When I was recently appointed as Shadow Assistant Minister for Cybersecurity I knew straight away what my first move would be — booking tickets to Las Vegas for Hacker Summer Camp! Having worked in and around the sector for years before going into Parliament, I’d heard plenty of stories about Def Con, Bsides and Blackhat. With tens of thousands of infosec experts from around the world it was the perfect place for a crash course in a new portfolio. I’ve had a few weeks to recover and reflect now, so what did I take away from my first Hacker Summer Camp?
Hacker summer camp felt more like attending a week-long indoor music festival than a professional conference. Dozens of conference streams, workshops and social events across multiple Vegas strip casinos meant that even with military scheduling, you could only see a fraction of what was on offer. So I went with the flow and checked out whatever looked interesting. I had heard a lot about the Def Con capture the flag contest before my trip, but I learned pretty quickly that for a relative layman, it was more exciting to hear about than to watch in real time. On the other hand, after a few hours of watching I was convinced you could turn the social engineering CTF into a successful reality TV franchise.
The one thing I heard loud and clear from the talks I saw was that many of the thorniest security challenges were primarily about people and institutions rather than technology. Whether it was exploiting GDPR obligations for identity theft, integrating cyber-insurance with vendor security offerings or building resilience to information operations through democratic institutions, my big policy take away was that the wetware challenges were generally bigger than the software or hardware ones.
I wasn’t the only politician there hearing this message either. Infosec isn’t just fundamental to our economic prosperity these days, it’s also on the front lines of a new age of geostrategic competition. There were other political figures like US Senator Ron Wyden, Representative Ted Lieu and policy makers from around the world trying to learn from the infosec community too.
Some of the stories I’d heard about Hacker Summer Camp in the past weren’t nice ones, particularly when it came to the way the community engaged with women and people of colour. I was impressed to see a community that was making a real effort to be more inclusive to people from different backgrounds. The conference codes of conduct were ubiquitous and the speakers were more representative than the conference attendees. Still progress to make, but heading in the right direction.
All in all, I had a blast and learned a hell of a lot. Thanks to the Aussies I met over there who showed me around (and shouted me a beer). I’ll be back next year — so if you’re heading over sing out if you want to grab a drink! In the meantime, if you want to talk to me about Australian cybersecurity policy, I’ll be at this year’s Australian Cyber Conference for the duration and I’m keen to meet as many people as possible. The weather might not be as good as Vegas, but given it’s in Melbourne, I know the coffee will be better!
(This piece was first published in the AISA Members Newsletter).