life. The audience for his presentation may not have realized what I found out, but I do remember seeing many people come up after to thank him and congratulate him. If only they knew what I know now, they would have been standing on their feet and cheering.
It's easy to get lost in the shuffle at an event like DEFCON 21 but I hope that this presenter realizes how accomplished he should feel, not only for the merit of his talk, but also the strength to overcome the challenge he faced.
Lesson #2: Interview
I think there's an unfair perception of information security folks, likely based on people who behave badly on Twitter and mailing lists. But if you spend some time chatting with folks at DEFCON, you'll quickly note something somewhat refreshing: infosec people are really, really friendly.
I happened to be included when a major technology company interviewed a potential employee. For those uninitiated, having ad-hoc interviews for potential hires at conferences is fairly common and so is being asked to help interview folks for a company you don’t even work for (seriously, this has happened a few times).
This interview involved a gentleman that was clearly smart, without having over-the-top educational credentials or a bulletproof resume. Despite this, the ivy league educated interviewers were as friendly and kind as could be. They asked about him, his interests, his passions, and what he wanted to get from his career. They didn't sit back and ridicule him with obscure questions that people only ask to show how smart they are. They never spoke down to him, and constantly made him feel accomplished and welcomed.
The next time you see humans behaving badly online, just remember, they are not the representation of this wonderful community, they are just folks that (while probably talented) just don't get what the rest of us do: we're all able to contribute, given the appropriate chance.
Lesson #3: Mudge
The last lesson was obtained by simply attending the DEFCON 21 presentation by Peiter Zatko (Mudge). In 12 years of conferences, I've seen plenty of presentations. Some were funny, some enlightening, and some boring. Mudge's talk, though, had the audience in a mixture of tears, laughter, and pin-drop silence.
With his stories covering everything from Julian Assange to Barnaby Jack, Mudge took the audience on a ride of emotions. The best part, however, is that he went with us. It's entirely too often that a presenter, no matter how captivating, seems distant from the content as if they are reading someone else's work. Mudge, however, had no slides, a handful of notes, and an honest tone.
The lesson here is that we're all on a journey. The people you may meet, the choices you make, and the stances you end up taking are each a risk in some way. The challenge, then, is to find your rewards within those. For Mudge and all of us in the audience, we were able to share in that reward through some very touching and interesting stories, sure to stay with many of us for years to come
Beyond the booze, parties, and vulnerabilities, DEFCON is a community filled with thoughtful, caring, and expressive people to interact with. If you went to DEFCON 21 but don't have any lessons of your own, maybe take a few minutes at your next conference to ask a couple more questions, meet a new friend, or listen with a bit more intention. There's plenty to learn and it won't always be on a slide.