Hacker Joy
During the rise of Stitcher, Pandora and Spotify in 2013 I was looking for internet radio I felt was more controlled by your everyday people. Like pirate internet radio. With some light searching I came across Soma.fm which I was excited to find was based out of SF, not far away. While scrolling through different channels I found DEF CON Radio. I clicked over and realised it was for a convention. With some curiosity and my decade of experience honing my google-fu skills I began to dig into what DEF CON was.
Making computers do odd things was something I was already familiar with, but a whole con for that? I got excited, but like most things in life, I put a pin in it and said, “maybe some day.” I was working at Geek Squad and going to college at this time. Affording a convention, let alone tuition, was aspirational. While working toward my Computer Science degree I became more interested in malware. I was tired of watching how it devastated small businesses in my area and did the best I could to help get them going with new reliable equipment and active protection. Being on Twitter allowed me to be connected with everyone, big and small, to stay current on malware or infosec news. Following all these people meant every August I’d hear and read about DEF CON. This network that DEF CON cultivates helped me find people like Amanda Rousseau (@malwareunicorn) so I could practice her reverse engineering guides.
Listening to Soma.fm kept the hum of DEF CON dancing in the back of my mind as I studied and worked late into the night for years toward my degree. As I was graduating I was also taking note that the DEF CON space seemed welcoming to people like me, a closeted trans-woman. I found inspirational hacker trans women through the DEF CON social grapevine that showed me it’s possible to live as myself and be taken seriously for my skills. Seeing these examples helped me have the courage to come out openly as trans a couple years after graduation while working my first corporate job.
After coming out I made fantastic new connections online and was welcomed by many in the DEF CON community. That’s not something I’ve traditionally experienced by any community. By simply being me I kept gravitating closer to others within the DEF CON community online until I found myself completely nested within infosec conversations. That’s when I realized I had found some of my people and I needed more of what I was finding.
For years I looked for ways to bring DEF CON to me. Affording the con itself was still nowhere near a reality for me. I was working at a corporate help desk and trying to survive through the COVID-19 pandemic. I had heard of DEF CON Groups but there didn’t seem to be an active one in the area at the time and starting one during COVID-19 seemed more ambitious than I wanted to be. I instead tabled the idea and began poking around different social circles. My brain is a sponge that likes to learn and everyone in the DEF CON community has something fantastically unique to teach. I enjoy talking to most people in the DEF CON social circles.
I would stay connected to the DEF CON community to practice what I was learning at work and be a good samaritan. Obviously, like a lot of us, we work out of scope at our day jobs to help others stay secure. My job involved Human Services and I felt by taking a security first approach in my role it would better serve the people interacting with my apps and devices. The DEF CON community is quick to point out concerns that go beyond just technical and when they have real impact on human lives. Staying connected with the “human” part of DEF CON has helped me hone my technical skills and security mindset to keep some of the most vulnerable peoples information secure. Taking this approach has helped me with my career as leadership has recognized taking the secure approach and bringing current information to the team is beyond my normal duties. By following the culture set in place by the DEF CON community it’s helped me work my way from help desk to being the Subject Matter Expert for my area, a Technical Lead and an engineer for custom solutions/devices.
By taking the lead by example approach I’ve seen from the DEF CON community, I helped pick back up my local DEF CON Group to let it grow. For over a year it was fantastic to see happy humans enter the door to find more people like them. To have their DEF CON at home. Many life stressors and recovery from a serious surgery led me to leave my local DEF CON Group knowing it was healthy enough to stay alive on its own. Spending time within a DEF CON Group helped solidify my need to go to Vegas to find more people like me. Also to give hugs to many of the friends I had made online over the years.
My girlfriend, Kat (@usrbinkat), and I both work in tech and really were excited to go to DEF CON 33. I had made 2025 the year I planned to go to as many security cons as I could afford, and she was happy to join me. We drove to BSidesSF together where we were spoiled with movie theater seating for each talk.
She had also never seen the hills from the Windows XP background before so those were fun to drive by. I pretty much never left the room because it was so comfortable I could talk myself into staying for the next track. I will forever compare all cons to BSidesSF level of comfort. The people at all the villages were very engaging and technical. It was a small taste of what I was looking for out of DEF CON.
Later that year I found myself at RSA where I felt incredibly out of place. I only stayed for a day and drove back home to Sacramento because it didn’t feel like a welcoming space for me. Everything just seemed hollow. I also went to Cisco Live which felt more like a state fair with shiny new tech. All of these experiences combined just proved further why I was trying to make my way to DEF CON.
A couple months pass by and it’s time to travel to DEF CON 33. Kat and I are making our way down to Vegas, NV from Sacramento, CA by driving.
I’ve driven enough of Highway 99 for a lifetime so we chose to go up through El Dorado and into Nevada. We found all kinds of amazing beautiful nature as we traversed from the mountains during the day time to down into the desert through the evening.
Our Route to Vegas
The route was filled with interesting roadside attractions that we couldn’t resist stopping at and googling as we passed by.
Goofing off for 10 hours in the car is one of my favorite parts of road trips and glad I have someone who can match the energy.
For badge and merch day we were there in the morning to make sure we got our physical badges.
The lines were confusing. Most goons I asked didn’t seem to know which line was which. Eventually we made our way far enough to one end of the convention hall where other lines were forming. The only reason I knew it was the right line was because I overheard someone ask a Goon for confirmation. As a person who’s worked for years to develop linebuster devices and build lobby experiences, it was hard to deal with. However, I still enjoyed my time in linecon once I figured out which line to be in. Eventually we got our badges and made our way back to the hotel to continue unpacking and prepping for day one of DEF CON.
