Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

DEF CON 20: French Fry, Pizza, or Rotten Apples?

If you currently do a search online for a female's perspective about DEF CON, everything is coming up sexual harassment. I've been asked a dozen times about my experiences in the past week alone and I can't say anything overly negative about it. But that's my experience. Mine. A small percentage might be because I'm not about to take anyone's guff, part of it has to do with the people I surround myself with, but mostly using common sense saves me every time. Common sense is a wonderful thing and if you use it, you can still have a good time. The biggest problem is that there are going to be jerks aka rotten apples, both male and female, at any venue you attend be it a hacker conference, the neighborhood bar, a friend's 4th of July party, or on a date, et nauseum. And it's making me angry that complaining is winning out over problem solving.

In no way am I saying that sexual harassment isn't happening. It is. And it isn't just happening at DEF CON. Yet I would be interested in the circumstances surrounding the incidents at DEF CON. Are women being sexually harassed during the day at the conference? Did they get help from a Goon? Is it happening at the parties at night? Are they sponsored parties or private room parties? Waiting in line for a taxi? At a hotel bar? If you Google other top hacker conferences you do not get the same number of results as you do for Defcon. So what's different about Defcon? Size for one thing. It is the largest hacker conference in the US. But the location is playing a part as well. Vegas is called "Sin City", and all those commercials about "What happens in Vegas, Stays in Vegas" probably isn't helping the situation much either. Drinking is happening 24/7 and it's not just the DEF CON attendees but regular vacationers as well. Then add the unlimited amounts of free alcohol once you get into the parties into the mix, and what you have is a potential volatile situation.

It's at this point where common sense should reign. Or as I've learned from South Park, "If you french fry when you should pizza, you're gonna have a bad time."

  • Walking the long empty stretches between The Palms and The Rio? Sure you could do it during the day, but I took a taxi at night when one of my male friends weren't around to walk back to the hotel with me.
  • Don't drink to the point of stupidity if you don't have someone to keep track of you for the entire evening.
  • Be aware of your surroundings and the people you are with.
  • If you're not looking to hook up, this is a hacker conference for crying out loud! Social engineering. Ever heard of it? Buy a fake ring you can pass it off as an engagement or wedding ring. I wear my rings all the time. Either the guys I don't know yet notice it, or it's a quick fix to point out yourself, and they leave you alone.
  • How are you conducting yourself? Are you running around like a drunken ass or are you having a quiet geeky conversation?
  • Uncomfortable? Extract yourself from the situation. Walk away.

Again, I'm not saying women aren't being hit on or harassed at DEF CON, but I saw multiple guys get sexually harassed from ass slapping to lewd comments as well. It's not a one way street kids. What needs to happen is more than just a higher level of awareness. The Red/Yellow card project was introduced at DEF CON 19 by KC at, and the opinion has run from it being a naïve notion to it being helpful to outright joke. Unfortunately while I'm not quite sure how effective it has been at stopping sexual harassment, at least it has us all talking. The outcry over sexual harassment has gotten enough attention that Brucon has decided to adopt a anti-harassment policy this year with credit going to The Ada Initiative. I will be very interested to see how things go this year.

Thankfully there has been a strong outcry from the men online as well. Data Devastation had an excellent blog post from a male's perspective. What makes it an excellent article is that Yeats has a conversation with KC about her Red/Yellow card project. Go read it. Then there is an article on CSO about Security con harassment that ended up with a follow up post. Everyone is making valid points and the conversation is on going.

The solution is not going to be easy. The conversation needs to continue until actual changes are made, but everyone has a role to play both male and female. But avoiding DEF CON because you're a woman and don't want to deal with sexual harassment isn't the answer either. If you want to see a change you need to be part of the change whether it's blogging about it, red or yellow carding the offenders, or actually calling out an rotten apple for improper behavior not only for yourself but for others. If you see bad behavior, stop it. And if you want to go to DEF CON, go. I'd love to see more women next year.

Latest SpiderLabs Blogs

Hunting For Integer Overflows In Web Servers

Allow me to set the scene and start proceedings off with a definition of an integer overflow, according to Wikipedia:

Read More

Welcome to Adventures in Cybersecurity: The Defender Series

I’m happy to say I’m done chasing Microsoft certifications (AZ104/AZ500/SC100), and as a result, I’ve had the time to put some effort into a blog series that hopefully will entertain and inform you...

Read More

Trustwave SpiderLabs: Insights and Solutions to Defend Educational Institutions Against Cyber Threats

Security teams responsible for defending educational institutions at higher education and primary school levels often find themselves facing harsh lessons from threat actors who exploit the numerous...

Read More