we are coming back with interviews! Today we would like to introduce to you Dhilon, CEO of Hack In The Box. We have spoke about cyber security market in Malaysia, organising conference and cyber education. Enjoy!
[eForensics Magazine]: Hello Dhillon, how have you been doing? Can you introduce yourself to our readers?
[Dhillon Kannabhiran]: Hi guys – thanks for taking the time to sit down and do this interview! I’m a Malaysian born hacker and security professional that spends most of his time in Kuala Lumpur, though I’m also in Europe for some months each year. I’ve been hacking and tinkering with stuff since my pre-teenage ‘crazy years’ and have been ‘that HITB guy’ since 2000 when the site first started. I’ve also had day jobs ranging from being a tech writer to working with SMS gateways and VoIP stuff.
[eFM]: What are Hack In The Box Ltd. and Haxpositie BV?
[DK]: Hack In The Box or HITB is the main organization responsible for producing the HITB Security Conference and HITB GSEC (global security) events around the world. HITB started out as a news portal back in the early dotcom days (2000) as an information resource and news site for all things hacker and network security. In 2003, we decided to try organizing our own little ‘hacker conference’ and the rest, as they say, is history. We’ve been in Malaysia for over a decade, in Europe for nearly a decade and in the Middle East for about five years in total.
Haxpositie BV on the other hand is a division of HITB that’s responsible for our Haxpo or hacker expo – a three day technology exhibition that takes place on our conference anniversary years in The Netherlands (5th year, 10th year, etc.).
It is an open to public (aka free) event for hackers, makers, designers and developers. Think of it like a mix between Makerfaire, Defcon and SXSW. HITB Haxpo showcases innovative adaptations for the latest technology in gadgetry, toys and tools. Things like drones, energy floors, sonic walls, 3D printing, robotics, upcycled technologies and, of course, lots of security and hacker gear.
[eFM]: Did you have HITB Haxpo 2016? Are you planning exhibitions in the future?
[DK]: No, we made the decision in 2015 to only have the Haxpo on years when we celebrate an anniversary of the main HITB Security Conference. As such, the next Haxpo will be in 2019 when HITBSecConf will be celebrating its 10th year anniversary in Amsterdam!
[eFM]: What are your plans for Hack In The Box 2017?
[DK]: As usual, the main conference itself will feature three tracks of attack and defense oriented research including a hands-on labs segment. There’ll also be a free-to-attend track of 30 and 60 minute talks (CommSec) that runs alongside the main program.
Beside this, we also plan to have our CommSec Village / Technology Exhibition, which is like a mini Haxpo. This is where you’ll find a lock picking and safe cracking area run by the Dutch chapter of The Open Organization of Lock Pickers (TOOOL), a soldering lab manned by the world-famous Mitch Altman (a San Francisco based hacker and founder of the Noise Bridge hackerspace), and a car hacking arena run by the same guys who do this at DEFCON in the US. In addition, you’ll also find teams of hackers battling it out in our on-site Capture the Flag competition and a new IoT / wireless village where there’ll be some cool toys to play with, like the HackRF and USB Armory.
[eFM]: How has HITB changed over the years?
[DK]: I would like to think ‘not very much’.
We have tried to stay true to the core essence of why we started the conference in the first place – to create a high quality event with the ‘best of the best’ speakers and to create a deep knowledge event where people can meet with other like minded individuals in a relaxed yet professional environment.
I guess the main thing that’s changed is the evolution away from pure software to include more maker and builder side of things. In a way, that is also a natural evolution of the industry. There were no ‘Internet of Things’ a couple of years ago, no 3D printers, laser cutters, embedded RF devices, etc.
[eFM]: How many people usually visit HITB?
[DK]: It varies from between 500 to 600 people for our conference in Amsterdam, and during Haxpo, it grows to around 1500 – 1700 people. We did, however, have about 1500 attendees at our 10th year HITB Security Conference in Malaysia.
[eFM]: You are based in Malaysia. Where did the idea of having conferences in Amsterdam come from? Why not some place in USA?
[DK]: That’s a really long story that will probably take up three pages in itself but we felt that The Netherlands was the right choice geographically and also seeing that there are already ‘too many’ security conferences and events in the US, it didn’t make sense for us to bring HITB there – plus, who doesn’t want to come to Amsterdam?! 🙂
[eFM]: Do you see any difference between security and hacker conferences organized in the USA and in Europe?
