Recap of Hacker Summer Camp
This past week I had the opportunity to attend four exciting conferences in Las Vegas that are part of the “Hacker Summer Camp”, all very different from each other, but all sharing the same passion for bringing people together to collaborate: the Diana Initiative, Ai4, Black Hat, and DEFCON.
On behalf of the Open Source Initiative (OSI), I was interested in two topics in particular: Open Source and Artificial Intelligence, and Open Source supply chain compliance and security. On behalf of the Confidential Computing Consortium (CCC) from The Linux Foundation, I was interested in promoting Confidential Computing, an emerging technology that promises to make the Cloud more secure by encrypting data while in use.
The Diana Initiative
The first event of the week, that happened on Monday August 7, was the Diana Initiative, a conference committed to helping all those underrepresented in Information Security. The CCC was one of the event sponsors and our sponsorship helped nine students to attend the conference to advance their careers. I was there representing the CCC as the Chair of the Outreach Committee. A big shout out to Kate Kim, our Vice Chair, who has tireless pushed for DEI (Diversity Equity and Inclusion) at the CCC.
There were several interesting sessions at this event. I want to highlight some of these:
Spilling the TEE – by Deirdre Cleary, software engineer at Evervault
It was a great pleasure to finally meet Deirdre Cleary and watch her presentation about Confidential Computing. I found her demo to be a very good use case. She showcased a women’s health tracking app using Trusted Execution Environments, which ensures that each individual’s data remain private. This is especially important in a surveillance state that criminalizes women’s well being.
Managing Coordinated Vulnerability Disclosure – The Art of Wrangling Cats – by Tina Zhang-Powell, Senior Security Program Manager at Microsoft.
Another interesting talk was by Tina from Microsoft. Vulnerability disclosure is something really serious and should be done responsibly. Oftentimes it involves working together with multiple people across different organizations.
Exploring the Frontiers of Large Language Models (Generative AIs): Unveiling Attack Strategies and Safeguards – by Gaspard Baye, PhD Student at the University of Massachusetts Dartmouth.
This session provided a good overview of Large Language Models (LLMs) and different attacks, as well as defenses against these. I would only highlight that open source LLMs provide many benefits when compared to proprietary “black box” models. The transparency of the code, model, and data allows to better understand and remediate bias and vulnerabilities.
Breaking the Mold: Inspiring Stories of Two Women Who Hacked Their Way into Cybersecurity from Non-Technical Backgrounds – by Maril Vernon (SheWhoHacks), Senior Application Security Architect at Aquia, Inc.; and Mackenzie Wartenberger, Associate Security Architect at Aquia, Inc.
This session was one of the most inspiring. Maril shared her story of how she was able to break into cybersecurity through her sheer determination to learn, her ability to network, and her focus on her strengths. Mackenzie also did an amazing job, although she arrived 30 minutes late. She came bursting into the room straight from the airport, demonstrating her will power to overcome any obstacles.
Unveiling Failures and Forging Change: Combating Gender Disparities in Cybersecurity for Marginalized Genders – by Chloe Messdaghi, CEO and Founder, Global Secure Partners.
It was interesting to be attending a tech conference where 75% of attendees were women. Chloé Messdaghi explained to us that every gender is marginalized. Even though I’m a man, I always felt different, having to constantly fight against the “man stereotype” being pushed by society, not just by men but by women as well.
Ai4
The second conference I attended was Ai4, that happened on Tuesday and Wednesday August 8-9, at the MGM Grand. This was a “medium sized” conference, with 2500 attendees, with a good mix of content both tailored for tech and business folks.
These are the sessions that I found most interesting:
AI Through The Lens of Filmmaking – by Nikola Todorovic, Co-Founder and CEO at Wonder Dynamics
The opening keynote was very inspiring. It highlighted the importance of making technology accessible to everyone, helping each one to dream and turn their dreams into reality. I was surprised to hear the story of how Hollywood came to be. In the early 1900s, most motion picture camera and equipment patents were held by Thomas Edison in the East coast. Filmmakers decided to head West to set up production near or in Los Angeles, where attempts to enforce Edison’s patents were easier to evade.
Harnessing AI For Education so all Students Benefit – by Sal Khan, Founder and CEO of Khan Academy.
