DEV Community

Tanya Janca
Tanya Janca

Posted on • Edited on

Hacker Summer Camp 2019

Last week I attended what is affectionately known as HackerSummerCamp, a combination of several events that happen in Las Vegas, USA, during the same week. There are several events, but the main ones you are likely to hear about are Black Hat, Def Con, B-Sides Las Vegas and the Diana Initiative. 

This blog post will detail preparing for the event, what happened, cool people I met, and a few things that I learned along the way.

But before any of that I need to tell you: I won the Cybersecurity Woman Of The Year Award for "Hacker of the Year". To say that I'm honoured is an understatement.

I won the Cybersecurity Woman Of The Year award for

I won the Cybersecurity Woman Of The Year award for "Hacker of the Year".

Okay, now that the bragging is over, let's talk about safety and preparation for attending such an event. This was my 3rd hacker summer camp, and ever since I got malware in the first 11 minutes of my first workshop, the first time I attended Def Con, I have been very, very cautious. Although most of the people that attend this series of events have good intentions, (unfortunately) this does not describe everyone.

Here are the steps I take to ensure my devices come home in one piece/are restored when I return.

  • Do not connect to any wifi with a device that you love. Bring a burner phone or laptop if you must connect.
  • Make a backup of your laptop, then ghost it, attend Hacker Summer Camp, then ghost it again when you get home, then restore from disk. This helped a lot when I had gotten "the gift of malware" in 2016.
  • Turn off your blue tooth and wifi. Ensure they won't turn themselves back on or do any scans.
  • Use cellular, it's safer.
  • Ensure that YOU are safe at all times. Do not go to a party alone or with people you don't know. Don't accept drinks from strangers. Don't go back to someone's hotel room unless you feel safe to do so. Exercise all the caution and then some more. Even if you have met someone before, be careful; you are the most valuable thing you have.
  • Register for parties in advance to make sure you get a ticket.
  • Buy tickets to conferences in advance to make sure you get in.
  • If you go to Def Con prepare to wait in line for at least 50% of the time. Seriously. If you are an extravert like me this can be fun, but if you are an introvert be prepared.
  • If you can network and make friends in advance it's a good idea to do so. Attending in a group is always safer and usually more fun as well.
  • If something happens, TELL SOMEONE. If a person has done something obviously inappropriate to you, they will (sadly) likely do it to more people if you let them get away with it. Please report. For DEFCON there's a hotline. And the people working there are super awesome and kind. They will help, regardless of the situation you're in, regardless of the persons involved. You can even report anonymously over the hotline. Again: please report.
  • If you have to do live demos I suggest recording them (I KNOW! Then they are not live). That's what I did and guess what? My laptop is fine!

EVENTS!

Now let's talk about all of the different events I had the opportunity to attend. This was a jam-packed week of exciting things, many happening at the same time, and choosing was tough. 

First I met up with my new friend Jeny Teheran, who accompanied me to the Cybersecurity Woman Of The Year Awards. 

Vandana Verma, Jeny Teheran, myself and Chloe Messdaghi

Vandana Verma, Jeny Teheran, myself and Chloe Messdaghi

Jeny was a total blast, she let me drag her all over before the ceremony. My good friend Vandana Verma joined us at our table for dinner, and Chloé Messdaghi of WoSEC SFO was cheering louder for me than anyone else. SO MANY amazing women were there, I could not possibly name them all. One of the people presenting the awards was Ann Johnson of Microsoft, who gave me a hug after I won! I can now put "Hug from Ann" on my performance review this year. ;)

The next day was theoretically a day off, however I spent the day meeting up with many of my friends that I only see at events, which meant brunch with Miriam Wiesner, Sarah Young, Lidia Guiliano and Vandana Verma.

Yours truly, Miriam Wiesner, Sarah Young, Lidia Guiliano and Vandana Verma.

Yours truly, Miriam Wiesner, Sarah Young, Lidia Guiliano and Vandana Verma.

That day I also received my Microsoft Trading Cards. Each employee had trading cards made, instead of business cards, sort of in the style of a baseball card. Silly facts and a photo meant all of us spent some serious time trading with each other. Here's mine.

My out of focus trading card. I still have some!

My out of focus trading card. I still have some!

In the evening I spoke at #Codenomicon, an event by Synopsis. There I was on a panel with Chenxi Wang, Julie Tsai and Meera Rao. We all seemed to agree that DevSecOps was good, but everyone had different ideas on how to achieve the best and most secure end state. 
Chenxi Wang, Meera Rao, Julie Tsai and me.

Chenxi Wang, Meera Rao, Julie Tsai and me.

