• About Us
    • Our Story
    • Our Vision
    • Our Mission
    • Our Team
    • Hacker Bros.
      • Reuben’s Bio
      • Ittai’s Bio
      • Reuben – Video Bios
    • Our Logo
    • Our Donors
    • Our Board of Advisors
  • Courses
    • All Courses
  • Speaking
    • Presentations
    • Events
  • Blog
  • Contact
    • RegisterLogin
      • Donate
    CyberShaolinCyberShaolin
    • About Us
      • Our Story
      • Our Vision
      • Our Mission
      • Our Team
      • Hacker Bros.
        • Reuben’s Bio
        • Ittai’s Bio
        • Reuben – Video Bios
      • Our Logo
      • Our Donors
      • Our Board of Advisors
    • Courses
      • All Courses
    • Speaking
      • Presentations
      • Events
    • Blog
    • Contact
    • RegisterLogin
      • Donate

      Conferences

      • Home
      • Blog
      • Conferences
      • DerbyCon experience (by an 8 year old)

      DerbyCon experience (by an 8 year old)

      • Posted by Reuben Paul
      • Categories Conferences
      • Date September 30, 2014

      For the very first time in all of history, I was told that an 8 year old was going to be giving a talk at the famous security conference – DerbyCon. Thanks to Dave Kennedy (@HackingDave) and the entire speaker selection team for selecting me to speak at DerbyCon 4.0 (2014). I wondered, what you might have thought when you saw a submission from an 8 year old? I hope I made you proud!

      First of all, let me start by saying “I loved DerbyCon!”

      We drove from Austin, TX to Louisville, KY, over a thousand miles!!! On the way to the conference, I prepared my talk and demo, like a million times, in the car. My dad (@manopaul) and mom (Sangeetha Paul) were excited and nervous at the same time. My lil’ brother, Ittai was my cheerleader saying “You go, Reuben!” 🙂

      Reuben Paul - Enroute DerbyCon Car Prep
      Prepping on our way to DerbyCon

      But since we got there late, I missed the keynotes by Ed Skoudis (@edskoudis) and Dave Kennedy. But I still loved the con.

      Reuben Paul - with Erin Kennedy
      Erin Kennedy welcoming us to DerbyCon

      At the con, as we were registering, they asked me if I wanted the child badge or the speaker badge. I took the speaker badge (LOL). We got greeted first by Erin Kennedy (@MrsRel1k). Erin went to look for some toys and goodies to make me and my little brother, Ittai, feel welcome as one in the family.

      It was September 26th, 2014 – the day of my talk. Just before my talk I was very nervous, but everyone is nervous on their first talk, I think, but, when I went on stage, I just went with the flow. The person in charge of the speakers, Jim Manley (@jw_manley), had to get me a chair, because I was too short for the podium. Jim said that “they’ve never had a issue like this, before” :-). Now, they call me “Chairperson” of conferences, not because I am the most important person in the conference, but because I have to stand on a chair to reach the mic to give my talk. 🙂

      Reuben Paul - Chairperson at DerbyCon
      Standing on a chair to deliver my talk (now you see why they call me the Chairperson of the conference)

      By God’s grace, I think my talk went superb.
      The title of my talk was “InfoSec from the mouth of babes (or an eight year old)”.
      I talked about three things –

      1. Why do you need to teach your kids InfoSec?
      2. How can you teach your kids InfoSec? and
      3. What can kids teach you about InfoSec?

      I also said why kids are the best social engineers (next to puppies and the setoolkit by Dave Kennedy and the TrustedSec team (sorry Dave) :-)) and did a demo on how to get a meterpreter shell back. I got five shells back – pwned. :-).

      Here a few tweets by Dave Kennedy and Jayson Street about my talk and demo.

      Reuben Paul - Dave Kennedy Tweet WOW
      Dave Kennedy’s tweet about my DerbyCon talk
      Reuben Paul - Jayson Street Tweet - About Reuben Getting Shell
      Jayson Street’s tweet about me getting shell in my DerbyCon talk demo

      After my talk, Jayson asked, if I could program for Android? I should have responded by saying what my mom wanted to say which was “Get yourself an iOS device“ but instead I did the business thing of saying “I should learn Android programming.” 🙂
      At the end of my talk, after thanking my God, Jesus Christ for the gifts and talents he has given me, the organizers of DerbyCon and all who came to hear me speak, I closed my talk by saying “HACK ALL THE THINGS, BUT DON’T DRINK AT ALL.” (I hope Dave (@dualcoremusic) did not mind me changing his lyrics a bit :-).  It was awesome, meeting him in person as well.

