« A Fictitious Story (Shmoo+Snow=Conspiracy!) | Main | RSA 2011: Books! Talks! (and where I'll be) »

ShmooCon 2011 After-Report

I don't attend many hacker cons because, quite frankly, I'm not really the hacker type. No, no... it's true... I'm more of the corporate wonk type with a penchant for strategy, architecture, policies, and the like... all important things in infosec, but things that are not generally featured or of interest to hacker cons. Nonetheless, I go, hoping against hope that I'll see something interesting and that at least a couple talks won't be so poorly constructed or delivered that I'll either flee or fall asleep.

For this year's hacker con adventure I opted to attend ShmooCon, which I think I'll now add to the annual schedule (especially given the low cost and easy proximity). It was a decent experience with the requisite number of "omg we're so screwed" moments, coupled with all the social attributes necessary to make the event fun. I learned a few things, but mostly have ideas for the future. As is typical of my previous experiences attending a specific con for the first time, I know that my next attendance of the con will be better because I'll know the ropes a bit and have my expectations better adjusted.

So, without further adieu...


The event was held this year, for the first time, at the Washington Hilton Hotel, which is where Pres. Reagan was shot in 1981 (if you look at the pictures there, this shows the entrance at the Terrace level where the conference was held). From that perspective, it was kind of interesting/curious/surreal to be at such an historic place. But I digress...

The Hilton was recently remodeled, touting highly limited sight-lines everywhere, and overall the venue seemed to be very nicely appointed. There were, however, a few oddities. The main ballroom where the opening talks were held, and which was later split "in twain" (to quote King Bruce), was less than ideal. As Jack Daniel said, "Every seat has an unobstructed view. Of columns." These two rooms were, as a result, long and narrow, making it hard to read slides from the back, not to mention the challenge of finding a speaker amongst the obstructions.

Another oddity was a very narrow corner around the outside of this ballroom area. There is a 6' choke-point corner that tended to make a real mess of people moving between the vendor space area and the contest area. This was perhaps more an annoyance than a "problem," but it's something that stuck out.

And, lastly, given all the curves and corners, designed to reduce sight-lines to protect dignitaries, navigation was at times confusing. The third track of the con was in the International Ballroom West (which we're not certain was actually on the west side), and getting there from the main area was at times a bit disorienting.

Perhaps the biggest negative to this venue, though, was how stringent security was about clearing areas when they closed. People were apparently rushed out of the main conference area Friday night when it was deemed "closed" (effectively killing some hallwaycon chats), and we also found that when the lobby bar closed on both nights, security then promptly stepped in and, in no uncertain terms, told us to leave. Note that this is an open area that adjoins seats in the lobby area. I think that, in part, they were creating open space for the cleaning staff to work, but overall it was just not a positive thing. Events like these thrive on the social aspects, where many of the best discussions occur outside of the formal tracks. To have those chats forcibly interrupted by an overzealous staff was off-putting.

Talk Content Quality

I'm increasingly incensed by the lack of adequate training and preparedness that speakers display at conferences. On the one hand, the technical content is usually very sound, but the presentation of that content more often than not leaves a lot to be desired. If these conferences prove one thing, over and over again, it's that being super-smart does not immediately translate into being a good public speaker.

Overall, I was a bit disappointed in the selection of talks. It seemed like there were a lot of talks on mobile security (Android, specifically), as well as on removable devices (e.g., USB pendrives). While I'm sure it was all very interesting, it was very hard to sort through and pick who would be best.

By the way, as I think about content... what in the world has happened to Mudge? I feared the worst, and I can only conclude my fears have been realized... my comment to a couple people ahead of time was "I'll be curious to see just how filtered he is now." and I was unsurprised, yet disappointed, to be right in my implicit assumption that DARPA has fairly well muzzled him. The whole thing was kind of disconcerting...


I really liked the schedule format that was used, and I think this should be called out as a great strength. A 10am start on Saturday and Sunday was wonderful after a late night. The mid-day Friday start was also nice, allowing me (a local) to miss the morning commuter traffic. Having the firetalks on Friday and Saturday night was also great, although I was a little disappointed that I wasn't then able to attend the official ShmooCon party (despite having a wristband, which I later gave to someone else). I could have attended the party, but by the time we made it to the hotel lobby after the firetalks, people were already filtering back from the event indicating that free drinks were mostly gone. Ah, well. Suffice to say, it was a good structure.

If I were to make one quip, though, it's this: I don't think the "Build It" track was either named right or filled with the right talks. I dunno, maybe it's just me, but when I think of the "builder" vs "breaker" dichotomy in infosec, it doesn't map to the talks scheduled. In my mind, if the "Build It" track was mapped to the "builder" sub-culture, then it would have been a bunch of anti-hacker-con-cliche talks. Ya know... my kind of stuff! :) Instead, I think maybe the "Build It" track was supposed to be about things that were built, but then again, not all talks actually seemed to follow that rubric... I dunno... whatever... as you can see, I've clearly not reconciled it yet, even.


My favorite part these days of any conference is in meeting people, watching people, and just generally being around people (I told you I wasn't a "hacker"!). Hacker cons always bring out a special sort, too. It was a lot of fun hanging out, seeing folks, and counting the utili-kilts. I also amused myself by watching the stares and double-takes of non-con people in the hotel as various con attendees wandered about. It's really quite remarkable how thoroughly a hacker con can take over a venue! :)

Will I go back to ShmooCon again? Yes.
Is there room for an improved experience? Definitely!
Did the Potters do a good job? Absolutely!
Was the venue perfect? No, but then, what venue is?
Were the talks great? Not really, from the ones I saw, but others saw different talks and disagree. *shrug*

See you next time ShmooCon!


TrackBack URL for this entry:

Comments (2)

Robert Frost:

I'm curious as to what you thought about the tail end of Mudge's keynote, and to what degree you think he was "muzzled." It seems like he voluntarily went to DARPA to have an impact, and the government funding community research without requiring intellectual property rights seems to be a huge step forward. Additionally, there was stuff all over his talk that while he didn't come out and say anything.... you got the idea. Just one guy's opinion.


Hi Robert,

Thanks for the comment. Admittedly, I didn't stay through the end. The term "muzzled" wasn't appropriate - I meant "filtered" - which is to be fully expected! He is, after all, in a director role at DARPA.

Is he making a difference? Definitely. Can he talk about specifics of the projects? I'm guessing not. To me, there wasn't anything terribly whiz-bang in his comments, or anything that wasn't particularly predictable? I think he's doing the best he can to reform the institution from within, but will have to continue being incredibly patient. In the meantime, from the outside we have to wonder if the changes will come so slowly as to almost be irrelevant over time. Government is a massive ship to sail, and that can be quite problematic in times like these where speed and agility are so important.

Thanks for the comment!


Post a comment


This page contains a single entry from the blog posted on February 1, 2011 8:28 PM.

The previous post in this blog was A Fictitious Story (Shmoo+Snow=Conspiracy!) .

The next post in this blog is RSA 2011: Books! Talks! (and where I'll be) .

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.