An Information Security Community
This is not a survey, consensus or popular poll. This is my opinion written from my viewpoint on how I see this subject. If you disagree with this list or if you agree, please do me a favor and write your OWN list! Seriously if you can’t find twenty things about the industry you work in no matter what it is then it is time for you to look for a new career. I have said it many times to be good at infosec you have to have a passion for it because the people you are up against love what they are doing! So enjoy the read and remember in a job that requires you to see the negative in so many facets of it. Never stop striving to also to seek out the positive!
You will have to ask @dave_rel1k how the hug movement started (more on him later) I just know that one year at DEFCON my friend @tottenkoph was unable to make it and I didn’t want her to feel left out. So I would take different kinds of hugs with people then tweet them to her so she knew we were thinking of her. Then it was over, sort of a onetime thing then another friend @451wendy was unable to go to BSidesDFW so I revived it and I noticed something then. People were smiling after the awkward hug they seemed to be more comfortable talking to me, they would talk to one another after getting an awkward hug or even just witnessing one. To know I could make people happy, to create a moment of spontaneous surreal fun during a normal event was awesome! The main thing I get out of awkward hugs is that people I’ve never met have now come up to me at a conference to ask for one or just to say it’s a great ice breaker. I want to be the guy you can always approach to say hi to. To talk about a problem you’re having or just for an awkward hug. It’s even greater when I see others giving out awkward hugs it’s great to see that at a conference I’m not even at, people are thinking about awkward hugs not about Jayson but about lets be silly and do this awkward hug thing once you have had one there is no more awkward silence or shyness, that gets taken care of quick! So when at a conference or meet up start it out the right way with a hug.
I would love to hear from Dave on how he started giving man hugs but that’s not why he is on this list. The reason is because you can’t talk about nice & infosec without first thinking of Dave. Not only does he contribute to the community by creating tools that will help people he also throws a conference and is always there to talk to you when you’re going through a rough spot. He would give you the shirt off his back if you needed one (sometimes even when you don’t) He is like the Swiss of infosec he has no enemies and is always willing to help when people he knows are at odds with each other I would have to call him THE infosec Mr. nice guy!
I know a lot of peoples reaction will be of course the DEFCON fanboi is going to suck up to DEFCON! Those people then don’t know me very well. I have DEFCON on here not for what it does for me but what it has done for this community that people seem to have forgotten. Think back if you can to 22 years ago how many conferences were there for people interested in hacking and security? Only one for me comes to mind which is the CCC about to celebrate 30 years this year with 30C3 so let’s say the picking were slim in the US (as in nonexistent) Now comes @thedarktangent and friends who made a small party of hackers into a conference that has fifteen thousand people who attend. Looking at it from the math stand point if you’re trying to find someone who shares your interest in a certain tech or facet of hacking/security research the odds are pretty high you will find them at DEFCON. With forums, twitter, Facebook there is no excuse not to be able to. The ‘Oh there is just too many people here to be able to connect with anyone who likes X like I do’ Also look how many conferences there are today and ask yourself if it wasn’t for @thedarktangent taking the heat and paving the way for hacking conferences do you think you would see all the conferences all over the world from China to Cleveland?
I am not just a fanboi of DEFCON there are quite a few conferences that are special to me some that have a huge crowd and multiple tracks plus some small conferences that offer a very local close knit feel to it. DerbyCon stands out by what it doesn’t have which is EGOS (well very few) ;-) You will see speakers chilling out in the lobby and people just coming up to chat or just say hi. @dave_rel1k, @purehate_, @irongeek_adc and everyone else involved has put so much love & positive force into this conference you can’t help but feel it and be refreshed when you attend.
5. Bsides local
I do not endorse every BSides that are out there but overall the BSides movement is a great effort. A few that stand out in a positive way are BsidesAustin BSidesDFW, BSidesSATX and the newest one I had the pleasure of attending BSidesPR. Something about these local BSides is the energy & passion that the organizers have it’s not about bragging rights for them it’s about giving back to a community that they love and it shows throughout the conference!
6. The Breakfast Club
It will come as a surprise to the people mentioned in this club, that one I have a name for it & two I’ve included them in it! Though through the years I look forward to seeing them and catching up in person though we keep in touch through the internet. Most of these people I met through twitter @tottenkoph, @rogueclown, @Niki7a, @biosshadow, @Gillis57, @armorguy, @myrcurial, @Ben0xA, @failOpen, @n0b0d4, @jackiea, @jilly_N, @elizmmartin, @maradydd just to name a few. They are the friendly face, the welcome smile, the concerned shoulder to lean on and the helping hand to reach for offline as well as online. I <3 them for just being who they are and they <3 me right back my flaws and all with no judgment.
I had to add an example of something that is refreshing that we don’t see enough of, people willing to say yeah we screwed up here is the information and what we are doing differently so it doesn’t happen again. When Backtrack’s website was attacked and compromised. There was no major cover up or vendetta on the ones who attacked it (and considering the skill of the people who run that site that should be a relief to the perpetrators) No instead they announced what happened fixed what happened and even left a link to the message on the site. I trust a person, group or company more when they admit their mistakes, not just crow about their accomplishments.
