I just got back from another great year at ShmooCon. While technically it is an information security conference, it’s a hacker con in the best sense of the term, a gathering of our friends and hacker family. We live, laugh, learn and love. We spend a lot of time working remote or facing screens, so it’s these special moments when we get actual face time that we can connect, talk long and late into the night, and come away feeling recharged.

Hackers are the most generous and caring people I know. There was a terrific event to support Mental Health Hackers early Saturday night with a big turnout and outpouring of generosity by those attending. It was great to meet some new people there and hug some dear friends. Thank you to Ray Redacted for organizing it, to Amanda Berlin for making this organization to create awareness and support, and to some very generous donors.

Hackers bond well over food and libations, and there were some great meet and eats. Things wrapped up with a grand Sunday brunch and a tableful of great conversations with Chris Kubecka, Helen Negre, Jim Troutman, “SniperBarbie” among others.

Shmoo is a rare time when I am an attendee only, so I indulge my love of learning and take in all the talks I want to see because some of the most cutting-edge and challenging talks are presented here. It’s a feast for my mind and I never leave hungry.

Some talks on my list:

A Firetalk by Jim Troutman on DNS and all we don’t really know. This talk won first prize this year out of all six excellent firetalks. There was so much useful info about where we are exposed and many helpful mitigations for more secure setups.

“Hack the Stars”. All about satellites, their vulnerabilities, juicy targets, so much data in the clear. Space debris and stuff that keeps me up at night. Scary good!

SBOM. A talk on why we need a software bill of materials legislated and enforced in healthcare by Josh Corman and Audie. Because time is a matter of life and death in healthcare. Supply chain, upstream dependencies, lack of visibility. The impact from exploit doesn’t stop at one hop.