October « 2011 « Hackers For Charity

I’m sitting in Dulles airport for the next ten hours. The first leg of my trip back to Uganda. I am in transit in more ways than one.

Location:Saarinen Cir,,United States

I was stunned to hear of Steve Job’s passing last night. I was with my 304Geeks friends enjoying some dinner when the news report came on. I was reminded of Steve’s commencement address at Stanford in 2005, which is embedded here.

He was a young man by any standards, a college dropout, a man of passion and vision. He passing really shook me up, and it begs the question–when my time comes, what will my legacy be?

It’s a relevant question for any of us. “Stay hungry, stay foolish” indeed.

DerbyCon 2012 was not just a conference. There was something magical about DerbyCon which transcended all expectations of  a first-year conference.

I could give you the facts and figures, but these details don’t tell the whole story. Instead, let me tell you the story of DerbyCon from my perspective.

In May 2010, a few guys (Dave Kennedy, Martin Bos, Adrian Crenshaw, Elliot Cutright, Kenneth Scott and others) put together a Metasploit class in Louisville, Ky. In the summarized words of these guys, they did it because they loved hacking, they had knowledge of specific subjects and they heard a clear plea for instruction from the community. So they put this class together and donated all the proceeds to Hackers For Charity.

Rob Dixon and Bill Gardner from 304geeks took HFC swag to the event and were on hand to thank the presenters and attendees for supporting HFC.

A few months later, in October of 2010, 304geeks and HFC decided to launch their own hacker conference, called hack3rcon. The purpose of the con was to provide education and a cool networking event for the hacker community and to raise funds for Hackers For Charity. All of the “Louisville guys” volunteered to present and help get the con off the ground.

At $40 a head, 100 people showed up. Carlo Perez flew in from puerto Rico to present. The following week, Carlo proudly wore his hack3rcon shirt and hat on the pauldotcom show as a show of support. We were proud as well.
That brings us to DerbyCon 2011. It was, of course, run by the same core crew that kicked off the Louisville metasploit class and helped get hack3rcon off the ground. Dave Kennedy reached out to me, asking if I would be interested in attending. I was thrilled at the idea, but the travel expenses were outrageous, with me coming in from Uganda. Rob Dixon started asking around and eventually found two more conferences in the area that would be willing to pay me to speak. Dave made a generous financial offer in support of the charity, and before I knew it I was scheduled for a 3-conference tour in KY and WV. Dell called later and asked if I was available for a 5-conference tour the week before. If it had not been for Dave and Rob, I would not have been in-country and I would have likely declined the Dell tour, which turned out to be fabulous, and I will likely work with them again.

Hopefully you’re seeing the theme here. The community working together to do free training, help out “competing” conferences and bend over backwards to support HFC.

DerbyCon was a staggering success. The venue was perfect. The expo and tracks were close together, and there was lots to do in walking distance of the hotel. (I will not discuss whether or not Fourth Street Live was a good or a bad thing to have within walking distance. It spelled eh.. disaster for far too many of us.) Beginning with a lightweight registration of 500, the conference quickly grew to over 1,000 attendees. The atmosphere was electric. The “all-stars” from the Friday track stuck around and mingled for the entire weekend. Each of the speakers on the Saturday and Sunday tracks delivered stellar content and hung out as well. Everyone had a chance to get to know each other, and the sense of community was strong. After all, ‘conference’ came from the Latin conferre which means ‘bring together’, and DerbyCon did exactly that. It brought us together as a community.

That brings us to the numbers. At Defcon this year, attended by approximately 15,000 people, the community provided about $7,000 but my travel expenses cut into that pretty deeply. At DerbyCon, the community pitched in over $11,000, and the conference organizers took care of all of our expenses.

You read that right. A con of only 1,000 people raised more support than a better-publicized and more popular con attended by 15,000 people!

But it keeps getting better. At the end of the con, Dave donated another $500 to Hackers For Charity on behalf of DerbyCon. Then he donated the extra 300(!) DerbyCon bags to HFC and made a generous donation to hack3rcon, making it the first time a hacker conference sponsored another hacker conference.

Technically, the cons are in competition. They’re geographically close together and are run mere weeks apart. But that didn’t matter. DerbyCon sponsored hack3rcon.

This is the side of the hacker community I wish the media would pay more attention to. Free training, fundraisers for good causes, and a camaraderie that is rarely seen in any community.

On behalf of myself and the rest of the community, I would like to thank all those that pitched in to make DebyCon happen. You did so much more than throw a successful con. You brought us together and reminded me of what this community is all about.

I’ve been flat for so long, burdened by so many things. The work in Uganda, and life in general has been pretty heavy. I’ve felt disconnected from myself, sinking, wondering what in the hell I did, what I’m doing in this place. Wondering why I left everything for .. this.

A couple weeks ago, I all but gave up on the only project that had been working, the training center. I was sick of being cheated, lied to, and robbed, but I recognized that a fatal flaw of the enter was that it wasn’t ever supposed to be a business. I knew I had to run it for free. So I made a pitch to the community, half-hoping that you would pat me on the head, say, “Nice, try, it’s cool if you give up”. The response was completely the opposite. Rapid7 ponied up $5k and the community, not to be outdone, raised over $6k, meaning the training center could operate for free for 14 months. No student would have to pay for computer training.

When I boarded the plane to begin an 8-conference tour of the US and Canada two weeks ago, I was still feeling disconnected from myself, adrift, and still scratching my head despite your miraculous intervention on behalf of the center. The plea for help on behalf of the center made me feel like I was throwing band-aids on a long string of failures. I was also dreading my Derbycon talk, and the con experience.. I wondered if I had anything to say. I hadn’t done much.

The Dell conferences came first, and after the first couple cons, I was feeling a bit better because I had to throw some tech demos together and improvise, relying on my years of pen testing, muscle memory and help from some good friends in the community.

I realized something during the Dell cons: I missed hacking. I missed hackers. I missed being a part of the community. On the eve of Derbycon, I sat with some friends (Rob, Matt, Bill) and I told them plainly, “I don’t know what to talk about tomorrow”. I was scheduled to speak on the main track along with legends (and friends) like Bruce Potter, Kevin Mitnick and H.D. Moore. I was terrified. What could I possibly say to hang with the likes of those guys. Coming off a long string of failures, I really had nothing to say. To make matters worse, I didn’t have anything to ask for. I had no charge to the community.

My friends nudged me and helped me talk through it. We realized together that I didn’t have to ask for anything, and I didn’t need to “prove” anything. The heart of the talk would be transparency. I would talk about my failures, and the community’s response to these failures. I would talk about how amazing the community is and thank the community for all they’ve done.

A frenzied eight hours later, I stepped onto the stage. I told my story. I told the HFC story, and highlighted all the times the community bailed me out, kicked this thing into gear. I said, as plainly as I could, “Thank You”.

And something magical happened at DerbyCon. I reconnected with a part of me that’s been missing. I am a hacker. I love technology, and for the past two and a half years, I’ve been out of touch not only with the tech, but the community of people I feel closest to. And this weekend, the community re-embraced me. Thank you.

It’s good to be back.