The next day was Black Hat and I immediately headed to the Arsenal to finally meet a few people in person:

Mohammed Aldoub, he made an open source tool called BARQ, we had never met in person before!

Mohammed Aldoub, he made an open source tool called BARQ, we had never met in person before!

Microsoft's own Miriam Wiesner presenting

Microsoft's own Miriam Wiesner presenting "EventList"

Then I went to see some Black Hat talks.

The Path Less Traveled: Abusing Kubernetes Defaults

Ian Coldwater, Duffie Cooley: The Path Less Traveled: Abusing Kubernetes Defaults

Kelly Shortridge, Nicole Forsgren: Controlled Chaos: The Inevitable Marriage of DevOps & Security

Kelly Shortridge, Nicole Forsgren: Controlled Chaos: The Inevitable Marriage of DevOps & Security

Thursday night I went to the Cyberjutsu Awards

Cyberjutsu Awards
My friend Vandana Verma won the Secure Coder category! I could not be more proud of or happy for her! <3

Hosted by Mari Galloway and MC'ed by Jules Okafor, Vanadan Verma receiving her well-deserved award!

Hosted by Mari Galloway and MC'ed by Jules Okafor, Vandana Verma receiving her well-deserved award!

I also got to meet SO MANY new amazing humans. You can see another write up here by Mansi Thakar.

More nominees!

More nominees! 

Even more nominees and WINNERS!

Even more nominees and WINNERS! 

Then I went to the Canadian Hacker Party, which has no photos, but it did involve maple syrup, hockey sticks and a "screeching in ceremony". I ended up being too tired and missed the Microsoft Appreciation Party, which was a disappointment for me. I'll have to ensure I make it next year to I can get an "Enable MFA!" shirt that actually fits.

Friday was the Diana Initiative!

Obviously, I wore purple. ;)
I presented on OWASP DevSlop (no surprise there), and did a realllllllly long demo but no one fell asleep so I think it was pretty good. :)

Spending quality time with MSFTers at the Diversity Booth Sarah Young and Diana Kelley!

Spending quality time with MSFTers at the Diversity Booth Sarah Young and Diana Kelley!

Dina Davis, of

Dina Davis, of "Code Like a Girl", live tweeted my talk, which was very flattering. :-D 

Then my friend Aaron Hnatiw and I went to the Hacker1 Live Hacking event to 'cause a ruckus' as we had last year. It was pretty cool; I chatted with a lot of people about various angles of bug hunting and finally met Jocelyn Chan from WoSEC Sweden in person. I even got a very short visit with my friend Tiffany Long

After that was the WoSEC Crashes Def Con Event! Which was part of Def Con's Diversity Party and it was GREAT. It was organized by Chloé Messdaghi, Jon McCoy, and Zoe Braiterman.
WoSEC Crashes Def Con Event

Chloé Messdaghi

AppSec Village at Def Con

Friday I was the opening keynote for the first-ever AppSec Village at Def Con! It was amazing, and I'm so happy that AppSec has finally found its place within Def Con. You can see my slides here: http://aka.ms/purpleslides 
See my slides here: http://aka.ms/purpleslides

Then I spoke at the Cloud Security Village, which was also super fun! If you missed my talk at Def Con you can see it here when I did it at Microsoft Build with Teri Radichel. Of course, it's even better with Teri. ❤

Amazing Humans That I Met 

(note: many are missing, I didn't get photos of everyone)

Jocelyn Chan, Sweden WoSEC Chapter Leader!

Jocelyn Chan, Sweden WoSEC Chapter Leader!

Larci Robertson, and Xena Olsen, WoSEC chapter leaders of Dallas and Chicago

Larci Robertson, and Xena Olsen, WoSEC chapter leaders of Dallas and Chicago

Ian Coldwater, me, and Representatives from the #OWASP Mexico City Chapter!

Ian Coldwater, me, and Representatives from the #OWASP Mexico City Chapter!

I got to meet Ian Coldwater in person and they are even better than on the internet!

I got to meet Ian Coldwater in person and they are even better than on the internet!

Conclusion

This was my best Hacker Summer Camp yet, and not only because I won an award, got to speak 4 times and received 100 hugs. I feel that the atmosphere has changed since the first one that I went to in 2016, for the better, and I don't think that this is only because there were more women attending. I think that the organizers and many other groups (especially WISP and Diana Initiative) have worked really hard to create a safer and more-inclusive edition of this year's Hacker Summer Camp. THANK YOU!


For this and more, check out my book, Alice and Bob Learn Application Security and my online training academy, We Hack Purple!

Top comments (0)