A couple of weeks ago we participated at DefCamp, Romania's most important security conference. We attended some interesting talks, but we also witnessed an evolution of the conference itself.We wanted to learn more about DefCamp and the direction it's heading, so we've asked Andrei Avădănei, the conference's founder and CEO, to have an interview with us.
We've discussed future plans, the challenges of hosting such an event, and sideline projects such as the CCSIR, or the Cyber Security Research Center from Romania.
Softpedia: Please introduce yourself to our readers.
Andrei Avădănei: My name is Andrei Avădănei, I am the founder and CEO for DefCamp, the largest hacking & INFOSEC conference from Romania.
Throughout the last 7 years since I have been striving to make something in the IT field I have also been trying to keep in touch with the modern technology and IT security by various activities among which I wish to highlight a few that molded my career:
- algorithmics, web development, software development and IT security competitions, (local, national, international) where I participated have managed to educate myself with a competitive thinking, always trying to raise the bar;
- worldit.info, an online Romanian IT community;
- GREPIT, a non-governmental institution that organizes an IT competition for more than 7 years and it managed to introduce me to the environment of event organization;
- OpenIT, the first event co-organized by myself, in Suceava, Romania, where 60-70 highschool students competed against each other in 12 hours of programming the tasks we elaborated.
Softpedia: When did you become interested in information security? Was there any particular event that triggered your interest?
Andrei Avădănei: I became interested in IT security at the exact moment when the trigger activated my desire to work in the IT domain. Seven years ago I was a big fan of games and I was addicted of Counter-Strike 1.6, but I was already bored and I had already found out about the available cheats.
Unfortunately, the cheats I was using were already detectable by the protection systems installed on servers I was playing.
I got so angry that I was willing to write an application for CS 1.6 which was undetectable: this is how I found out about the vast IT domain. I never wrote that program because I made cooler stuff, but since then I have been trying to discover new things on a daily basis.
Funny, isn't it?
Softpedia: How did you come up with the idea of launching DefCamp?
Andrei Avădănei: The idea of DefCamp crossed my mind shortly after organizing the OpenIT contest. I was very close to decide whether we would continue that competition the way it was or make a change (I wish to highlight that nothing about OpenIT had anything to do with IT security).
In the spring of 2011, among the IT security underground communities from Romania, the complaints started to appear; everyone wanted something new so I wanted to build an offline environment that would provide us an easier and cheaper access to abroad resources.
That's how the idea of “DefCamp” was born – on an usual day of March-April 2011 we drew our logo in Paint (we are hackers, not designers) and slowly but surely we prepared ourselves for the first edition of it at the end of September, the same year. We have not stopped since that moment.
Softpedia: Please tell us a bit about your team. Although you’re the “mastermind” of DefCamp, there are probably many people helping out.
Andrei Avădănei: I say that our team works the same way as a decentralized P2P software works. I try to coordinate the whole activity and the numerous extremely important issues as brushing up the whole plan, step by step, also the relationship with the partners, the search for new sponsors and partners, but I was always, in every phase, helped out by my colleagues.
This team has been made out of 1 to 3 people since the third edition, but at DefCamp 2012 @Bucharest we were almost 10 people who directly contributed to the organization of the event and a few dozens of other people who were involved in different stages of the event.
Considering that the conference is a volunteer-based event, I believe it is impressive that we managed to gather over 20 speakers from 6 countries (Romania, Moldavia, Hungary, Slovenia, Ireland, USA).
The interesting part is that no DefCamp organizer comes from an environment exclusively based on event organization, we are all technical people with a clear vision of what we want to do.
Softpedia: You’ve come a long way since you first started. How far are you planning to take DefCamp? Should we expect it to become something that would compete with world renowned conferences?
Andrei Avădănei: It hasn't been so long. We are small if compared to the present events in Europe. We will definitely not stop here and one of our targets is not to be forced to leave Romania to find the pulse of the IT security on the planet.
We want to grow more and more not only in size, but also in the quality of the events regarding the technical part and, who knows, in 3-5 years we will be on the same level as our colleagues abroad. It is clear that everything is up to us and the community around DefCamp.
Softpedia: You must have received some feedback from this year’s attendees. What did they say after the conference?
Andrei Avădănei: It is quite difficult to answer without being subjective, because there were various opinions, from simple greetings to collaboration ideas, constructive ideas but also complaints which mostly concern logistics.
Indubitable is that the ones who have been following us from the first edition have noticed the growth of the event in all its branches – logistics, the number and the quality of the presentations and the participants, activities. What could be more beautiful than this?
Softpedia: I’ve seen a lot of (very) young participants at this year’s edition of DefCamp. Considering that most of the hackers that make headlines these days are very young, do you think that by participating in such conferences they could be influenced to take the “white” path of infosec?
Andrei Avădănei: The human mind is an unpredictable and hard to control environment. We are trying to take attitude every time we can when it comes to the illegal side of this environment and we try to promote the good practices when needed.
The youngsters can see that cool things can be made legally, so we try to show them this thing. The rest is up to them. In exceptional cases we get under our wing the people with potential and we teach them to do things the right way.
Softpedia: What is the biggest challenge when organizing an infosec conference?
Andrei Avădănei: This is a great question. The IT security events, at least in Romania, are extremely hard to build because we are very paranoid. I think that the most difficult thing to be controlled is, at such an event, the paranoid people, some of the organizers or the participants confront before, during the event and after the event.
More than that, it is very difficult to keep the image of the event clean because the interpretations from the INFOSEC environment are made on a daily basis and the line between black hat and white hat is very thin.
The ones unaware, but with sufficient media power, can ruin our work before you can say knife.
Softpedia: What can you tell us about your immediate plans? I know you probably want to keep it a surprise, but can you give us a hint?
Andrei Avădănei: My near future plans involve a calendar which we will guide after in 2013 regarding the organization of the following DefCamp edition. It is funny that, so far, all DefCamp events were organized, from their launch to the offline meeting, in a record time which has always been less than one month and a half.
We now dedicate a full year to some phases of the event; it is high time we got to the next level. My plans, at the moment, include a few large INFOSEC projects which will be launched soon, depending on how fast and how capable we are to put them into effect.
This is the most difficult thing now, we have limited resources and experience that can guide us, almost everything has to be tested and most of the times we take a risk.
Softpedia: I know that you’ve recently launched CCSIR. What can you tell us about this new project?
Andrei Avădănei: Oh, CCSIR or the Cyber Security Research Center from Romania is the child of DefCamp.
We still do not give out details but, briefly, it will be an official communication platform for the center, we will be having a research department with the main job of discovering new vulnerabilities in various virtual environments (and maybe not only).
We will also be having a department which has to come up with ideas for projects and also the 0xDEF department which will be our official CTF (Capture the Flag) team which we hope to make us famous in the international competitions in this domain. There will be more surprises. All in good time. :-)
Softpedia: You’ve recently written an interesting blog post on the differences between hackers, crackers, thieves and security researchers. Do you think that the fact that they’re often placed under the same umbrella affects the industry, particularly security researchers?
Andrei Avădănei: Frankly, I do not think that it directly affects the industry in any way. People in this domain are able to identify each one and most of the times they do a lot of research before making a statement. Anyway, the image of the industry is affected so many times by the press which, indirectly, can affect us particularly.
For example, I heard some rumors that a company did not want to come to DefCamp because we were media partners with a community of IT security that was involved in a scandal it didn't deserve.
It can be said that we were collateral victims in that particular case but, after all, we are a group of people who speak the same language and we surely understand more than the press tries to manipulate us to understand sometimes.