//DerbyCon 2011 Wrap-Up

Since DerbyCon is brand new this year, and in case you weren’t aware of what it is, I thought I’d drop some of my notes on the conference and presentations overall.  First, it is at a decent time during the year given the spacing between the various cons.  It also runs over a weekend, so even those who don’t get “approval” to go to this can simply take a day off and hit the conference from Friday through Sunday.  Louisville as a location is also great for those of us heading in from Chicago or the Midwest as driving or a cheap SWA flight makes it fairly easy to get to.  There are also plenty of hotels around the area of the conference (held at the Hyatt) in case you have points at one of the competing chains you’d like to use for a free room.  It is also right down the street from 4^th Street Live and pretty well located in terms of finding food and drinks after the talks.

All right, enough about where and when it is.  Let’s get on to the talks and conference itself.  The conference features some training tracks (evenings) as well as presentations throughout the day.  The nice thing is at the end of the first day the conference starts to split into tracks and continues this way until the conference ends.  While I like that format I didn’t see a theme to the tracks like you do at Defcon, which unfortunately means I’m torn between two different talks at the same time as the content is interesting and along the same path.  The talks I did attend were very good for the most part and I took at least one new thing away from each session (a new tool, technique, thought, etc.).

In addition to the talks there were quite a few training courses.  They range from physical security and social engineering topics to Metasploit and Windows exploit development.  While these did run in the evening they also overlapped with the end of the day presentations, which would make it difficult to do both unless you go into the con knowing you’re missing talks you may like to see.  Beyond training there was a movie theatre setup playing movies all hackers love, a lock pick and hardware village, and the usual CTF competition.  There were also vendors, but the space was somewhat limited so there weren’t too many…I did enjoy the book vendors as you generally don’t get to “see” the books covering security topics in a book store anymore.

All in all you’d never guess this was a 1^st year conference given the content, speakers, AV, and attendance.  I didn’t see any issues (short of the lack of space in some rooms).  Things that would be an improvement for next year according to me would be:

1. Have some “theme” to the tracks…such as exploit development, social engineering/hardware hacks, new projects/tools…just some thoughts.
2. Training should start a day early and continue in the evenings after the presentation are over, or two days prior and not overlap the presentations.
3. Location is good, but the rooms are a bit tight for some of the talks.  I’ve always guessed that if you spaced the chairs out slightly (or left more standing room at the back) that more people would fit.  Those chairs are closer together than airline seats and people sit every other chair for the most part.
4. Vendors?  I’m assuming that comes along with time as the conference is just starting.  It would be nice to see more vendors to help offset the costs (or possibly pay for a larger space like the conference center down the street).
5. Stop giving out bags.  No one wants them and they end up being thrown away.  All I need is a conference schedule and a badge to get in.  Speaking of, posting the talks, rooms, and times in a central spot would be nice as well.  It was done on Saturday by each individual room but I didn’t see the sheets up near the rooms on Sunday.

Despite all of these improvement ideas I’m definitely going back next year.