We made use of the Hacker Tracker App and booklet we got with our badges to plan out the areas we wanted to invest time in. We planned to basically hang out in the Adversary, Policy, and Malware villages and float to associated talks. You’ll see how that plan went.
Day one of DEF CON and we both hit the floor.
I’m excited to see AIMal be demo’d as I’m currently working on a AI-Assisted Malware Reverse Analysis program. I wanted to see where threats are moving and how they’re transforming to best build my tool.
AIMal was horrifyingly cool and gave me a new sense of urgency to build my project, Athena. After the demo we made our way to a DEF CON Groups discussion to meet some people I hadn’t gotten the opportunity to say hi to when a part of my local DEF CON group. Kat and I decided to break for lunch and that’s when I came back on my own to meetup for another DEF CON Groups event. I got to meet new friends in line and have some great conversations. I also got to give a hug to a friend I had only known online (@Blenster). I was so happy to see them enjoying the energy of the room. Later I met up with my girlfriend again so we could catch a talk, Secure Code Is Critical Infrastructure with Tanya Janca. We loved every moment of the talk and it charged us both up to be the policy nerds we didn’t know we were.
Later that evening we dropped into the Diana Initiative space to play with some Lego and interact with others before returning to our rooms to prepare for day two.
We’re a bit more sluggish with day two and not looking to get into any particular talks in the morning.
A friend (@inclusivelittleunicorn) was hosting her own con, Polycon, within the Queercon space so I wanted to make sure I showed up to support her. During my time there I was able to talk about personal projects with a couple other people at my table. I was so excited to see everyone else’s projects which led to some great professional connections. Our conversation subsided and the group table disbanded. Suddenly, I was hit with a panic attack. I was locked at the table and not sure what to do. I took my Gabapentin and then chose to start coloring a picture that was at the table with coloring pencils. Having the comfy space and something to distract myself with as the Gabapentin worked its way through my system was exactly what I needed. I appreciate spaces like this exist at DEF CON. After my panic attack had mostly subsided I said hi to my friend, traded stickers and was off to my next talk to line up for.
I made it a priority to the community talk for Veilid. I wanted to help with the project and needed a little more insight for alignment. I was happy to talk to others helping. Sometimes face-to-face meetings can be incredibly helpful with making everyone feel more comfortable working with each other. I was surprised to see how many people showed up. I felt there should be more advocates for something like Veilid as our information era is crumbling before our eyes. If you haven’t heard of Veilid, I highly suggest you check it out and see if you’re able to contribute. After the talk Kat and I left back to our room to rest until dinner.
The last day we didn’t make plans. Just a day for us to check out a few things on the floor and see what’s left at the merch booths.
While wandering the floor Kat saw the Red Team Village was doing an exercise on exploiting Kubernetes. After a little bit of time Kat had realized that the advanced skills were her day-to-day basic skills she uses in her job. The light on her face when she realized she was ahead of the average hacker was priceless. While Kat was working on the Red Team challenge I wandered the floor and met some people at the Malware Village. I was really excited for the Malmons and was happy I got a chance to thank Lena Yu for helping create them.
We continued to wander and were able to catch another panel that Tanya Janca happened to be on with others in the AppSec Village.
We stopped in and had a seat to listen. It was a great conversation on how to build tools and policy to keep the issue of AI slop and unsecure code at bay.
We headed over to the merch area to get some hardware from Hak5 and took a look at some other merch booths until we got in line waiting for the closing ceremonies.
While waiting for closing ceremonies my right leg had finally given out. I have neuropathy in my right leg and foot from past back surgeries. I was proud of myself for making 95% of the con after struggling through BsidesSF. I leaned a little on my girlfriend and my left leg to keep myself vertical. Closing ceremonies were appreciated but were a little long for me. I can’t sit very long, especially in molded plastic. Sitting for hours listening to stats was difficult to focus on while my body was aching from walking all weekend. I wanted to respect the time put into the con and the efforts in reporting so I stayed for the ceremonies instead of leaving early. Eventually, we left for our rooms and began packing to checkout the next morning. We’d had enough of the Vegas heat and dust.
We took a slightly different route coming back home. Instead of following along the Sierra-Nevada border on the way back up we cut through most of Central Nevada leading to Reno. This meant we got to see a lot of the new tech development taking place in Sparks, Nevada. I didn’t realize on the other side of the mountain was a developing tech city. Sparks has a number of renewable energy and datacenter companies popping up all near each other. However, like we already noticed when getting closer to Sparks, their highway is not meant to handle the kind of traffic those jobs will draw. Another note is there’s little to no water run off near where they’re building. It seems they’re going to take a page out of central CA’s book and drain their local water aquifers in the area for these “farms.” It’ll be sad to see how the area develops over time. Especially since it seems the people currently surviving off these aquifers are part of the Walker River Reservation.
We’ve been home for about a week and I’m listening to Soma.fm while writing this (love Groove Salad).
Over a decade of tunes helped bring me back to the hum of DEF CON no matter how far I stray. Which is what I think DEF CON is all about, the culture. It’s permeated our music, the way we communicate with each other, along with the ethics and morals we share. Without that culture many of us would be lost and I feel that’s something worth cherishing and protecting.
I can see DEF CON is still growing. They stumble like many of us. As a fellow 33 year old not understanding how I got here or what to do, I get you DEF CON. I’m happy that despite all your criticism you make an effort to always be better. I’m happy to grow together and spread the hacker joy you were so kind enough to share with me.
With much love,
Kali J. <3