[DK]: There are some subtle differences but I think that’s mainly cultural. I like to think HITB has its own unique flavor in part due to the fact that it’s somewhat a jointly organized event between Asia and Europe (Malaysia and The Netherlands), which in itself creates an interesting mix of ideas. Add to that the fact that we’re primarily volunteer driven, and you get something quite special indeed.
[eFM]: What about Malaysia? Is it a good market for hacking/cyber security conferences? Will you continue to have Hack In The Box out there as well?
[DK]: Malaysia was and still is ‘home’, though the market / scene has changed quite a lot over the years due to a multitude of reasons (overall shift in technology, brain drain and more). Malaysia (and Asia in general) is still a great place to do business as a security company though, as there is a growing need for security products and services (essentially like anywhere else). As far as HITB returning to run a conference there, it doesn’t look likely for the time being.
[eFM]: You don’t have higher education in IT/cyber security. Where did the idea of working in this field came from?
[DK]: I learnt everything the good ol’ fashioned way – by reading everything and experimenting and essentially you don’t need a degree to be a hacker – it’s a mindset / way of problem solving.
[eFM]: You do have couple of certificates. What do you think is more important: full higher education (masters or bachelor) on university or focusing on certificates that you will (probably) have to do anyway?
[DK]: The security industry today is very different from when I started out and there’s a much wider variety of skills needed now to ‘stay on top’. Most of these skills would probably be easier to acquire formally, however, to really hone your skills and to stand out, you’re still going to need to put in the effort on learning things on your own time. Courses and training, with certifications or otherwise, are a good way to keep your skills up to date.
[eFM]: How do you think this will evolve in the future?
[DK]: As it stands, there isn’t really any excuse to not be able to learn something new – there are various sites, like Coursera, Udemy, etc., where you can pick up new skills, sometimes with a certification attached. There’s Stackoverflow for all your programming questions and, of course, there’s always free videos and tutorials on YouTube you can watch and loads of blog posts with ‘how to’ articles on pretty much everything.
[eFM]: You are a Co-Founder/CEO of another company as well, BUSttle Eco Ride Sdn. Bhd…
[DK]: BUSttle is a tech start up that initially operated a service called Tumpang – Malaysia’s first prepaid, fixed-fare, ride sharing service utilizing licensed taxis for the last mile (the short distance between a city’s various transport hubs). We have since, however, pivoted from running the service itself to instead providing our technology stack, tools and platform to other startups looking to create their own on-demand service or to businesses looking for a turn key solution for fleet management, real-time tracking and AI driven analytics.
[eFM]: Are there any challenges conferences have been recently facing?
[DK]: There are always challenges but with anything I think the biggest question one should ask before starting something is ‘what are you trying to solve’ – don’t start a conference just because it seems cool and fun (it is fun, though). It’s a lot of very tiring work and if you don’t truly believe in what you’re doing, it’ll show in what you’re delivering.
[eFM]: Any plans for the future?
[DK]: Lots, but for now I’m already busy enough with HITB stuff and building out the tech stack for Tumpang to see where that goes.
[eFM]: Do you have any piece of advice for our readers?
[DK]: Find something you love to do and don’t ever settle, no matter what. It’s also never too late to try something else.
Dhillon Andrew Kannabhiran (@l33tdawg on Twitter) is the Founder and Chief Executive Officer of Hack in The Box (http://www.hitb.org), organiser of the HITBSecConf series of network security conferences which has been held annually for the past decade in various countries including Malaysia, The Netherlands and the UAE.
HITBSecConf routinely brings together some of the world’s leading subject matter experts, law enforcement officials and independent researchers to discuss the next generation of attack and defense methods. Celebrating it’s 10th year anniversary in 2012, HITBSecConf is today one of the most highly anticipated, must-attend annual events for network security gurus, researchers and enthusiasts.
Prior to quitting his day job to lead the HITB team on crazy adventures around the world, Dhillon started off at the height of the dotcom craze as a technology journalist with PC World, ZDnet, MIS Asia and CNet. When the bubble burst, he moved on to a Malaysian telco as Chief IT Officer to spend his days in the world of Cisco AS5300s, in a land of packet switched networks at a time when Asterisk did not just mean ‘*’
Today, Dhillon spends his days surrounded by emails, spearheading all of HITB’s strategic efforts and driving the HITB team crazy… And for 3 months each year, he cycles as much of The Netherlands as he can.
Company web page: https://conference.hitb.org/