Top Takeaways from DEFCON!

…and that’s a wrap on BlackHat and DEFCON 2023! This was my first time attending both conferences, and I wanted to share both biggest takeaways from these events, as well as tips for others navigating this conference for the first time.

Top Takeaways

1. Threat modeling for AI models is the next need. On both sides—knowing how AI can aid and help defenders, as well as the threats of AI models themselves to cause great harm—there is work to be done. We can’t run from it. As security professionals, we must embrace these changes and do what we do best: plan for the worst. As the BHUSA Keynote Maria Markstedter, put it best on Day 1, [as a security professional] you won’t be replaced by AI, you will be replaced by a security professional who knows AI.

2. Public sector needs assistance from private sector to help high risk groups and civil society orgs. One major takeaway from this year’s conferences (particularly DEFCON’s roundtables) was that while DC offices will write strategies, the real implementation work relies on NGOs, private corporations, civil society orgs, and grassroots initiatives itself. The strategies really act as a Call-to-Action for everyone to mobilize and raise their voices about the resources, funding, and support needed to bring the vision to life. This left me with lots of thoughts around the role of students like ourselves with regards to NCWES, National Cybersecurity Workforce and Education Strategy.

3. Pushed myself WAY outside my comfort zone: Vegas is the wild, wild west! For an ambivert like me, I learned how you need to stay hydrated, wear a mask through casinos to prevent headaches, keep on a consistent meal and sleep schedule, and take time for yourself when needed. There was one night when I simply came home from a long day of networking and exploring and knew I needed to take a long, self-care bath.

Top Tips for Navigating DEFCON!

1. Download HackerTrack to plan your schedule for each day in advance. But don’t mind if things come up and if your schedule doesn’t go as planned!

   HackerTrack has a way that you can directly add each session to your Cal app. However, you won’t end up making every session because you might get caught up exploring villages, you might have spontaneous run-ins with individuals who were a part of your cyber-journey, and some sessions will be three hotels away and you simply don’t wish to walk that far between two sessions (some of these sessions are recorded too!).

2. For your first-time, just take some time to explore the villages! My personal favorite villages were the Lock Picking Village, the Car Hacking Village, AI Village, and (surprisingly!) the ICS Village. The best thing I found about the villages is that the individuals working there were SO open to guiding you through their displays and helping! This spirit encouraged me to ask questions: for example, I got into a long discussion with an individuals in the ICS Village about the largest struggles faced by ICS operators in Cyber. DEFCON is more hands-on then BlackHat,

   In the AI Village, we just walked in and were ushered into a challenge. We just signed up, and decided to stay and try the challenge for about an hour. This spontaneous run-in ended up being one of my favorite moments of the entire week. <3

3. Make time for coffee-chats and early morning catch-ups: Each day starts around 9 AM, so get ready to wake up early and schedule some coffee-chats at nearby coffee shops with mentors. This is where the real magic of DEFCON is (just like BlackHat!).

4. Bring comfortable walking shoes (and a face mask!): I think I averaged 20,000 steps a day during BH/DEFCON week in Vegas. DEFCON is definitely more informal in terms of attire, so don’t be afraid to bring comfortable walking shoes!

Final Fast Tips!

• Write down your biggest takeaways down as you have them, or at the end of each day.

• Connect with speakers/connections over LinkedIn or email as you go, instead of all at the end of the week.

• Set your Wi-Fi off or go on LockDown mode on iPhone during the week. Also turn off Bluetooth within Settings (there was even a hacker at DEFCON this year who was sending Apple TV connect alerts to anyone who still had this on!). Refrain from bringing work computers to the conference hall.

That’s all, folks! The last thing to keep in mind for DEFCON is that the vibe is definitely more research-centric and hacker-oriented than BlackHat. For students (even those interested in policy), I would actually recommend doing DEFCON, and for those interested in startup/entrepreneurship/investing, I would recommend BlackHat.

Best of luck and WINS on!