I wrote about the unique spirit of TROOPERS in my recent post on collaboration, and in today’s post I’d like to discuss in a bit more detail what makes the event so special.
In 2008 ‘security research’ was generally considered to be vulnerability research, and this discipline happened in different groups:
in ‘hacker subculture’ with their own fora (Phrack, mailing lists like bugtraq or Full Disclosure) and various conferences (some of which still exist, whereas others like IT Underground in Warsaw disappeared).
to some degree in academia, but this was generally quite disconnected from the above circles (USENIX WOOT had only been established one year before). One person trying to bridge that gap was my friend (and mentor on many things) Sergey Bratus – which was one of the reasons for him joining TROOPERS *every year* during the first 10 years. Btw, the other person achieving the same feat was Rodrigo Branco who also gave a talk every single year incl. remarkable keynotes in 2019 and 2013.
to some, albeit small, degree in industry.
I myself had already spoken at a couple of events like Black Hat, HITB or ShmooCon, and I had noticed two things:
The question, “oh, cool, nice vulnerabilities, but what does this mean for me when I’m back in the office on Monday?” was frequently asked by attendees, especially those from the industry. the above groups, when present at the same event, only sparsely talked to each other.
Those observations were elementary for the idea of founding TROOPERS. We wanted to create a space where the intent to make things more secure was the primary motivation for learning, where attendees could get actionable advice, and where lively interaction between the above groups happened.
What we came up with can be explained around three terms:
Content
Community
Collaboration
Content
Based on the previous considerations it has always been an objective to host many talks with a strong defense perspective. Those are often case studies from customer environments where we explicitly encourage the (then-) speakers: “hey, that’s cool stuff, what about sharing it with a broader audience at TROOPERS?”. In general quite a few talks do not come in through the CfP but are the result of an ERNW member reaching out to a researcher in a direct manner.
Every TROOPERS hosts special tracks or side events that cover topics that we, for various reasons, consider important, like the Telco Sec Day to connect operators and researchers in the telco security space in a trusted environment. This started in 2012 and is an important research gathering every year
the IPv6 Security Summit (which ran from 2013 to 2017) to advance the state of IPv6 security research, and lots of important contributions came out of it
the SAP Security Day since this is a topic which does not get much attention at other public, non-vendor events
the ‘AD & Entra ID Security’ focus came up in 2018, and has since developed to a full-blown track filled with great talks
round tables on topics like incident response or cloud security. Even most speakers of the main conference working in the respective domains join these sessions. They often explicitly arrange their travel in a way that allows them to participate since they themselves consider the round tables as invaluable opportunities for knowledge exchange.
Every TROOPERS edition features some talks not happening at any other event, either because the respective speakers only feel comfortable to present at TROOPERS (see also below in the community section), and/or because we like to occasionally include submissions which initially look somewhat weird – actually they often were/are, and some of them were strong failures, from a perspective of knowledge delivery – but which we expect to stimulate good conversations over the shared dinner on Wednesday.
Of course, a number of speakers also give talks at other events, but many of them make TROOPERS their favorite conference, so they go above and beyond to prepare their submissions and talks there. For those of you reading this while working on your talk –no pressure .
Community
Probably one of the aspects that sets TROOPERS apart from other events the most is this one. In fact many returning participants tell us this is precisely why they book their tickets months before even glimpses of the agenda or the trainings are available.
I think several factors play a role here.
the badge! The annual TROOPERS badge certainly deserves a dedicated post (as a teaser one might look here, here, here, or here. at this occasion a special shout-out to Malte Heinzelmann, Brian ‘BadgeWizard’ Butterly, and Jeff ‘jeffmakes’ Gough for establishing a long tradition of fine badges), but generally its community contribution is (at least) twofold. It makes it possible to communicate with other people through a technical channel, but neither speakers’ nor attendees’ badges are differentiated. Having been a speaker at many conferences myself I understand that speakers love to have their little visible recognition, but as the founder of one of the coolest security events on the planet I can state this approach (of non-differentiation) totally makes sense for community building.
there’s a lot of mingling between attendees and speakers. One contributing factor may be the general atmosphere of tinkering and tooling. Often speakers are authors or maintainers of widely used security tools, e.g. at #TROOPERS25:
Proxmark for RFID testing – the maintainer of the main fork will give this talk.
AADInternals for Entra ID security testing – the main author gives this talk (one might also run next to him during the 10K run, see below).
WatchWitch – this talk could be an opportunity to chat with the main author.
In the event that you attend TROOPERS this year, I can assure you that neither they nor any of the other speakers will object to you asking them questions about their tools or having a good technical discussion with them. for safety regulations both the venue hosting the event until 2020 and the newer one since 2022 only allow a certain number of people to be admitted at all, which inherently helps to avoid the anonymity of the larger, crowded events.
Lest we forget the 10K charity run. We are pleased that we may have contributed to this trend, having established our own in 2008, but this run holds a special place in the hearts (and legs) of many TROOPERS participants. Nowadays, quite a few conferences feature a joint run/sports event. Just look at these happy faces:
All in all I think the community spirit is one of the main reasons why many participants travel to lovely Heidelberg every summer. Don’t get me wrong: it’s a nice city, I lived there for more than ten years, my first two children were born there (20+ years ago), and ERNW is headquartered there. But let’s be honest: from a conference tourism perspective it might be less appealing than, say, Barcelona or Bangkok.
Collaboration
In the post on collaboration I had pointed out that environments with strong collaboration usually display certain elements:
a culture of collaboration (as opposed to formalized rules & processes). This is certainly the case during those days of TROOPERS – any formal approach wouldn’t work anyway in a spontaneous gathering of folks in one place, lasting only for a couple of days – but repeat participants usually praise the atmosphere of everyone being open-minded & approachable for proper security discussions.
a common vision. This one is simple: make the world a safer place! I think I can state (with a bit of bias obviously) that really everybody coming to TROOPERS has an interest to make things in their realm of responsibility more secure.
Trust. Let’s define the term along RFC 2828 (more definitions/discussion in this old post): “The extent to which someone who relies on a system can have confidence that the system meets its specifications, i.e., that the system does what it claims to do and does not perform unwanted functions”.
This is exactly what one finds at TROOPERS (especially as a returning participant): a setting where one’s security research & interests can be shared with not much risk of exploitation (deliberately not writing ‘without risk’ here, as the human condition is complex). Naturally, the fact that job titles and hierarchy do not appear on the badge and do not influence interactions is advantageous. Speaking of fostering collaboration a couple of things happen at TROOPERS:
evening events/dinners on every day, either organized by the conference crew, by speakers, or by participants. The most prominent one being the shared dinner on Wednesday where many years ago an informal rule has been established: don’t sit at the same table as your colleagues from your own organization, but ‘mix & mingle’. You won’t regret it.
often groups of like-minded people from different organizations & backgrounds but sharing a common technical interest already form during the trainings on the first two days.
the Storytellers session established last year has turned out to create a whole new level of interaction, both between speakers & participants, and more generally between folks sitting around the virtual camp fire.
the ‘challenges’. Not going into much detail here; those have to be experienced on site during the event .
Those elements might give an idea why TROOPERS is such a collaborative conference, and why everybody being part of it leaves the event with a higher level of security knowledge.
I’m well aware that reading this post will create severe FOMO for some folks – there’s always a next year (and great talks also happen at other cool events later this year like Black Hat in August or MCTTP in September).
