Know your community – Veronique Loquet

Veronique Loquet is the proud owner of AL’X Communication, No Such Con Co-founder, Security Vacation Club member and infosec enthusiastic!

Questions

Q: How many years have you been working in the security field?
A: I have been in the security field since 2002.

Q: What was your motivation for getting into the security field in the first place?
A: My motivation comes from people, IT is nothing without intelligence.

I encountered security with an open source PKI. I was already immersed in the universe of free software, I worked with people that each day were focus on changing the world, from Mandrake-Linux distro, MySQL, the PHP community and others. I immediately joined the cause to promote free software, Net neutrality, open standards and to fight for inter-operability, privacy, against DRM or software patents in Europe… There was room for battle, it’s still the case. There are so many challenges to face!

Q: What is your favorite 0-day of all time?
A: Without hesitating the one I launch in the wild by mistake. I will never forget. I had to announce an 0D with its patch, but there has been a timing error and the patch was not ready. I saw the immediate responsiveness of the infosec community, Bugzilla were the first. 3 hours later the patch was ready to be applied. I could have been named at the Pwnie Awards for this epic fail.

This story gives thought on how to announce this type of vulnerabilities, and the responsibility for this kind of information provided by the communicant.

Q: In the last 20 years, what is the one conference you went to that you will never forget?
A: All the conferences have their peculiarities. It is always a great opportunity to meet friends and to make progress on sharing knowledge with the amazing amount of skills they gather

Q: Can you tell us how (and why) you started No Such Con?
A: We did it with a group of friends. We had an authentic, uncompromising approach to present an exclusive content on hacking science in Paris, with the latest research and attack skills from the international hacker community. We have tried to build a 0% bullshit conference as volunteer members through a non-profit organization. We were hosted for fun in the French Communist Party’s headquarters, an astonishing building designed by the Brazilian architect Oscar Niemeyer.

Q: Do you remember the first conference?
A: Around 300 attendees came from all over the internet.

Q: Did you ever thought that No Such Con will be the conference it is today?
A: Absolutely. NO . SUCH . CON.
It disappeared (:

Q: How complex is it to organize a hackers conference?
A: It requires a lot of time and dedication. As volunteer it’s not easy as it sounds if you have to run your own business at the same time. The programming committee played a central role in ensuring the best talks. Thanks to Endrazine and Matt Suiche we had such a cool PC members and remarkable engineers to help us build a great conference.

Q: do you have any funny stories?
A: A researcher who came from Argentina brought me a paper with a cell number and told me, this guy was sitting next to me on the plane and he would like to come to the conference. I look at the name written on the paper, it was Gaspar Noé, the movie director. He stayed days and nights with us.

Q: You visit dozens of security conferences a year. What is you favorite security conference, the one that you will never skip no matter what?
A: It’s hard to say. I love CanSecWest in Vancouver for many reasons, but there are so many good conferences around the planet, REcon, HITB, Hardwear.io, PacSec, Syscan, Defcon… I still have to go to NOLA next May, and Troopers, H2HC, Kiwicon, Ekoparty, nullcon, Zeronight… A new one is coming soon in the Middle East, OPCDE. We could spend life in Infosec con!

Q: What do you love most in conferences? (conference events – CTF / hacking village / Hack the badge, drinking parties etc)
A: What’s New, What’s Next? Meeting talented people with international mindset, discover the latest trends impacting enterprises and users. What makes conference unique, Wiskeycon in Singapore for the fun, the pwn2Own contest which is now celebrating 10 years of exploits…

Q: What is the most exotic place you attended a security conference at?
A: Probably Shakacon in Hawaii.

Q: In which country have you been surprised by the size / quality of the security community?
A: Is it so important to make frontiers? The WW community is huge, but not as it should be. It’s an ecosystem and each one has a community mind. We are stronger together.

Q: In your opinion, how did the international security community change in the past 5 years?
A: It has changed drastically, with nation-state attacks, the explosion of ransomware, the giant botnets and the Internet of Things for example. Also coders are now in the loop in the new era of vulnerability research with bug bounties, or the DevSecOps process. In parallel crimeware continue to grow for some time to come.

Q: What’s your opinion about the new EU laws potentially blocking 0-day research?
A: With the impact of technologies regulation is needed, also to protect security researchers on their job, but on the condition to be a powerful momentum and not an anti-hacking law. 0D exploits have dual use, on security research it is crucial but it’s also used for criminal purposes as government spying, corporate espionage or human rights violations.

The consequence of Wassenaar arrangement is for example a prejudice for the security interests, it shows the complexity of making international laws.

Q: You are the owner of AL’X Communication, could you please tell us what kind of services your company offer?
A: Most of the time I do PR and provide content for conferences. All the details are on my website.

Q: What can you tell us about Security Vacation Club?
A: Check http://www.securityvacationclub.com

Q: Who are the members?
A: Nobody knows all of them

Q: How can I get one?
A: If you do not have a card you are not in (;

Q: Do you get “shady” emails / contacted by unknown companies asking about acquiring vulnerabilities? and what is your funniest story for someone who contacted you?
A: Crazy requests may happen sometimes. It’s been a while since I heard a journalist asking me for the contact of a repentant criminal -ie, hacker- who could talk about his feats of arms and who by chance would work today at the security of a large banking institution.

Q: How is that to be a woman in the security filed?
A: My daily life is not working on projects with male engineers. I cannot speak on behalf of female engineers. There is a big lack of women in this industry, but that will change. I see men rather happy to see talented women in the environment.

It was a pleasure, Veronique, to talk to you

You’re welcome.