      Reuben Paul - with Dual Core
      Me with DualCore

      It was an AWESOME experience for me!!!
      At the end of this writeup, I have put the video link of my debut DerbyCon talk (thanks to Adrian Crenshaw (@IronGeek_adc), whom I met in the lobby, as I was preparing for my talk).

      At the end of my talk, Jim Manley came and told my dad, that for the first time, he saw people waiting in line to get into a stable talk at DerbyCon – so thank you to all the people who came and attended my talk, making it houseful.

      Reuben Paul - house full
      Q&A time after my talk

      After my talk, I went to the Social-Engineer booth where Chris Hadnagy (@humanhacker) gave me the Social-Engineer challenge coin for my talk and demo. This was my first challenge coin. Chris then put me on the polygraph machine. They asked me many questions and one question was “if I have ever tattletaled on my brother?” I told the truth but I think the polygraph machine was broken or it had a mind of its own. Chris then laughed out loud and said something like, “I am a damn good hacker, but a really bad liar.” Paul Asadoorian (@securityweekly) who was in the booth next to the polygraph machine, was enjoying all the truth I was saying and laughing out loud. 🙂

      Reuben Paul - with Chris Hadnagy
      At the socialengineer.org booth with Chris Hadnagy and team
      Reuben Paul - Polygraph
      Being polygraphed – Am I a good liar?

      Then I got to go to the lock picking room. The company that ran it was named TOOOL. I got my first lock picked, which I think is pretty cool.

      Reuben Paul - lock picking
      Lockpicking at DerbyCon – My first lock picked!

      At this time, one of my dad’s friend, Dave Clarke, who helped my dad settle down in America, when my dad first came to Virginia, texted him and told him that his son, Michael Clarke (@michael_clarke) was attending DerbyCon and had spoken to him about my dad and me. Michael came and met my dad and my dad was super happy to see him.

      Michael Clarke and my Dad
      Michael Clarke and my Dad

      After this, I went to the CTF room, managed by Scott White (@s4squatch) but we could never get to connect to the internet over Wi-Fi (next time when you run CTF, think about kinda adding a little bit of some WIRELESS CONNECTION that actually works – Scott :-)). Then Tom Moore (@c0ncealed) from Proverbs Hackers list gave me a network wire for me to use. I think it was a God sent gift at that time. Then my dad helped me identify some flags, since this was my first CTF. Our team name was team RAPstar, and in the one hour, we were there we got a score of 720 for about 6 to 7 flags (not bad for my first time, I think). 🙂 Scott also gave me a DerbyCon CTF challenge coin. Thanks Scott. 🙂

      Reuben Paul - DerbyCon CTF coin
      At the DerbyCon CTF – Scott White gives me a challenge coin. 🙂
      Reuben Paul - DerbyCon CTF Scott White
      Team RAPstar (my first CTF) on the DerbyCon CTF score board.

      I met a lot of people at DerbyCon. Like many people from the Proverbs Hackers list (Michael Farnum, Carl Sampson, Tyler Halfpop, Michael Sudduth, Tom Moore …), Hackers For Charity (Johnny Long, Justin Brown), TrustedSec team (Dave Kennedy, Erin Kennedy, Scott White, Paul Koblitz, Larry Spohn) and friends of HackFormers (Rich Grimes, Ed Skoudis).

      Reuben Paul - with Dave Kennedy
      Me and my brother Ittai with Dave Kennedy

      It was good to meet Metasploit expert @egyp7 who had come to my talk, and  tweeted that I was hardcore after my talk. Thanks @egyp7. Ed Skoudis also encouraged me about my talk and I knew him from before as he had come and stayed at our house, to speak at HackFormers, before DerbyCon.

      Reuben Paul - with Ed Skoudis
      Ed Skoudis chatting with my brother Ittai and me at DerbyCon

      I was thrilled to meet Johnny Long who started Hackers For Charity and get my first awkward hug from Jayson Street.

