DEF CON Cancellation: An Open Letter
The DEF CON staff and I have mutually agreed that the DEF CON conference will be canceled this year and we will not be hosting future conferences. DEF CON has been an incredible experience for myself and many others and it is very difficult to make this announcement. But, it is time for us to move on to bigger and better things. Over twenty years ago, I organized a party for a small group of friends. That simple get-together spawned what is now the largest and most well known hacker convention. As I said, that was over twenty years ago. Myself, the staff and all the others that have contributed to making DEF CON what is have done a lot of growing, made careers, built businesses, started families. We're not teenagers with enough time on our hands to organize parties for our friends, let alone 10,000 of them.
I'm sure you've noticed that some of our key staff have retired. It is very difficult to find replacements. The amount of time, frustration, sweat and tears involved makes it a job few will take on. I've considered passing the conference to a younger generation, one that has the time and energy to run it. But, it is just too large and complex for a green crew. I think that it is more fitting that we retire DEF CON now, while it is at its best, than let it collapse under its own weight.
I've created this site to be the official announcement page. The existing DEF CON site, while it may still have activity, will be archived and retired. Discussion boards will be closed. It is important that we preserve what DEF CON was and its influence on the security community.
I would like to take a few paragraphs to discuss how we should move forward in a post-DEF CON world and I think it is important for hackers to understand how the security landscape, and the Internet as a whole, has changed over the past few years.
As I mentioned, all of us have grown since DEF CON started. As you grow, you to start to see the world in a more complex and mature manner. Blind idealism fades away and a mature practicality is realized. This is something we all go through as we enter adulthood, take on responsibilities and make our way in society. I've had a lot of changes in my life and outlook since I started DEF CON. I've had some serious struggles resolving the person I was and the person I've become. If you knew me when i was seventeen, you wouldn't have believed the organizations I ultimately worked for. You might have even called me a traitor to the hacker community! But, I guess that's my point. Things change.
Hacker to Security Professional
I believe that we are in a post-hacker world. We still need innovative security researchers but we need professionals. We need to shed the "hacker" persona that is denigrating us. We should strive to be professionals, making the Internet a safer place rather than exposing vulnerabilities that can be leveraged by criminals and terrorists. This is why I'm going to encourage you to attend professional security conferences like Black Hat, RSA, SANS and others instead of hacker conferences.
The tide is already turning. Many of our Black Hat presenters make their presentations at DEF CON. It is clear that the reputable researchers are actively engaging the hacker community, persuading them to join the ranks of the professionals. This can also be seen in the number of recruiters attending Black Hat. I've asked government representatives to stop attending DEF CON so they can recruit professionals from Black Hat. These recruiters are looking for security professionals not sketchy hacker types. It is a disservice to have them attend DEF CON.
It is my belief that attendance at amateur conferences such as ShmooCon, Summercom, Toorcon, HOPE and even CCC will soon begin to dwindle. As current attendees mature they will become the next generation of security professionals, not hackers. What I've said is probably disturbing to some of you, but it is our current reality.
Professionals have professional credentials. If you want to participate in the security industry, you should obtain the appropriate certifications. ISC2, SANS, EC-Council and many vendors offer well regarded security certifications. They are critical to demonstrate security expertise to employers. Without them, you are just another armature boasting your eliteness. Many in the hacker community criticize these certifications. As you can imagine, the critics are the ones unable to attain these credentials.
I know there has been concerning news about the NSA overstepping its bounds regarding data collection and the US government's lack of action. I have worked closely with many government officials. What may appear as an erosion of our constitutional rights, are actually programs critically important to the safety of our country. Without the NSA data gathering programs, there would have already been a "Cyber 9/11". Unfortunately, I can't reveal the details to support this statement but, knowing my honestly and character, you'll have to take me at my word. There are others in the security community that have access to the same information. While they may be reluctant to discuss the issue, as they may be under threat of imprisonment, they know this is true. I wish I could expound more.
Some privacy zealots will say, in the olden days, you could just "go out behind the barn" to have a private conversation. Of course, that was never true. Jimmy was always up in the loft listening. Mabel, the operator, was always listening on the phone line. We never had privacy. These people have built their unobtainable privacy demands based on falsisms and self delusion. The world never functioned this way and it won't in the future. Only in the last few decades has privacy become an issue. Coincidence? Did DEF CON expose privacy issues or did DEF CON cause and perpetuate privacy hysteria? Certainly we need to prosecute credit card and identity theft but your daily activities, the people you associate with and your conversations should not be assumed private. If you tell one person something, it isn't private anymore. That's obvious.
"If you have nothing to hide, you've got nothing to fear". That's a much
derided quote but, honestly, you know it is true. Your parents and grandparents knew it was true. This is a, Christan-based, truism that is fundamental to our society. Those who criticize are looking to hide their crimes, plan on committing crimes or romantically think, some day, they'll do something daring and rebellious. You know when you've done something wrong. It is better not to do it in the first place or just come clean if you have. This is how people live real life. You should live it that way on-line.
I could go on for pages but I thinks it is better to wrap it up. I plan on writing a book covering many topics during my growth form a hacker to a security professional. Feel free to approach me at Black Hat or other conferences to discuss these issues. Again, I thank you for all your support these many years.
Best of luck