“Off The Clock” is a blog series that explores the interests and causes to which ECS employees devote themselves outside of work.
EXCELLENCE. GRIT. DRIVE. COMMUNITY.
EXCELLENCE. GRIT. DRIVE. COMMUNITY.
EXCELLENCE. GRIT. DRIVE. COMMUNITY.
EXCELLENCE. GRIT. DRIVE. COMMUNITY.
EXCELLENCE. GRIT. DRIVE. COMMUNITY.
EXCELLENCE. GRIT. DRIVE. COMMUNITY.
EXCELLENCE. GRIT. DRIVE. COMMUNITY.
EXCELLENCE. GRIT. DRIVE. COMMUNITY.
James Dieteman is a man of many talents. He is a cybersecurity expert, AI product developer, blacksmith, gamer, and adventurer (he recently returned from a trip to Antarctica and a treacherous crossing of the Drake Passage).
He is also a four-time winner of DEF CON’s Black Badge. DEF CON is the world’s largest and longest-running hacker convention, drawing the best cybersecurity experts, researchers, and programmers in the world. In DEF CON’s own words, the “Black Badge is a powerful talisman, awarded only to those who have emerged unbeaten from the crucible of elite DEF CON competition.” Winners get free entry to the conference for life.
In the last few years, James has hung up the keyboard and shifted from competing to game development. Now, he crafts challenges for others to test their mettle and compete for coveted badges. We sat down with James to discuss his history of competition, his thoughts behind game development, and how competition influences his work as a cybersecurity director.
James Dieteman
Director of Cyber Analytics Products at ECS
Q: What’s special about DEF CON for you? What draws you to return year after year?
I’ve been going to DEF CON for a very long time, since DEF CON 17 and I think they’re up to DEF CON 30 now. When I first started going, I was always fascinated by the contest space, but I didn’t have a team to compete with. Eventually, I ran into a friend of mine who was competing with a bunch of his co-workers. He invited me to sit with them and see if it was any fun. I was immediately hooked. A dark room with thumping music, everyone huddled around puzzles, bouncing ideas off each other and worrying about people looking over your shoulder trying to steal answers. It’s intense in a way that you don’t find in many other places.
Q: After such a successful run in the DEF CON games, what’s it like transitioning from competitor to game creator?
It’s really interesting and very different. The hardest part, in my experience, is tuning the difficulty and quantity of the challenges. In our first year, we really overestimated how quickly people were going to burn through challenges! Since we were trying to do a story-based game, which is unusual at these events, we wanted the challenges to be completed in order. But by the end of Day 1 and going into Day 2, there were so many teams still stuck on early challenges. So instead, we opened all the challenges for people to work on. That first year was definitely a learning experience.
When making a game, I’m always trying to think outside the box and find puzzles that are interesting. That challenges you to find styles of data encoding that nobody has run into before. Last year, we tapped into the musical notation used to mark up Gregorian chants. Cracking that code informed competitors on the encoding style of a later puzzle. Other past examples include making up an alien base-8numbering and musical system to go along with it.
The goal is to find the most obscure things you can, but not so obscure that nobody will ever be able to figure it out!
Q: Alien numbering systems, musical notation, Gregorian chants: Where do you draw inspiration for your games?
I mean, a lot of it comes back to 80s hacker culture. So much of the feeling of DEF CON comes back to that — people in dark rooms with loud electronic music, skateboards, and ridiculous stuff like that. Watching Hackers, and movies like that, can help you get in the mood.
On top of that, we draw a lot of inspiration from escape rooms. Escape rooms are not a one-to-one comparison to hacker competitions. The former tend to be more physical in nature with fairly straightforward arcs. However, escape rooms often give you new ways of looking at things, as well as the framework for ideas you can roll into coding challenges.
Q: For so many people there’s a bright line between their work and their passions, but for you it sounds like there is significant overlap when it comes to cybersecurity. How do these competitions influence your day-to-day work?
I always come away from these challenges having learned something new. And anytime you’re learning anything new, it adds to that repertoire in your mind: things you can draw on, things you can go back to, or an association you wouldn’t necessarily make otherwise. That’s one thing I found very helpful, especially when mentoring other security folks in the field. Having a broad background will help you so much in cybersecurity because it offers new ways of thinking about security that are not just academic.
For example, if you do lockpicking, it helps you understand the interactions of manufacturing and system flaws when it comes to security. If you understand history, then you may have a better understanding of attackers’ motivations as opposed to “Oh, it’s just the hackers™.” Instead, you analyze their geopolitical motivations, their socio-economic motivations, etc. All of this knowledge helps build a better, more robust picture of what you’re trying to do in cybersecurity and why.
Q: Can we get a little preview of this year’s storyline?
This year is an extension of last year’s storyline. The evil mega organization, Mayhem Industries, is still up to its nefarious ways. This time they’ve moved into a new headquarters. Your mission, should you choose to accept it, is to infiltrate the different arms of their building, each with different characters, themes, challenges, and more. As you move through the levels, you learn more about the sinister plot and make your way towards sabotaging their plan.
It’s going to be a lot of fun.
