Cybersecurity Profile: Jeff Moss, Founder of the ‘Black Hat’ and ‘Defcon’ Hacker Conferences

Jeff Moss


You wouldn’t really expect a guy with a bachelor’s degree in criminal justice whose first IT security job was at buttoned-down accounting firm Ernst and Young to go by the nickname The Dark Tangent, but that’s Jeff Moss: a dedicated and avowed white hat security professional who nonetheless is most famous for founding the Black Hat and Defcon hacker conferences, where agents from the FBI and NSA rub elbows with malware authors and data thieves.

But being a bridge between hacking culture and security professionals is something Moss has excelled at. In 2012, a room full of rapt hackers sat and listened to then director of the National Security Agency, Keith Alexander deliver a keynote presentation. In a Q&A session immediately afterward, Moss, himself an adviser to the Department of Homeland Security at the time, didn’t pull any punches with his first question: “So does the NSA really keep a file on everyone, and if so, how can I see mine?”

Being able to ask those questions of authority is part of how Moss earns the trust of the black hat hackers across the aisle despite his own long-time affiliation with the law enforcement and information security community. Another part of that trust is earned by his willingness to not just ask uncomfortable questions, but to take action: when Edward Snowden leaked details of the PRISM surveillance program the year after Alexander had denied such activities, Moss promptly disinvited federal employees for the first time in the conferences 21-year history.

The World’s Most Serious Hacking Convention Started As A Party

Moss didn’t originally create Defcon to be such a weighty venue—and he wasn’t always such a saint. He ran a pirate board called The Dark Tangent on a Fidonet messaging network called the Platinum Network. The main sysop had to move and shut down his node and asked Moss for help in organizing a party for the other users. When the sysop disappeared overnight, Moss was left holding the bag.

Instead of calling it off, though, he simply invited everyone from every other hacking community he knew. Around 100 people showed up. They had enough fun that many of them continued to pester Moss to put together another con the next year.

He obliged, and brewed up a mixture of games and old-school hacking combined with real innovation and serious discussions of security that rarely see the light of day in other venues.

Because Defcon was filled with fun and games, though, it was difficult for many security professionals to actually get their expenses covered to attend. Moss thought over the problem a bit and in 1997 spun off a conference called the Black Hat briefings. Although the actual tone of the conferences isn’t dissimilar to Defcon, and many of the same people attend, Black Hat is pitched as a more corporate event. Moss arranged for training to be available as well as presentations.

Both conferences enjoy their share of controversy and have seen some dramatic events, which is just how Moss seems to like it. In 1999, the Cult of the Dead Cow hacker collective released their seminal BackOrifice Windows hacking tool at Defcon, making a huge splash in the technology and media worlds alike. It’s rare for a Defcon event to go by without legal action or even a few arrests.

It’s not always the hackers getting persecuted, though. In 2007, Moss outed a journalist attempting to go undercover at Defcon, resulting in her being heckled and chased out of the conference by enraged fellow attendees.

From Fringe Culture Promoter to Establishment Professional

It might be surprising that someone with such a reputation for being willing to make waves would find themselves in the innermost circles of government information security circles, but that’s exactly what happened in 2009 when Moss was sworn in as member of the Homeland Security Advisory Council. But a deep familiarity with technological systems and a willingness to speak truth to power was a necessary combination as more and more government systems went high-tech and became susceptible to compromise.

It was a good combination that drew notice. Moss was chosen as co-chair of the council’s Task Force on Cyberskills, assigned the task of rapidly growing the number of skilled cybersecurity professionals in the United States. Their recommendations include the new revisions being proposed to radically expand the number of scholarship opportunities offered by the CyberCorps Scholarship For Service program and allowing two-year degree programs into the program.

Moss also drew enough notice, and enough credibility, to be appointed to be the effective sheriff of the internet in 2011. He was named as chief security officer for ICANN, the Internet Corporation for Assigned Names and Numbers. In that position, he was responsible for one of the most important high-value targets in the entire Internet infrastructure, the root DNS system.

Moss has found himself in demand for a number of other think tanks and advisory committees over the years, including:

  • The Council on Foreign Relations
  • The Atlantic Council
  • Georgetown University School of Law Cybersecurity Advisory Council
  • Global Commission on the Stability of Cyberspace

With such a busy schedule, he sold Black Hat in 2005 and stepped down from ICANN in 2013. He continues to run Defcon and works as a freelance security consultant and unofficial spokesperson and interpreter for the hacking community at times. He is frequently found chairing panels or being interviewed by the media. Recently, he has also served as a technical consultant on the hit USA Network TV show Mr. Robot.

His steady work and influence has also lead to more openness on the part of vendors and software manufacturers. Once defensive and inclined to try to squash the reporting of security holes with heavy-handed tactics, the constant advocacy for disclosure and the demonstrable channel of communication with hackers that Moss opened through Defcon has convinced many organizations to build a framework for reporting security issues and to work more closely with independent security researchers to identify and patch holes.

Moss sees more challenges on the horizon and has warned that the increasing complexity of both software and hardware will lead to more vulnerabilities and more exploits that neither companies nor governments are prepared for. The Dark Tangent isn’t simply playing Cassandra, but continues to work actively to improve the awareness and security posture of potential targets around the world.