Thoughts from DerbyCon VIII “Evolution”

DerbyCon VIII Evolution

So I’m sitting here in the airport on my way back home from DerbyCon. I’m in town for ~24 hours before I have to head back out on the road to Omaha and St. Louis for a few days. After such a great time at DerbyCon, I’ve decided to try my hand a little more with blogging and deriving some original content. The hardest part about this whole thing is PRODUCING ORIGINAL CONTENT.

So anyways, I decided to jot some notes down about the conference, please feel free to let me know your thoughts as well.

Rolling Solo

I could write multi-volume books on my experiences with hotel rooms (that’s not a bad idea TBH). Needless to say I’ve tried tweaking things to get the best experience at the lowest price.¬† This time I tried rooming solo. It was an extra cost, but I justified it with booking a hotel about a half a mile from the Marriott where the conference was being held at. The room was perfectly fine. It felt a little…isolated. I think it would have been better had I booked a solo room AT the Marriott instead of off-site. That way I could re-charge back in the room without having to make a trip out of it. I tried to do that, but the hotel was booked up well in advance. I recommend booking your hotel rooms ASAP. Some hotel chains allow you to book a room up to a full year out. Their cancellation policies allow you to cancel up to 24-48 hours prior. If you’re even considering attending a conference in the future, I’d recommend trying to lock in a room if you can.

Additional Packing Items

  • Allergy Medication.
    • I’m not sure why, but I had multiple violent allergy attacks this last week. It sucked. I always keep a bottle of Afrin with for a nasal emergency, but this required significantly more heavy artillery. ūüôā DayQuil Severe, Muscinex D,¬† were life-savers but OMG so freaking expensive! I know they were much cheaper at Wallgreens’ or CVS, but when I’m sick, I’ll pay out the root to feel better. Next time, just pack the meds in advance.
    • Ear Plugs.
      • I have ear plugs, but I only keep them in my toiletry bag. I’d recommend moving the ear plugs from the toiletry bag to the EDC back. For me going forward, ear-plugs will be¬†mandatory¬†for all live music.
    • Hand Sanitizer
      • A lot of networking goes down in the halls of DerbyCon. Lots of hand-shaking, awkward hugs, fist-bumbs, etc. Lots of opportunity for germ exposure. Again, I had hand sanitizer and wet-wipes in my toiletry bag, but not in my EDC.
    • More Cash
      • I tend to do most of my spending with credit cards and don’t carry a lot of cash on me. However, for future conferences, I recommend taking a lot of fives and singles.¬†People like bartenders, merch vendors, and artists often can’t take credit as easily.


I’ve heard bad things about the electric scooters “littering America’s Downtown”.¬† Honestly, I thought they were fantastic! Although this is by no means the only answer to the Last Mile challenge,¬†It’s definitely a fun option!

Bird Scooter

  • Pros:
    • It was cheap! Most times riding from the hotel to the convention, it cost me about $1.50 per ride. At the very end of the conference, I had to ride the scooter from the venue to the hotel, back to the Marriott, then back to the hotel on a single fare. Total $8.00. I really liked how I could lock the scooter, go inside and do whatever I needed to do (pick up an AC adapter in my case), and not lose your scooter.
    • It’s FAST. It really made a difference getting from point A to point B. I was less tired and I was able to stay longer because I knew I didn’t have to walk as far.
  • Cons:
    • They were hard to find and in high demand.¬† I wasn’t really happy that i had to walk several blocks away in the wrong direction in order to find a scooter. No one wants to see those scooters littered everywhere, but at the same time, if you can’t find a ride, you are out of luck
    • It’s FAST! I know I said it before, but those scoots have some speed to them. I did fine steering the scooter, but the concrete was extremely rough and bumpy. I wouldn’t trust my parents or my kids on one of these things. I felt more comfortable riding on the sidewalks even though I believe you’re supposed to ride on the streets with them. Either way, I don’t think the general public (myself included) is fully versed in how to ride these things.

See More Talks!

I’m very lucky in that I have an amazing job that I love. One of my most favorite things to do is speak and work InfoSec conferences.¬† ¬†The drawback to this is that I don’t often get to attend the conferences. I’m too busy working. Instead, I’m working the booth, meeting with clients, taking a webex in the hallway, or something else keeping me from learning.¬† My goal for this DerbyCon was to see as many talks as I could. Between the printed materials and the Hacker Tracker App, I was able to always know where I was headed next. One thing that i REALLY liked about DerbyCon was that I didn’t have to wait in line like you do at Defcon. I think there was one session (Sean Metcalf’s talk) that was filled to capacity and they were turning people away. Outside of that one talk, it was really nice to know you could see any talk you wanted to without having to miss the previous session waiting in line. Next year I’ll see more talks.

See Less Talks!

I didn’t get the full DerbyCon experience. I don’t see how anyone could. There’s just too much to see and do. I wanted to participate in the Lockpicking village, the multiple CTF’s, chill and learn with the Vendors, but I was too busy enjoying the amazing talks. I missed out on Hacker Jeopardy and Who’s Slide is it Anyway. There were so many things to see and do, but things like the body’s need for sleep or food because too much to overcome. Next year, I’ll watch the talks on and hang out and do more activities.

Overall, there’s no one correct way to do one of these security conventions. Do what works for you. I’ll continue to tweak my experience till it works for me. Hopefully you picked up a few tricks to help you as well.

NTXISSA March 2018 Monthly Meeting – The Hackers Toolkit

I’m excited to announce that I’ll be speaking at the March 2018 North Texas ISSA chapter meeting. I’m planning on presenting the “Hacker Carpet Bomb” aka “Hacker’s Bag of Tricks” aka “Hackers Tooklit” presentation. This talk consists of nothing but live demos. Anyone who’s done IT presentations can tell you, live demos are dangerous. They rarely go right. Having a talk that consists of nothing but live demos is straight up insane. I’ve done this talk a handful of times. Not once has it ever gone perfectly, but that’s also the charm behind it. Exploits, even in perfect environments, sometimes fail. That’s part of it.¬† Here’s the demo’s I’m planning to present

Between now and then I need to find a device I can destroy on stage. If you have something you don’t mind literally going up in smoke, please let me know.

So please come out March 15th at 11:00AM. I’m sure it’ll be a fun and eye-opening event.



Information Security Groups of Dallas/Ft. Worth

Last week when I was presenting to the NTXISSACSC4 conference, I mentioned a lot of the groups around DFW that are alive and well. A lot of folks were unaware of all the groups and wanted a list of them all. So here it is. Here’s the list of all the groups, that I’m aware of.


Also, check out the DFW InfoSec calendar. It lays out all the events quite nicely. I highly reccomend you check it out.