Wow, these past few months have been absolutely insane in the best ways possible. I've started wedding planning in earnest and I got a new job! I just crossed my 3 month mark working at SpecterOps, and it's been incredible so far. I've learned an absolute boatload, feel like I am contributing to something special, and I've been loving every minute of it. Enough of the life update though, this post is about how SecretCon 2025 went.

Ethics Disclaimer

Just a heads up here, SpecterOps paid for my ticket to the con, which would normally run $350. I did not need hotel or other accommodations as I am local to the Minneapolis - St. Paul metro area.

Shhhhh...

SecretCon is a local hacker convention in St. Paul, Minnesota that took place on June 4th and 5th at PAIKKA and Lake Monster Brewing (How has it been almost a month already??). PAIKKA is a local event center that mostly focuses on weddings, but apparently has hacker cons once in a while too. The con itself is spread in between a few buildings and a patio that sits in front of PAIKKA and Lake Monster Brewing under a little water tower. There's a pretty typical gambit of hacker con things to do. Two talk tracks, neat badge, some hubs (villages), CTFs, lock picking, beer, and good conversation.

Tracks and Hubs

One thing that surprised me was how much smaller the con was than I expected. I mention that it spans multiple buildings, but the buildings themselves aren't particularly large, and therefore they tried to pack as much stuff as possible in a fairly small space. I imagine it's to help keep costs down for the venue, as I can't imagine renting an event center and networking lounge in the middle of St. Paul was cheap. However, this meant that the hubs were essentially one or two folding tables for each hub. This, combined with how tightly packed in everything was made me feel claustrophobic, as it was often difficult to impossible to navigate the hubs without having someone blocking the path. Often, it was just a single person who could constrict the entire path through the hubs. I think as SecretCon grows, they're going to need to find a larger space to host it, even if it's just for fire safety.

The hubs themselves were pretty interesting though. I spent a fair amount of time at the Vintage Systems Hub, where I spent a fair amount of time playing games on a Commodore 64. They also had a Model M keyboard there, so I finally got to click on a buckled spring keyboard, and the clacks were glorious. They had a tinfoil hat contest that was pretty much the same as the one held at DEF CON, which is cool. It's goofy but good fun to create tinfoil hats and bounce radio waves off them. They also had an Access Control Hub that is designed to teach about physical intrusion systems. One of these days I will learn about those, but that day is not today.

Some coworkers and I went to a few talks. We went to the opening keynote with Evan Francen, the founder of a local security company called FRsecure. I have a friend from university who works there who's always told me he's an interesting guy, and I think I see her point now. Evan seems like a dude who just wants to hang out, talk shop, and get to know you. I also attended a talk which covered an Agentic AI tool called HackerSidekick. The presenter, Mark Millhouse explained how he's used it to help him exploit vulnerable web apps. However, he also said he was using it on the CTF, and while it's helped him get to some flags sometimes, he said it hadn't actually captured any flags. Which, not even being able to hit an easy flag in a CTF seems like the tool has limited usage to me. This rang especially true when he pointed out that he was in the lead for the CTF, but didn't have any flags which were caught by the model.

The next talk I went to was Offense for Defense by Tim Medin, which now makes the second time I've gone to that presentation. I just like hearing Tim speak. Finally, for day one talks, I attended one for using an LLC to help reinvest into career training. I found that was somewhat interesting, however I think it's too much IRS overhead to make me want an LLC as a side thing. Besides, I'm happy with where I am. I only attended one talk for day two, which was to hear Kat Traxler talk about GCP security policies. I've wanted to meet her and the rest of the DC612 crew for years, and I finally had the opportunity. I enjoyed her dry and self-depreciating humor at the beginning of the talk. I later found out that DC612 is in-person again, however it's on Thursdays which is D&D night, so maybe sometime in the future I'll actually make a meeting. Probably not anytime soon though.

Cold Drinks and Cool Friends

Anyone who's ever talked to me about cons knows that I heavily advocate for utilizing them to sit down and meet people. Of course, SecretCon was no different here. We had all 3 Specters from Minnesota at the con, so I ended up spending a good amount of time hanging out with them. Since we are a remote first company, its rare that we actually get to see each other. It's nice to have some face time when we can. Additionally, I bumped into some CCDC folks at the con and got lunch with them on the second day. If you're in CCDC and bump into me in public, please feel free to say hi! It's hard to keep everyone's faces and names memorized, but I love bumping into competitors. Finally, I spent some time with the folks from Arctic Wolf talking about a variety of AD-related security topics. Oh, the beer and pizza joint nearby were solid too. Would buy again.

Departure

Overall, I enjoyed SecretCon. It's nice to be at a con that's a little more intimate, and not constantly shouting over 30,000 other people. Even if you didn't want to attend the talks, it's definitely worth stopping by even if it's just to hang out at the brewery and patio and talk to folks (no badge required to have a beer 😉). Also just as an FYI if you've met me at either DEF CON or Wild West Hackin Fest in the past, I'm not attending DEF CON this year. Additionally, I'm not sure if I will be at Wild West Hackin' Fest yet, but its not looking likely as SpecterBash is the same week. I'll learn more in the coming weeks though!