Another fantastic keynote was by Sal Khan, founder of Khan Academy, where he showcased Khanmigo, a personalized AI tutor to help students learn various subjects. This tutor was specially built to provide guidance instead of answers, addressing concerns regarding the use of AI for cheating instead of learning.
AI: a New Frontier for Privacy Professionals – by Ron Whitworth, Truist
Ron highlighted how AI became the main topic of discussion at the privacy community, and how some Chief Privacy Officers are expanding their remit to include AI oversight obligations and/or broader data responsibility and ethics accountability.
What’s Yours in Mine? Intellectual Property Rights in the Age of Generative AI – by Melissa Harrup, Mondelez International
Melissa provided a good overview of copyright law, that has been evolving since the invention of the Gutenberg press. She posed two thought provoking questions: Is the Generative AI training data copyrightable? And how about the output?
Why Vector Search is Important to your Business – by Frank Liu, Zilliz
Many presentations at the Ai4 conference referred to Open Source, including Frank’s talk about Zilliz, an open source vector database. I found the OSSChat application that they’ve developed to be quite interesting: it answers questions from the most popular GitHub projects based on their existing documentation.
Black Hat
On Thursday August 10, I was able to pick up my badge at DEFCON in the morning, and went to Black Hat in the afternoon. Black Hat is one of the most important cybersecurity conferences in the world, with 20,000 attendees. While I did not attend the conference per se because I didn’t have a ticket, I was able to take advantage of the hallway track. Later, I enjoyed the happy hour organized by Unusual Ventures. They invest in AI/ML and cybersecurity, and have particular interest in Open Source. I made some good connections there, including Allison Averill, Wei Lien Dang, and Dan Gillespie.
DEFCON
Finally, on Friday and Saturday August 11-12, I attended DEFCON, the largest hacker conference in the world, held across 3 different Caesars’ convention centers, with over 30,000 attendees. The conference is so big that they have to split it into what they call villages, which are still very large on their own. I spent most of my time in the following villages:
IoT Village
The CCC was sponsoring the IoT Village. This was a very well attended village, and I was surprised by the enthusiasm and knowledge of the attendees. Many arrived early in the morning, and only left the large room late in the afternoon, spending their time trying to break into IoT devices. Many thanks to the IoT Village organizers who received me, Rachael Tubbs and Sara Pickering, MS, PHR, SHRM-CP.
AI Village
The AI Village was one of the most popular ones, and was dedicated to DARPA’s AI Cyber Initiative. Thousands of hackers tried to find vulnerabilities in Large Language Models. This initiative was officially announced at the main auditorium:
DARPA Announces an AI Cyber Initiative – by Dave Weston, Vice President of Enterprise and OS Security at Microsoft; Heather Adkins, Vice President of Security Engineering at Google; Matthew Knight, Head of Security at OpenAI; Michael Sellitto, Head of Geopolitics and Security Policy at Anthropic; Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF); and Perri Adams, AixCC Program Manager at DARPA.
Policy@DEFCON
The Policy@DEFCON room was also well attended, and brought together government officials and specialists interested in safeguarding critical infrastructure, with a particular focus on open source software security. I really liked Kemba Walden’s fireside chat with Jeff Moss at the main auditorium:
Fireside Chat with the National Cyber Director Kemba Walden – by Kemba Walden, Acting National Cyber Director at the Office of the National Cyber Director, the White House; Jeff Moss, Founder of DEFCON.
Crypto & Privacy Village
The Crypto & Privacy Village is one of my favorites, and last year we gave two talks there. This time, I was only attending. I especially enjoyed the entertaining privacy talk from Anthony about how privacy laws are evolving in the U.S.:
Is 2023 the Year of Privacy: How History and States are Posed to Change Privacy? – by Anthony Hendricks
Final Thoughts
Overall, it was a great opportunity to connect and learn with others by attending all these conferences that are part of the “Hacker Summer Camp”. It was my first time attending the Diana Initiative, and due to its smaller size, it was a great event for networking. I was surprised by Ai4’s content, which had a nice balance between technical and business talks. While I didn’t officially attend Black Hat this year, I was able to make good connections at the hallway track and the happy hour. And finally, at DEFCON, I was very much pleased to find topics that are so important – like open source, cybersecurity, privacy, AI, and IoT – to receive the attention that they deserve.