Last updated at Tue, 25 Apr 2023 21:28:59 GMT

In a recent episode of Rapid7’s podcast, Security Nation, we talked with Nick Percoco, the creator of Chicago-based security conference THOTCON and CSO of Kraken Digital Asset Exchange. Here’s what Nick had to say about how THOTCON came to be, how it has matured over time, and what attendees can expect today.

The origins of THOTCON

Nick first had the idea for THOTCON in 2009 while on a plane back from DEF CON in Las Vegas. It occurred to him that although he had spoken at conferences around the world, he hadn’t yet spoken at one in Chicago, his hometown. Though he originally intended to call the conference 3-1-2 Con, after the oldest Chicago area code, the idea evolved into THOTCON by substituting TH for three, O for one, and T for two.

The first THOTCON was held at a bar, had around 120 attendees, and had to clear out quickly to make way for a cage-fighting match scheduled to occur after the conference ended.

The evolution of THOTCON

When asked how THOTCON achieved its current culture and voice, Nick explained that in the early days of THOTCON when it was still being held at bars, it could sometimes get a little crazy. There were good things: It was noncommercial, off the record, and people could say whatever they wanted onstage. But the bar atmosphere also lent itself to some disruptive situations. Nick explained that changing the venue led to a safer and more friendly culture.

It wasn’t always smooth sailing. Nick talked about how difficult it can be to find reliable volunteer help, since everyone has day jobs and families. He learned that there were some things he just had to take on himself.

From the beginning, there were people making donations to THOTCON here and there, but it was unofficial and not tax-deductible. Sometime around the eighth or ninth THOTCON, the organization became a 501(c)(3) and took on the name THOTCON Infinity NFP. That opened it up to donations and they were able to start offering VIP tickets with tax-deductible portions as well as sponsorships for students.

Nick told us that up until then, the organization was 100% focused on bringing in speakers, but at that point, they decided to see what else they could do with the donations.

THOTCON charity

THOTCON Infinity NFP produces the THOTCON conference, but it has also expanded into community-based activities that give back. Nick talked about an event a couple of years ago in which THOTCON partnered with Chicago Public Libraries to hold a Cyber Security Action Day. In every branch of the library, people from THOTCON set up a table and gave free security support focusing on the three Ps: passwords, patching, and privacy.

It was a successful event, and the THOTCON team hoped to do it again, but the Chicago Public Library wanted to limit it to just the locations that get the most foot traffic. Nick said that they talked to the volunteers about the previous event and found that the most rewarding experiences had been in the more underprivileged areas that didn’t get much traffic. For example, they had cases of people coming in for help with the computer the entire family shared. Without serving those locations, the event seemed less impactful, so THOTCON turned to new charity initiatives.

This year they’re providing a high school student in Chicago Public Schools with a $5,000 scholarship for continuing education. This student—who has already been selected by an unbiased panel—will have to enroll in full-time undergraduate study at a two-year or four-year college, university, or vocational school and study computer science or cybersecurity. The student will also be invited to THOTCON and will be awarded their scholarship onstage.

THOTCON today and how to attend

THOTCON’s location is always top-secret. It’s disclosed to attendees and speakers during the week before the event.

Unfortunately for the many people who have heard about this great event and want to attend, getting tickets to THOTCON has become increasingly difficult. The conference’s size is limited by the available venues in Chicago. This year is capped at about 1,700 people—and it sold out in 13 hours. Nick doesn’t expect the capacity of the conference to grow much. If they moved into hotel venues, they would have to charge too much for the tickets.

If you’re hoping to attend in future years, tickets go on sale Oct. 1 each year for the following year. The call for papers also opens on that date. While tickets sell out in a matter of hours, the call for papers closes in January. If you have something to say about information security, becoming a speaker might be the best way to attend THOTCON.