Man, San Diego is beautiful. I don't know exactly why John Strand and Black Hills Information Security chose to hold Wild West Hackin Fest 2022 - Way West here, but it was a great idea. This is my second year attending the con and last year it was held in Reno, Nevada. Reno was great, but the cities are like night and day, much like my experiences. You can find my account of the 2021 con here at WWHF 2021.
The first big difference is that we offered an in-person and virtual Professionally Evil Application Security course as part of the Antisyphon Training in San Diego. Well, Kevin Johnson and Nathan Sweaney did. I monitored the discord channel and helped the virtual attendees troubleshoot issues, get information and field questions to the instructors. And then I watched and listened in amazement as Kevin and Nathan taught, answered questions and told stories.
I have heard Kevin present many times and he is very engaging, smart, and entertaining. But watching him teach and pull detailed information from 25 years ago from some dark corner of his brain is a magic trick not many can pull off. Last year, I didn’t have enough
experience with Secure Ideas yet, and so I spent most of the conference experiencing the talks and events. This time I spoke to clients, potential clients, and other security professionals with much more confidence than I would have thought possible a year ago. I heard myself saying things like “API security standards”, “risk management” and “LDAP query” and I actually knew what I was talking about.
The downside was I did not get to spend as much time listening to the talks and visiting the labs. Between the days in the training and the booth, trying to eat and get a little work done, time really flew. I did make sure to see Kevin’s talk "Three Amigos: How to Tell if your PenTest was performed by a Silent Movie Star" and Nathan's "Shortcuts through Moria: How Bad Can It Really Be?".
Kevin and Nathan both also participated in Thursday night's Slideshow Roulette. This game consisted of a grouping of pre-picked slides that the presenters had to give a talk about as if they were experts on the subject matter. Kevin ended up having to speak about Yoga and Yoga Laptops. He did really well considering I am not sure he has ever done Yoga in his life. Something I was not expecting was how much I enjoyed seeing and talking to people I met last year, even though it was briefly.
Last year I felt like more of a voyeur, just admiring this energetic community and trying to soak up whatever I could. I definitely felt like more of a participant this time around. I got to spend some time chatting with Tim Medin, Corey Overstreet and Justin Connors from Red Siege, the amazing Alyssa Miller, and everyone's favorite COO from BHIS, The Deputy - Velda Lempka. I also met a few new friends in Red Siege’s Molly Murdoch and Enclave Security founder Kelli Tarala, who actually won
Slideshow Roulette. I can’t express how important this aspect of the con was for me. The contacts and camaraderie and the sharing of information when so many of us spend so much time alone in front of a screen is really energizing.
The last year has been one of incredible change, growth, and learning for me. This conference proved that beyond a doubt. And something I can not stop thinking about is how important these types of events are to our industry. Several people who attended the virtual training mentioned that their employers would either not pay for them to be at the conference in person, and/or that they had to pay out of pocket and use vacation time to attend virtually. I am stunned that employers do not see the value in it. There were so many smart and eager people in that training. Why aren’t they being encouraged and developed in a field with so many open positions?
I had the opportunity to meet up with one of my childhood best friends during my time in San Diego. She has lived there for over ten years and I have not seen her in forever. I had a later flight on Saturday so I spent the morning at her house with her family. Her son is 18 and about to graduate from high school. He is very interested in IT Security so we talked about how he should get started. I left him with one of the USBs that contained the VM for SamuraiWTF and promised to send him some information on training and learning tools. It felt pretty good to be able to talk about what I have learned and been doing and get someone else excited to do the same.
It was a great week, filled with great experiences that I could write 100 pages about. But I will leave you with some of these less technical highlights below.
On the final night, there was dinner aboard the USS Midway and it was even more fantastic than I thought it would be. It’s a WW2 aircraft carrier full of history and memorabilia. Not to mention some amazing views of the bay. It’s hard to believe how huge an aircraft carrier is until you have stood on one.
One of my former classmates Nathali Cano attended the con with her company Scythe who was also a sponsor. They had a booth about three down from ours. We somehow never
crossed paths or realized the other was there. I found out later when she posted a picture on her LinkedIn. I was in the background. Derp. We made plans to meet up at DEFCON.
SCOOTERS. We got Kevin on one. Pics or it didn’t happen? (😂)
Thank you to our amazing Marketing Lead Meghan Olsen for getting this shot while the rest of us tried not to fall over.
A few days before we were on the USS Midway, the Top Gun: Maverick premiere was held on the ship. Tom Cruise was there and actually flew himself in on a helicopter. This inspired a lot of Top Gun conversation at dinner that evening after we walked by and saw the chaos. If you ever get the chance to talk to Nathan Sweaney, please ask him how many times he has seen the movie and what it means to him. I have only heard him talk more passionately about Cybersecurity.
This also led to Kevin deciding there needed to be a fly-by the night we were on the USS Midway. He brought John Strand on board with the idea and John got everyone to look towards the city anticipating a real fly-by. Then Kevin and about 20 other people ran with their arms out making airplane noises past the tables. Want to know exactly what that looks like? You can find the video on our Secure Ideas Twitter page. And make sure to scroll down to see Ean Meyer's post Top Gun Hackers (and yes, he dropped his phone).
One thing is for sure. I have not lost that loving feeling and will be back at WWHF again next year.