GeordieCon: The potential for a compsec convention in the North East.

Belgium has Brucon. Ireland has AppSec. Barcelona has Black Hat. The UK has around 15 universities doing courses in ethical hacking and information security, and most universities offer a computer forensics class. As a nation, we’re one of the most IT powered in the world, with almost ubiquitous usage of technology in government, services and enterprise. Unfortunately, the UK has not had a single computer security and hacking conference since Brumcon 2006, excepting the smaller OWASP and 2600 meetups.

The UK really is the prime place for a hacking conference. We have a level of enthusiasm and expertise in the computer security fields that parallels most other Western countries. Newcastle also is a prime location for a computer security conference, with an expansive public transport network, an international airport and amazing nightlife (I speak from experience). It also has a top-50 university which does a well respected Ethical Hacking course. Surely then, Newcastle is an ideal city for a con. Despite all this, nobody has run a convention in the Newcastle area.

I’ve always been enthusiastic about computers and security, to the level that I chose to study computer security at degree level. I read about it constantly, and hacking conferences have always fascinated me. In a moment of inspiration, I decided to buy a domain name, and investigate the possibility of a sub-small-scale security conference in Newcastle, where ticket prices were affordable and it allowed younger talents to showcase their projects, ideas and skills to their peers and potential employers and investors.

Let it be said that I think the likelihood of a security conference emerging from this late night fit of inspiration to be very, very slim, for a number of reasons which I will list in detail below. I also don’t think that if a security convention did emerge, it would be by any means successful, be it fiscally, personally or with regards to its aims.

The first reason why is that I am honestly the worst person imaginable for hosting a security convention, on a number of levels. The first reason is that despite my enthusiasm for the subject, and constant desire to learn more, my level of expertise is virtually negligible compared to the many people my age who know a lot more than me, when it comes to computer security. Whenever I am doing anything with regards to computer security, I always approach it with a degree of humility, because I’ve got a lot to learn. This, despite not disqualifying me from running a con, probably suggests that it’s not the best idea.

The second reason is that conventions are notoriously difficult to run, according to… Well… People who have ran conventions before. You’ve got to book speakers, book a room to host it, get interest in the actual convention itself. This is a hefty amount of work. On top of this, you have to ensure that things run smoothly and there are no hickups. Which brings me on to my next point…

I study ethical hacking at great expense because I enjoy it and want to make a career out of it. To do that, I need to work incredibly hard. I’m doing an incredibly intensive course where you can’t really be abstract. You have to be incredibly precise and know your stuff. This means you have to study insanely hard. It’d be nigh on impossible to maintain a decent social life, study hard and manage a convention at the same time. From what I understand, it’s a real timesuck, which wouldn’t bode well for my studies.

There are other, smaller, but still important issues that put me off hosting a’ con. The first is the issue of liability. I wouldn’t want to be held responsible for any stupidity that goes on that breaches a law, or gets me in trouble with my university. It’d be a bit of a pain, cobbling together the early investment. Function rooms and speakers aren’t cheap. I also don’t really have that many contacts within the computer security industry to help garner enthusiasm for the event.

Conversely, a short, affordable number of presentations relating to computer security would be potentially a good thing. It would undoubtedly generate and enhance enthusiasm, awareness and knowledge of the field of computer security in people who normally wouldn’t be able to make it to one of the larger, and more expensive, conventions.

It also gives a staging ground to display locally developed projects and knowledge by people, predominantly students, who normally wouldn’t have access to the decision makers in computer security.

If I was to realize my aspiration of launching a ‘con in the North East, it’d be simple. Just a one day, or half day event with speakers making presentations on computer security in a function room, or in a small lecture room. It’d be straight to the point, affordable and would be open to anyone with a good idea, or something cool to show or teach.

I want to say that I’ve not decided anything regarding a potential Newcastle based convention (which, I’ve named GeordieCon). I’ve registered a domain name (geordiecon.co.uk), but nothing more, and if nothing becomes of this project, I won’t be too upset. Honestly, I’m just investigating the potential of launching a convention in the North of England. Admittedly, I’d like to launch one, but in the real world, you can’t always have what you’d like, and it’s much more sensible to approach this with a cautious, investigative eye.

If anyone has looked in to launching a ‘con before, or has actually done one, or even runs regular technology meetups, feel free to comment on this post and give advice or feedback. Like I said, I’m just investigating the possibility of a convention in the North of England. Nothing has been decided yet, despite how much I’d like to make this a reality.

Matthew Hughes

Tags: black hat, brucon, computer forensics, computer security, def con, ethical hacking, Geordiecon, hacking, jeff moss, newcastle