Earlier this month, we returned from DerbyCon IX in Louisville, Kentucky. Knowing that this year’s DerbyCon would be the last of its kind made the weekend bittersweet. From trading favorite stories with old friends to hearing about the real impact that DerbyCon has had on attendees, each day brought reminders of some of our favorite moments from the past nine years, and, of course, added some new ones. You could say that we’re still nursing a bit of a “love hangover” from all the emotion we imbibed. (Seriously, it’s from the emotion. We swear.)
This year, several DerbyCon attendees acknowledged some small role I played in their cyber security journey. It was affirming, flattering, and humbling. The conversations I had with former students, and, in some cases, complete strangers, were my personal highlights from DerbyCon IX.
The warm and fuzzies kicked off on Friday as we were setting up the room for the OSINT-CTF taking place the next morning. Jeff, a former student who had taken my “Ultimate Hacking: Humans” course in 2013, dropped by just to say hello and tell me how much he had enjoyed the class—a class he had taken SIX years ago. I enjoyed catching up with him and appreciated his kind words about the class.
While reminiscing with Jeff, I asked about Jason Lang, a student who had also taken the class in 2013. Jason began the class a little timid, but I saw real potential in him. I was curious about what had become of Jason…and learned that not only had he gone on to have a highly successful career in cyber security, currently working for one of the DerbyCon sponsors, he was also teaching a class at DerbyCon IX! Later, Jason himself stopped by and told me that even though he had known he wanted to go into security and penetration testing before he had taken the class in 2013, the class had given him the confidence to pursue that dream. And to think that I had played even a minor role in inspiring that confidence? I mean, cue the tears, y’all.
Finally, I was fortunate enough to hear from another DerbyCon attendee while participating in Chris Hadnagy’s panel discussion on vishing professionally versus vishing competitively. During the discussion, the panelists brought up the motivational effect a supportive audience has on the competitors, and I referenced my own experience at DEF CON SECTF 2016, when I received a standing ovation after a particularly successful call. I can still vividly remember this moment—it had been electrifying! So here I am at DerbyCon 2019 and a woman listening to the panel discussion stood up and shared that not only had she been a part of that standing ovation, but that watching me make that vishing call was the moment she knew she wanted to pursue a career in social engineering. Now three years later, she manages a SE team.
Look, cyber security is not exactly a touchy-feely industry; no one becomes a security expert to receive handwritten thank-you notes and warm hugs. What we do is important and necessary, but we’re not curing cancer or ending global warming, right? So it’s easy to forget that what we do—both for businesses and for people—has a real impact. DerbyCon IX reminded me that as “techy” as these conferences can get, it’s still all about the people. My takeaway from the weekend was simply that we never truly know how the little things we do or say affect those around us.
I was truly touched to hear from former students and fellow attendees; that acknowledgement is powerful. It made me reflect on the many people who’ve inspired me over the years, whether through an engaging conversation or simply by taking the time to teach me something new. My plan is to reach out to some of those people and let them know that I appreciate them. If you have the opportunity, maybe reach out to some of those people in your life, too.