I have met Bill a few times in real life but know him more through his post online. He has faced some very tough issues in his life and still deals with others. Through it all he is an honest and refreshing voice not unlike the man who followed behind Caesar. You know the one that whispers in our ears when all we hear are praises "remember you are a man" Honesty is not always gentle or welcomed but it is truly needed in this industry.
If you have never heard of Brian, that would be perfectly fine with him. He does not seek out the lime light he just does what he does and he does it very very well! He is extremely smart and talented and modest to a fault! He puts his talents to helping others and sharing knowledge. On a personal note Brian came to my aid when I needed it most. He took a tainted, maligned and doomed project, turned it around to a wonderful book that has helped educate others and restored my faith in this industry when I needed it the most!
10. Brian Martin @attritionorg
Remember what I said about Bill “…Honesty is not always gentle or welcomed but it is truly needed in this industry…” Well this is where Brian comes in. Brian AKA Jericho has more love and passion for this industry than anyone I know of including me! Where I offer hugs, rants, talks, etc... He offers WORK he spends countless hours going through books going through sites responding to emails following leads. He doesn’t seek out to destroy people who want to do well in this industry but to root out the charlatans who are corrupting it from the inside! I have not always been on the best terms with him (which is putting it mildly) ;-) But even at the height of our differences I remember one night in Singapore defending him against an attack. They were saying “..he was just out to tear down others and he had nothing to offer the community…” I still stand by what I said then. “Though you may not always agree with how he says something you have to agree that it is honest and is in the best interest of this industry!” I for the record am proud to call him a friend and someone I admire. When I worked with law enforcement I think the main thing that hurt me the most was that the public didn’t understand for a police officer there are hardly any ‘good days’ Mostly every person you meet you’re meeting them for the first time on one of the worst days of their lives. Either because something bad has happened to them or even though you’re there to help you’re still associated with it in a negative way. Then it could be you did something bad and they are there to arrest you and take you away. Now imagine the stress of seeing every day the worst this society has to offer how would you cope? When seeing everyday, people in this industry tarnishing what it should stand for, lying about themselves to dupe others and just basically dragging this industry down into the manure pile I can’t begrudge him the use of snark & a rabid squirrel to help him get through the long nights of fact checking!
My first thought of Jack when writing this is he is ADORABLE! I honestly mean it. He tries so hard to be this gruff, jaded & tired of it all infosec professional. I am sorry but as soon as you talk to him. You hear the passion the resolve he has to make this industry a better place. While others grandstand about how they have done this or that make sure to notice that there’s Jack in the background putting in the hard work to really make it happen.
I will never have the smarts, experience or courage that Wendy has. Though that’s ok I am in a very BIG group of people who fall into that category as well. I remember when I was dealing with my Cancer and through all the positive tweets. I remember the nights I looked into the mirror trying to imagine what would happen if I died the next day how my family would cope and all the things I would miss. I only really had to deal with it for only two weeks before it was removed (though the checkups remind me not to be at ease)! Wendy has faced challenges that put me to shame! She has faced these trials with her laughter & smiles no matter what. Even through all that she has been a strong steadfast knowledgeable voice in this industry. She spreads fact not FUD through honest and well-reasoned analysis. I will never live up to her example but I am glad she is around to give me the courage to try!
13. Conference goers who engage
People who sit in your talk are awesome they are saying. “I am giving you some of my time because I think what you have to say has value…so don’t screw it up!” ;-) Others though go farther they get involved after the talk they come up to you. They ask you questions wanting you to expound on something you said or ask you to back up something else you might have said. They are the ones who do not just want to know something they are the ones who want to LEARN more, to get involved more and to interact with the industry more. They should be encouraged and cherished for without them this industry would wither on the vine!
14. #BloodKode & Bethematch.org
I like BloodKode and Be The Match at DEFCON because through all those people giving blood or registering to be a marrow donor, it shows all of us that no matter what label the media or society puts on us it doesn’t matter. This community is strong and full of caring, generous people who are willing to give their life’s blood to help others!
I see from time to time one person sniping at another and I have to say to myself how much is personal feeling and how much is it a competitor trying to take a swipe at someone competing for the same dollars. So even though I’m technically a competitor of theirs (LOL I’m not really much competition seriously) I have to say that Accuvant stands out for the great people they hire. Every Conference I go to I meet more and more of their employees. I walk away every time feeling smarter and better for it. I am personal friends with almost a dozen of them and they are always humble though extremely smart & talented. They are devoted to the community working to better it through community tools and conferences. Another thing that stands out that was overlooked mainly because of the negative was getting more attention. Was last year at Black Hat, while all these vendors were getting PR and attention for having booth babes, Accuvant was hardly mentioned which is sad. Because they were showing the community how to do it right. Not for publicity not for accolades just because to them it is what it is. They had females at their booth as well. The main difference is they were fully clothed dressed in golf shirts and slacks just like their male counterparts. The difference you had to visit with them to experience was, that they were smart and knowledgeable just like any other person you should have representing your company! There was no gender statement to be made as far as Accuvant was concerned what they had there were employees who were smart & presented themselves at their booth female/male was not a factor at all.
