Interview with BruCON organizers, winner of hacker conference anti-harassment policy challenge

BruCONWe have a winner to our hacker conference anti-harassment policy challenge! BruCON, a computer security conference in Belgium, designed, adopted, and publicly announced an anti-harassment policy within 5 days of our post. A close second was DeepSec, another European computer security conference.

BruCON sounds like a great conference run by thoughtful people who are focused on attendees getting a lot out of the conference, technically and otherwise. We wanted to know more about BruCON and why they adopted a policy, so we asked the BruCON organizers for an interview. Wim Remes kindly answered our questions.

Conference organizers will be especially interested in reading Wim's answers, as he describes his thought process around adopting a policy. "[…] My first reaction was "we don't need this". Being a […] white male that is obviously a very easy conclusion to make so I challenged myself. […] As we are growing we will gradually lose control about who attends our conference and how they behave themselves."

Q: Tell us a little about BruCON.

BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

The conference tries to create bridges between the various actors active in computer security world, included but not limited to "hackers," security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies, etc.

We are a registered non-profit organisation and our main goal is to create a bridge between security professionals and "hackers." "Hackers" being "persons who delight in having an intimate understanding of the internal understanding of a system, computers and computer networks in particular", not the criminal kind you might think of!

Q: How did BruCON get started?

The idea about BruCON developed in 2009, mainly driven by Security 4 All together with about 5 other core people. The security conference landscape in Europe looked pretty grim as almost all events were very commercial and focused on products rather than knowledge. The only real exception being the Chaos Computer Club conference, the group felt there was room for another forum where geeks could converge and share knowledge through presentations, workshops and trainings. With help from some very generous sponsors and an awesome group of volunteers, the first BruCON materialized and, as they say, the rest is history.

Today we attract about 400 attendees from all over the world for 2 days of trainings and a 2 day conference all focusing on information security and hacking.

What made you decide to adopt an anti-harassment policy?

When I first read about the idea, I honestly had to give it some thought. We have, to my knowledge, not received any complaints about harassment at BruCON and my first reaction was "we don't need this." Being a (slightly overweight ;-)) white male that is obviously a very easy conclusion to make so I challenged myself and there were two main factors that influenced my decision to do this:

  • As we are growing we will gradually lose control about who attends our conference and how they behave themselves. The "social fabric" that is woven reasonably tightly right now will loosen and if that ever happens to a degree where people see opportunity to harass others, we want to have a formal policy that is enforceable. We have that now.
  • Being inclusive is at the core value of BruCON and while there doesn't seem to be an immediate need to adopt such a policy, I think it emphasizes the spirit of BruCON extremely well. It doesn't matter who or what you are, if you come to share knowledge, you have a spot at BruCON.

Q: What would you like to see at the next BruCON?

That's a difficult one as we are in the awesome position of not making are conference about the conference itself but about its attendees and speakers. We draw a lot of students and persons testing the waters of information security, we also draw seasoned researchers that find a forum to collaborate. If we receive one e-mail that tells us one of those new persons has started a career in information security or a few researchers come up with some kick-ass research after they met at our con, that's all we really need to keep doing this.

Q: Anything else you'd like to say?

We are really looking forward to working with this policy and hope that we will not need to enforce it. As we seem to be the first to do this, we will also carefully gather as much data as possible on reactions, reports and other things we experience along the way. I will personally follow up with an analysis post-con and I'm looking forward to share that with you as well. Finally, we would like to thank Brian Honan for bringing the policy to our attention and David Mortman for helping with adapting it for our conference.