To be clear, I do NOT recommend anyone to attend this conference. As a Jamaican working in the Information Security industry, I was offended when I first heard of a security conference called RastaCon and even worst when I visited their website and viewed the social media posts of some of their speakers.

The banner on the RastaCon.ninja website as at April 10, 2019

The innovator and one of the listed speakers

The abuse of a religion

Let’s define Rasta – Rasta (also known as Rastafarian) “is a religion created by a Jamaican man named Marcus Garvey. He created it after the crowning of Ras Tafari Makonnen (Haile Selassie I of Ethiopia, also known as Prince Tafari before his coronation) which took place in Ethiopia in 1930”.

Any venture using the name of a religion out of context to boost their interest is very likely sending an inappropriate message that could easily spark passionate disagreements from the religious followers.

Rasta is not a slang, and even though on the streets of Jamaica you might hear people informally use it as a slang, we understand it’s nature and origin. You would not find a business using “Rasta” as a slang or even worst using the word Rasta in a non-religious way to promote their product and services.

If you’re sceptical as to whether it’s inappropriate or religiously offensive consider the following other names for security conferences that do NOT exist:

  • IslamCon or MuslimCon or AllahCon
  • ChristianityCon or ChristCon
  • HinduismCon or HinduCon
  • JudaismCon or JudaCon

Does it feel a little uncomfortable to say the above out loud? It should.

From a religious perspective, I would not recommend anyone to attend this conference. The organisers lack empathy and respect for Rastafari. Even though Jamaica itself still has a far way to go to appreciate Rastafari at the level it should.

The abuse of a nation

One of the speakers with the no #NoNoobsAllowed hashtag

 

Rasta is widely associated with Jamaica, also is our native language Patois. Seeing Patois being poorly used on their RastaCon website to promote their business venture rubbed me the wrong way as a Jamaican, and it also did the same to other Jamaicans around the world. “Jamaican Me Secure” is not how we speak as Jamaicans and implies that the organisers didn’t think to consult an actual Jamaican before writing that phrase. It’s subtle but immediately stands out as just culturally wrong. This suggests their lack of due care and respect for Jamaicans and a Jamaican themed business event in Jamaica!

Say hello to Mr #NoNoobsAllowed

Many might also shy away from the discussion, but race plays a part in why Jamaicans would feel offended and why I’m also offended. If you combine the multiple issues of this conferences message along with all-white speakers (i.e. No PoC or Jamaican speakers), it becomes clearer that Jamaica’s interest and its people are not yet a priority to the conference organisers. Your statements of division, classism and all white panel is all too familiar to a country that significantly suffered through slavery. For people who are mentally emancipated and educated are likely to see that perspective too, unless that’s not the type of audience the organisers hope to connect with.

 

Someone disagreeing with the knock-off Jamaican phrase

 

My own comment

From a national perspective, as a Jamaican citizen working in InfoSec, I would not recommend any Jamaican to attend this conference.

The abuse of a profession

Public articles about the Pwnhead shortcomings

 

Noobs stay away, although the venue has not yet been selected

There were multiple rude statements about people who are at the entry-level of InfoSec. Comments like “No Noobs” on their website and #NoNoobsAllowed hashtag on Twitter by one of their speakers was of concern. A Noob is an alternative for Newbie, someone new or fresh to an activity or area. This shuns students, enthusiasts, entry-level and even mid-level security professionals by telling them they are not worthy of being a speaker or an attendee, at least if they consider themselves a “Noob”.

Extract of public links covering Pwnhead’s shortcomings.

 

History is an excellent teacher because it helps us to learn from the mistakes of others and make smarter decisions if we choose to embrace it. The Pwnhead website in 2018 was a prime example of why looking down on security professionals based on their public achievement or recognition in the industry is a bad thing.

For the RastaCon organisers to say “No Noobs are allowed”, is equivalent to saying “if you’re not yet publicly seen as an expert then you are not welcomed as a speaker nor an attendee”. That’s not the kind of message that I would support in any industry, and I would discourage anyone from attending a conference that sends that kind of message whether directly or indirectly.

Their form asking you to rank yourself so you can be vetted for entry

To buy a ticket, there is a section on their form which asks you to “rank your skills”. Maybe if you select the wrong option, you might not be allowed to buy a ticket, I guess we will never know.

The organisers did not learn from history, especially since one of them is referred to as an “International Cyber Expert” – Joshua Crumbaugh. If they did learn they would remember that the Pwnhead website that launched in 2018 as a ranking system for Security researchers was met with lots of passionate negative criticism from the InfoSec community, especially on Twitter. As a result, the website’s operators changed their approach and removed the scoring system of security researchers. The negative criticism surrounded the “Elitist” objective which many professionals across various industries consider as stifling and destructive to any industry’s positive development. You can learn more about the concerns around Pwnhead by doing a google search.

From a professional perspective, I would not recommend anyone to attend this conference.

Website Security

The results of the RastaCon site using Scott Helme’s Securityheaders.com

I do not believe shoemakers should be exempted from wearing proper shoes. I’ve had disagreements with security “professionals” who push security services in people’s faces but don’t implement good security on their public assets. For example, I’ve seen many security consulting companies who did not use HTTPS, harden their website during times when they were advising others to do so. Fortunately, the RastaCon  organizers used HTTPS but did not set any security headers. I am against companies who don’t practice what they preach especially in this InfoSec industry, and if you are teaching or selling security to the public, I believe you should take the time to present a good public image of security before you expect people to buy into your message.

From a Cyber Security perspective, be critical of InfoSec conference organisers who have poor website security. You’re probably just donating your time and money into darkness. I would not recommend this conference.

Shady Impressions

Limited seats. but no venue as yet. Does not add up

First impressions are a heck of a thing, and even when I set aside my professional security knowledge and looked at their website’s overall promotional message, it appeared to be shady to me.

Call for papers will be open for another 6 months

Consider this, on the RastaCon  website, it says they have a “limited number of seats due to high demand”, but they are still looking for:

  • Speakers – with a deadline of October 9, 2019 (6 months away)
  • an event location – how can sets be limited without yet having a limited space (venue)?

Contact

Only email addresses welcomed

There was no email address or contact number on the website to reach the organisers. The website  also doesn’t state who is the organiser of the conference

The “contact us” section is a single field that accepts only your email address, no you cannot provide the details why you’re contacting them. If you submitted an email address, you would receive the following response message “Thank you for submitting”. So what happened to your email address? It’s gone to … somewhere? Email harvesting? Hmmmm….

Did I mention before that I do not recommend? I apologise if I didn’t.

Reference(s):

Note (April 19, 2019): The Twitter handle of Georgia Weidman was listed above (as she was listed as a speaker) but has been removed out of courtesy, based on private discussions with her.