DerbyCon VII (2017)

This year, Sept 2017, I attended an AMAZING Hackers conference called DerbyCon VII. DerbyCon is an annual conference for InfoSec professionals and attracts a lot of talented people working in the hacker community. This year DerbyCon was held at the Hyatt Regency Hotel in Louisville, Kentucky between September 22-24, 2017. The trip was sponsored by my company, Openwave Information Security, and was well worth it!

The conference runs for a couple of days and includes terrific InfoSec training, presentations, parties, and fun! It’s also a great place to network with others in the InfoSec industry.

If you’re in InfoSec and have never been to any of these types of conferences, here are some highlights to get you motivated.

Accommodating Location

DerbyCon7 was held at the Hyatt Regency Hotel in downtown Louisville, Kentucky, USA on 4th street which is likely one of the liveliest streets in Louisville, full of restaurants with great food, bars and life.

The conference was filled with vibrant social people and empowering companies. It was like a big family congregating in a hotel.

I was surrounded by people who are some of the movers and shakers of InfoSec globally, especially in the United States. I was lucky enough to meet Chris Hadnagy, world-class Social Engineer from Social-Engineer.org and Dave Kennedy, founder of TrustedSec, Binary Defense and DerbyCon itself.

Me(left) and Chris Hadnagy

From right, back row – Me (Gavin Dennis with the team which closed DerbyCon

Booths of eye-openers and sponsors

A lot of great companies were present, sharing their Suite of services, educating us attendees, and gifting memorabilia. I remember getting fidget spinners, scary and funny InfoSec stickers (like Don’t Click on Sh*#t), webcam covers, and job opportunities.

PWNIE Express Booth at DerbyCon

Witness real companies being Vished – Social Engineering by phone (Vishing)

The Vishing Booth at SE Village

Social Engineering is a psychological art of tricking people into disclosing sensitive information or providing access to a restricted resource.. DerbyCon had a Vishing booth where persons volunteered to test their Social Engineering skills against real companies by Phone. Vishing is social Engineering by phone. You may be familiar with the term Phishing (SE visa email) – those evil emails you get trying to trick you into divulging sensitive information or act such as clicking a malicious link or visiting a malicious web page. Vishing is similar but over the phone.

No, I didn’t volunteer for the Vishing booth, but the conversation was broadcasted in the room, and I watched from the audience as persons tried their “voice” and “deceiving” skills against real companies. The objective was to capture Flags (flags are like goals -such as someone telling you a password).

Learn to pick locks in the Lockpick Village

Sample locks to pick

A part of the Lockpick showcase

A sample of locks set up for practising in the Lockpick Village

Ever wanted to feel like a non-techie ninja? Well, you could have learnt to pick locks at the Lockpick Village, a section dedicated to Lockpick training and sales, and where I picked up a lock pick set for Physical Security engagements at work.

Here are the sponsors I found, most of which I remember visiting their booth and leaving enlightened. Truly good stuff.

Milton Security, Rapid7, Strategic Cyber LLC, Binary Defense Systems, TrustedSec, Pwnie Express, Black Hills Information Security, Tanium, Anomali, Walmart (they were also hiring), Morphick, Kenna, Core Security, Cisco, InGuardians, Trimarc, Counter Hack, Isc2 ( I remember getting some neat fidget spinners), WarCollar, SANS, Qualys, GuidePoint Security, SecureWorks, NinjaJobs (Online job board focus, ng on Infosec), CroweHorwath, LogRhythm, ThreatQuotient, Fortinet, Nexum, Synack , Salesforce, Proofpoint, InGuardians, Carbon Black, CrowdStrike, Nusprire networks and Below0Day

PS. I could have just put the link to DerbyCon’s sponsor’s page, but each year it would change, so I chose otherwise.

Test your Lying Skills against a Polygraph test by a US Federal Polygrapher

Someone participating in a lie polygraph test

I appreciated the opportunity to witness a polygraph test. It was refreshing witnesses this in person as opposed to some crazy cop series/movie. If are brave to answer a few awkward questions about your personal life and experiences, with a room full of people watching while you try to trick the system, then this would have been good for you!

Memorable Presentations/Talks

An informative presentation by Black Hills Information Security

Some interesting talks were given in well organised and comfortable conference rooms. I listened to touching and insightful stories of hacking, family, friends, client relationships, growth and inspiration. I left DerbyCon with an improved focus and greater drive to be excel and give back to the community.

One of my favourites was the presentation by Chris Hadnagy where Dave Kennedy managed to switch into the outfit of Chris’ “protective” clown (yes a real clown ?) backstage and return on stage – Like a Boss. Video below

 

The Food!

Gavin Dennis on the hunt for food. 4th Street live

First, the food in the area was AMAZING, and I went on an adventure for each meal, trying to sample the Louisville culture as I’m from Jamaica. What made the food experience seamless is DerbyCon was hosted on 4th Street and from what I’ve heard and seen, 4th Street is like the Hip Strip of downtown Louisville, hosting several favourite restaurants and bars.

Then came #TrevorForget, the overnight star roach

#TrevorForget is a firestorm super humorous hashtag started on Twitter for a small dead roach, nicknamed Trevor, who was slurped up by someone at a restaurant nearby DerbyCon. Waaaaait….remember that part I mentioned earlier about the “AMAZING” food? I’m now considering whether I should be reconsidering?. Anyways, hackers have a wicked sense of humour and the death of my good sir, Trevor, ultimately lead to a crowdfund being created in his honour to support victims severely affected by the hurricane in Puerto Rico. BUT, not before us techs took time to mourn the death of our dear friend, Trevor, in marvellous style. Unfortunately, I was back in my hotel when this happened and didn’t witness it myself. But never fear, pics from Twitter are here!

Candle Vigil for the beloved, Trevor, the roach. Source: Twitter. #TrevorForget

Candle Vigil for the beloved, Trevor, the roach. Source: Twitter. #TrevorForget

Candle Vigil for the beloved, Trevor, the roach. Source: Twitter. #TrevorForget

The GOFUNDME page created on behalf of Trevor for hurricane victims in Puerto Rico

Trevor, you’re gone but not forgotten. “Wars come and go, but my soldiers stay eternal” – 2Pac.

In case you think I’m joking, here’s the full video documentary on Trevor the roach by the person who discovered him @grifter801. #TrevorForget

There’s also link to a full article on Trevor The Roach in the reference section below. #TrevorForget

Thank you

In the end, DerbyCon is an experience I’ll never forget, and If you’re in InfoSec and considering a career change into InfoSec, this and other similar conferences are ideal places to get some real and varied perspectives on what InfoSec life is like.

Big thanks to everyone who made my experience at DerbyCon7 great, see you next year. Here’s a video of derbyCon7’s Closing Ceremony

Wrap Up

Do you have any questions, considering attending your first conference or launching a career in InfoSec? Inbox me, I’m responsive.

Reference(s):