After attending Def Con for two years, I figured it was time to write about my experiences to help shed light for new attendees of future events. My first year, Def Con 26 back in 2018, was quite thrilling but it was also a lot to take in. For starters, it was actually my first time visiting Las Vegas. In addition, it was my first security conference, so it was a double whammy. Despite all this, I chose to keep an open mind and take in everything for what it was. I love learning and experiencing new things and I was not disappointed, to say the least.
Environmental Awareness, What to Know About Las Vegas
Firstly, Las Vegas is in the state of Nevada. This particular city in Nevada is fairly desert-y, so it tends to get hot – really hot. In fact, per Wikipedia, Nevada is the driest state in the U.S. That said, be sure to dress comfortably and drink lots of water. Dehydration and fatigue are no fun, especially with the desert heat and sun in its fullest during the middle of the day.
I brought at least one filled water bottle with me daily during my time there and some days even two, just in case. Walking was my preference as opposed to getting a ride or anything of the sort. It was a nice workout and allows you to sight see the strip while trekking. There are many cool statues and things to see, from horses to flamingos, and even folks dressed in Disney character costumes! Plus, it’s not very common to walk through mist clouds in Washington state, so the uses of these apparatuses were quite fun! I refer to mist clouds as the mechanized mist blowers conveniently located alongside the strip.
I say all this in the preparation of making the most of your time there. The conference is held between four hotels, so you’ll need to walk between buildings depending on the conferences’ layout. Be sure to plan on getting outside time whether or not you’re walking or catching a ride. Afterall, ride shares cannot enter buildings, so you have to go outside even if it is for a brief amount of time to get into a car. Plus, it wasn’t really worth it for me to catch a ride for a simple five-minute walk. Eh, maybe, if you’re dead set on minimizing walking requirements I wouldn’t blame you, but I preferred walking.
Conference Awareness, What to Know About Def Con
Okay, now that we covered the environment, let’s discuss what Def Con is all about.
To me, Def Con is about security folks coming together and sharing their experiences. I will say, some folks are better presenters than others but that doesn’t matter. I say that in a nice way, sometimes language is a barrier but that shouldn’t take away from the experience and fruitful findings being shared. What matters though is that they’re taking their time to share what they’ve learned and experienced while in the field. Take what you can from them and let that information sway you in either direction – whether you continue to be interested in said subject or having learned more about that topic, you realize maybe you aren’t so interested in that subject.
This is actually how I decided what presentations I wanted to attend, based on the name and the description. Some titles weren’t entirely clear, however, so sitting through the talk and taking it for what it was helped me gauge, at least somewhat, what I needed to shift my professional focus on. Some topics were hard to follow, and others were hard to follow but also tough to understand in terms of language, but I used the associated slides as an acknowledgement of what the presenter was talking about. Having said that, be sure to keep your phone or camera charged to last many pictures.
I took a lot of notes, some handwritten and others on my laptop. Don’t worry, I didn’t and don’t use Bluetooth nor Wi-Fi during my time in Vegas (read the following paragraph for a dive into what I mean by this). I highlighted what I was able to understand in my notes and jotted down questions in a “next steps” format about how I should further dig into the topics. Pictures are worth a thousand words, don’t forget that!
That makes for a great point – before attending my first year I researched a few things about what to know attending Def Con. Many folks claim you should bring a burner phone, burner laptop, burner this and that. If you can swing that, cool, but I believe taking security precautions is equally as important. That said, and to reiterate, I didn’t really use any wireless technologies. At my hotel room I did connect to my phone’s hotspot but didn’t connect to anything else anywhere else. No Bluetooth headphones, only wired. No Wi-Fi – at all. This included my hotel room as well as the official Def Con wireless network.
One other piece of advice I can offer that I missed the first time there and vaguely worked on during the second visit: plan on chunked hours. Keeping in mind the time it takes to walk between buildings with Tracks, as the presentations are referred to, and Workshops or Demo Labs. The 15-minute layover between schedules seems like a lot but isn’t really a lot at the same time. Using the restroom, filling water bottles, waiting for crosswalks, these all add up.
What was nice about this year that I maybe didn’t notice last year was that different components were held at different hotels. For instance, Villages were held in one hotel and Tracks were held in a different hotel; Skytalks were held at the same hotel where the main Tracks were but on a different floor. This made for planning on doing Tracks or Skytalks for a set time. I took a chunk of time to check out the Demo Labs as well; that way I was in the same general vicinity to reduce travel times.
Lastly, I just realized I never gave my understanding of each of the components. There are Presentations / Tracks, as they’re often referred to. This is where there’s a speaker in a larger room to accommodate the sometimes-larger audience set. There are Villages where folks are clacking away on their keyboards doing what that village entailed. I didn’t quite understand its purpose but there were few empty seats and there didn’t seem to be anything guided. I didn’t go to all of them, so I am sure some were different, but this seemed to be geared more towards folks with a mission on their mind. I would need to explore these more in the future to better understand what they’re all about.
There was also Workshops, but these require preregistration that seem to fill up rather quickly. I have yet to attend one but am hoping to in the future. These seemed to be more guided perhaps, akin to trainings but I cannot back that up with my experiences. Demo Labs seemed similar to Workshops but not quite the same. They didn’t require registrations and offered limited seats. Presenters would talk about their findings and, you guessed it, offer a demo of their work in the form of a video.
Finally, there are Skytalks, which were quite the experience and I highly recommend them and will be sure to attend more in the future. These talks are “off the record” and do not allow any form of recordings. These talks are real-life people in real-life positions of employment more or less offering truths that perhaps they wouldn’t want their employer to know about, per se. At least this is how I took my first and only Skytalk I attended at Def Con 27. You can read more about this in an upcoming blog post.
The main takeaways in this post are more geared around me summing up my experiences for potential new attendees of Def Con in the case of future events. Putting aside the first time visit to Las Vegas and a security conference in general, remember that Las Vegas can be hot – really hot. Be sure to keep a water bottle or two handy and dress comfortably. I was content wearing t-shirts and shorts, and some really breezy shoes that I still wear from time to time. There are water stations throughout rooms and talks, but going between hotels exposes attendees to the great “heat ball” (aka the sun).
Regarding Def Con itself, be sure to squeeze in a well-timed lunch break to unwind and somewhat digest all that you’ve learned. There are a lot of smart folks who are capable of some really awesome things and some of it may be even over my head. It’s okay, take high-level notes while you’re there and research them more with time. I mainly went to the Tracks, a couple Demo Labs, and checked out a few Villages my first year. My second attendance was similar, but I attended a Skytalk and that was quite the experience in and of itself.