A Non-Hacker's Guide to the GrrCON 2019 Galaxy
I am not a security expert. I work for security experts—really knowledgeable and kind ones, but, nonetheless, I am NOT a security expert. To help you understand just how much I am NOT a security expert, I’ll share some facts with you:
Until I started working for CG Silvers Consulting, I used some version of the same password for everything. (I still do, but they will read this blog, so I’m going to pretend that I’ve changed my wicked ways).
I recently wasted two days, an abundance of curses, and MANY, MANY tears trying to make some files smaller so that I could upload them to a website.
If something goes wrong with any of my technology, I have only one tool available: restart my computer and pray.
I’m not dumb, I’m just not a security expert, computer wiz, or cool hacker. My expertise leans toward how to use the oxford comma and analyzing Walt Whitman’s poetry. So you can imagine that when I started working for CG Silvers Consulting and the Silvers invited me to GrrCON to help with the OSINT CTF last October, I accepted the invitation with some trepidation. It would be my first security conference ever. What would these knowledgeable, highly experienced computer people make of me? Would I feel awkward? Would I be able to learn anything given my fairly basic understanding of the cyber security world?
Despite these misgivings, I boarded the plane on October 23 with a fair amount of excitement and headed to Grand Rapids, Michigan for the 2019 GrrCON Cyber Security Summit & Hacker Conference.
If you’ve ever been to a security conference, you can probably imagine how this story ends, but if you’ve never been to one, let me assure you: It was an awesome experience! Here are the highlights from my first CON ever.
(1) Pre-Conning: The Wednesday before the conference began, many of the presenters
and attendees gathered at Z’s, a local bar known for its laid back atmosphere, pub grub, and karaoke. This was my first real exposure to just what kind of people are interested in cyber security conferences, and I learned that they are funny, smart, and welcoming.
Many of them are also whiskey drinkers. Whiskey is not my alcohol of choice, but in order to fully embrace the GrrCON experience, I decided to keep an open mind. Fortunately for me, Jeff Man, Chris Roberts, and Dave Schwartzberg were on hand to expand my horizons. I gained a newfound appreciation for the complexity of whiskey, but more importantly, I realized that this was a group of people that wanted to share their passion and their knowledge, whether for whiskey or cyber security.
(2) VendorCON: Thursday was the first day of the conference, and after we set up the CG Silvers Consulting booth, I decided to explore the vendor area. With the help of the experts and friendly conference attendees at the lock-picking village, I learned how to pick a lock with 3 pins. Y’all, I cannot explain the satisfaction I felt when the lock released…in the animated version of this experience, there would have been fireworks shooting off in the background and angels singing “hallelujah.”
I also wandered over to the BattleTech gaming pods. Basically, these pods allow players to have an immersive video game experience. My intention had been to simply listen to the MechJock representative explain the rules, maybe take some pictures…but the next thing I knew, I was in a pod ready to do battle with unlimited ammunition and unlimited lives. I had no idea what I was doing, but I had a blast. One of the coolest parts of this experience was the print out every player received afterwards of our “mission highlights.” It read like a sci-fi adventure novel, and I was happy to see that I had one kill to my name. (I was also killed six times and had the lowest score, but those details dim in light of my glorious vengeance on some dude named Tony.)
While at our CG Silvers Consulting booth, I was able to chat with attendees of the conference. Of course GrrCON attracts experienced hackers, but I also met a number of people who were just starting their careers in the cyber security world or who had just discovered hacking as a hobby. This conference made a space for everyone.
(3) OSINT CTF: Friday brought the main reason we were there: to run the Open-Source Intelligence Capture the Flag contest (OSINT-CTF). I have been learning about OSINT and Social Engineering and CTFs for the past six months, but I had never actually witnessed a game being played. For this particular OSINT-CTF, players had registered before the conference started and were playing solo. That meant that during the game itself, there wasn’t a lot of talking or hand-to-hand combat. However, you could literally see the intensity of the players! Having tried (and failed) myself to find answers to some of these Open-Source intelligence questions, it was fascinating to see the paths that our contestants took to successfully find the flags.
One of the best parts of the contest was that when the game was over, players spontaneously began discussing with one another which challenges were the most difficult and what strategies they used during the contest. The camaraderie was tangible, and it made me even more excited for some twists that CG Silvers Consulting is planning for the next OSINT-CTF at NOLACon 2020, which include two-player teams and a panel after the contest to get a peek at what goes on inside the hacker mind during a CTF.
(4) PostCON: After the conference was over, the Silvers and I went to dinner at the
B.O.B., a well-known Grand Rapids venue that has several restaurants and entertainment options. @MrJeffMan, @DShwartzberg, and @MsAmberWelch were kind enough to invite me to another first: a cigar bar. Maybe it was the fact that the smoked whiskey cocktail I had was delicious; maybe it was the fact that that I felt like someone out of The Godfather with my cigar; maybe it was the great company and conversation—whatever it was, this evening was a wonderful way to wrap up my first hacking conference ever. Did I later pay a price for my night of indulgence? Indeed, I did. But you know what? I’d pay it again.
Reading articles on cyber security and listening to speakers at the conference have helped me become more informed and mindful about the existence and pervasiveness of cyber threats--dangers that not only threaten businesses, but my personal digital security as well. However, meeting so many people who are involved in the cyber security industry was reassuring. These are passionate individuals invested in making the world safer and more secure, and I’m glad that I got to spend a few days getting to know some of them!