      Reuben Paul - with Johnny Long
      Meeting Johnny Long from I Hack Charities
      Reuben Paul - Awkward hug with Jayson Street
      Awkward Hug from Jayson Street (my First) 🙂

      I also met Kevin Johnson from SecureIdeas, who is a good friend of my dad, whom I also knew from meeting him at our house. Another Kevin, I got to meet was Kevin Mitnick, who is well known in the security industry, and got to take a picture with him (with our DerbyCon speaker badges) 🙂 which was really cool.

      Reuben Paul - with Kevin Johnson
      Kevin Johnson from SecureIdeas checking out my card 🙂
      Reuben Paul - with Kevin Mitnick
      Reuben Paul meeting Kevin Mitnick

      I also got to take a picture with Erin Jacobs (@secbarbie), the Barbie who is not hackable 🙂

      Reuben Paul - Erin Jacobs
      Meeting Erin Jacobs (@secbarbie)

      @t1as gave me some Godly advice of not becoming proud as fame is short-lived, but to be humble and a child of God, all the time, which I liked very much. Thank you @t1as.

      Reuben Paul - with @tlas
      @tlas giving Godly counsel (Loved this)

      I was thrilled to meet the best hacker artist ever, Eddie Mize (@EddieTheYeti) and take a picture with him. What an honor I felt when Eddie painted my face after DerbyCon – an honor which I am not sure, if I deserve. You can see Eddie’s painting of me. My dad told me that while most people who are painted by Eddie need to be painted only once, in my case, since I am growing, he may have to paint me again 🙂 (lol)

      Reuben Paul - with EddietheYeti
      My family with Eddie Mize (@EddieTheYeti)
      Reuben Paul - Painting by @EddieTheYeti
      Eddie’s (@EddieTheYeti) painting of me – Truly an honor

      My dad has spoken to me much about some of his other friends, Khalil Sehnaoui (@sehnaoui), Dave Marcus (@DaveMarcus) and Nate Sanders (@mauvehed), whom I hoped to meet, but did not get a chance too. Hopefully, I will get to meet them in DerbyCon next year (if I get selected again for a talk :-)).

      In closing, I would like to say, “DerbyCon was awesome.”

      I loved meeting many people and seeing everybody. I loved the family like environment. It felt nice, to not be judged even though I am only 8 years old and be respected for what I knew and what I could do. Most of all, I loved DerbyCon, because it made me feel included to be part of such a wonderful family (of hackers). Truly, DerbyCon lived up to its theme this year – Family Rootz.

      Reuben Paul - Family Rootz
      With Jim Manley and the DerbyCon Family RootZ board (has my dad’s and my signature on it – WooHoo)
      Reuben Paul - Family Rootz
      With Jim Manley and the DerbyCon Family RootZ board (has my dad’s and my signature on it – WooHoo)

      I hope to be back for DerbyCon 5.0wned. 🙂

      Originally published in Prudent Games website blog.

      ——–

      Link:
      My talk – InfoSec From the mouth of Babes (or an 8 year old). Debut at DerbyCon. Enjoy and share.

      Tag:8 year old CEO, Awkward Hugs, Dave Kennedy, Ed Skoudis, Hacker Kid, Ittai Paul, Mano Paul, Reuben Paul, Sangeeetha Paul

      • Share:
      author avatar
      Reuben Paul

      Next post

      (ISC)2 Security Congress Experience (by an 8 year old)
      September 30, 2014

      You may also like

      870x500_2014_10_16_HouSecCon
      Hou.Sec.Con 5.0 Experience (by an 8 year old)
      12 January, 2015
      870x500_2014_09_28_(ISC)2_Security_Congress
      (ISC)2 Security Congress Experience (by an 8 year old)
      30 September, 2014

      Leave A Reply Cancel reply

      Your email address will not be published. Required fields are marked *

      This site uses Akismet to reduce spam. Learn how your comment data is processed.

      Categories

      • Blog
      • Conferences

      Latest Courses

      Hacking Humans

      Hacking Humans

      Free
      Intro To Linux

      Intro To Linux

      Free
      Intro To CyberSecurity

      Intro To CyberSecurity

      Free

      Sign up for the CyberShaolin Newsletter


      How can you help?

      CyberShaolin is a 501 (c)(3) nonprofit educational organization.

      Get Involved

      © CyberShaolin. 2015-2020. All Rights Reserved.

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account

      Are you a member? Login now