I would never wish on my worst enemy some of the moments I have had to experience in my life. Though if you find yourself on the edge during a dark and abysmal night I pray for you that you have someone like Marcus there to give you his hand & talk you off the ledge! He is the main reason that my book had a second chance. He introduced me to Brian Baskin who restored my faith in this community. He has been a person to call on when I am feeling down and lost. He is someone who makes me feel like my opinion matters when someone as smart and talented as him ask for my viewpoint, it makes me think maybe I’m not as dumb as I appear to be. ;-) He is a true friend and to find one of those in any industry is a rare and wonderful thing. So imagine how I feel to count so many of my peers in this category! :-)
17. Dcgroups, 2600, ISSA, AHA, INFRAGARD meetings
Going to a conference is not the only way to meet people who share your interest in real life. There are gatherings of hackers/infosec peeps from the uber leet AHA meet ups in Austin to the local 2600 group meeting at your local mall/book store/coffee shop, etc.. One of those meetings that stands out to me is a DC group (no not because it’s DEFCON related) :-P DC214 is the local Dallas DC group and even though I live in Oklahoma City it is worth the 3 to 4 hour drive to attend. There is a local DC group where I live but I don’t think I’m cool enough for them and don’t blend well there. That is what makes DC214 so awesome there are no ‘special cliques’ there is only people showing up because they want to learn and share the knowledge they have! If you live within driving distance of Dallas you owe it to yourself to show up and see a community in action! If you can’t get to it then find a way to start your own group in your city!
18. Hackers For Charities
Johnny Long is not only helping people in Uganda. He is helping to take the word hacker back from the media who see it only as a negative. Also he does not do this alone! At the next conference just go to his booth see the people who donate their time and effort to support him. His work is important and the work & contributions from all the other hackers out there is the true meaning of the title “Hackers for Charities” :-)
19. Henry Rollins Rock stars
@41414141, @thedarktangent, @rfidiot, @hdmoore, etc… You know these names because of the things they have contributed to this industry and community. I know them because when I went to my first conference 9 years ago, they gave me a chance and a second chance. I was star struck by meeting them (and by star struck I mean I acted like an idiot, wrote a whole post on that which you can find on defcon.org speakers corner). One story I’d like to share is of FX & Adam Laurie. I was overjoyed when I threw my first conference in China they agreed to take the chance and come speak there as a favor to me. Though what made me respect and think even more highly of them came during the conference. While I huddled in my little group during the lunch and breaks. I noticed that FX and Adam and others were not there they were out among the attendees talking to them having lunch with them. Take it from a fanboi that might not seem like much to you but for a conference goer that probably made the whole conference for them and inspired them even more! Over the years I still consider them some of the top people in this industry and they still act like they are just one among many. They will stop in mid conversation when an eager fan comes up to ask a question or to get a picture. They never act like they are entitled to the praise. They show up to the conference to be a part of it not because it’s all there for them! So when you see some of these self-proclaimed rock stars preening around the conference with the 2 or3 people who’ll put up with them. Ignore them and seek out the people who are sharing the information without asking for you to pay homage to them first!
20. You! Yes you!
Since there is only a handful of people I’m not overly fond of in this industry chances are pretty high I’m talking about you! :-) There are so MANY people in this industry who are not ‘known’ but have an impact and are making a difference every day. Maybe not a world renown or make the headline kind of way but in my personal life a difference none the less. There is @kailx I see her at ShmooCon, DerbyCon and DEFCON she is quiet and shy but always has a smile. She also has that smile when you find her ripping networks apart at the CTF she usually competes in! There is @lvdeijk who years ago was introverted and unsure, not quite ready to find his voice who now is one of the voices of the @ProjectHoneynet which is one of his passions and a place he has been a force for good in! Then there is @Ben0xA who went from the guy going to his first conference at DerbyCon 1 to the very next year giving one of the best talks I’ve ever heard at DerbyCon 2! Then there is @KDPryor & @jgarcia62 putting their lives on the line during the day and helping the community they love by night. Then there is YOU the ones who share my laughter when I post an #AwkwardHug who comfort me when I’m feeling down and unsure of myself. You keep me grounded, you keep me honest, you keep me inspired but most importantly you keep me company! I have found myself in some very isolated parts of the world with no one around but never alone. For you were there to reply to my tweets letting me know that I was never alone and the adventures I had were being shared by friends who cared. I like you the college student who look for knowledge beyond the school because it’s the passion of learning that drives you not the goal of a good job! I like you the blog writer, the security researcher, lecturer who has knowledge that will benefit others and you take time away from family, work and personal time to share it for everyone. I like you who have come up to me to talk to me to disagree with me to laugh with me to cry with me. It has meant so much to have an industry where through the very technology we work with and secure, keeps us in touch and connected. Remember this is my list of things I like and you are on it and I hope if you write one I am on yours as well!
<3 your friend,
Jayson E. Street
(The awkward hugging, pizza eating, Diet Pepsi drinking, DEFCON Fanboi who will always have a smile and hug for you)