Practice Exams:
Home Blog SteelCon Unveiled: A Northern-Edge Hacker Gathering

SteelCon Unveiled: A Northern-Edge Hacker Gathering

SteelCon isn’t just another name on the ever-growing list of security conferences—it represents something different. Born in 2014 out of a desire to create a hacker con with character, SteelCon has since become a standout in the UK’s infosec calendar. Set in the heart of Sheffield at Hallam University, it offers a refreshing alternative to the traditionally London-heavy tech event scene. From its rapid expansion to its warm community vibe, SteelCon brings together expertise, inclusivity, and innovation under one roof—and with a northern accent.

The growth of SteelCon has been nothing short of impressive. The first edition hosted 150 attendees, doubling to 300 the following year, and by 2016, the conference had sold out at 450. But the numbers only tell part of the story. What sets SteelCon apart is its commitment to building an environment where everyone—from seasoned researchers to curious newcomers—feels welcome and inspired. It’s more than a conference. It’s a community gathering with laptops, lockpicks, and laughter.

Sheffield Hallam: More than just a venue

Location plays a subtle but important role in shaping the feel of any event, and SteelCon’s home at Sheffield Hallam University couldn’t be more fitting. Held in a sunlit atrium, the space is open and inviting. It promotes conversation, not just content consumption. Gone are the dark, tightly packed auditoriums of traditional tech conferences. Instead, you find an airy, communal environment where attendees are encouraged to talk, experiment, and share ideas.

The university setting also adds a special academic flavor to the event. You’re surrounded by both students and professionals, bridging the generational gap in cybersecurity. There’s a palpable sense of passing the torch, of creating a space where new talent is cultivated while experienced voices are respected.

The human touch: Families, fun, and whippets

One of the most unique aspects of SteelCon is how family-friendly it is. Few hacker conferences actively embrace the presence of children, but here, kids are not only welcome—they’re engaged. A dedicated kids’ track runs alongside the main schedule, offering hands-on workshops like app development and lock picking. These aren’t just distractions—they’re real, meaningful learning experiences designed to spark early curiosity about technology and security.

It sends a powerful message: cybersecurity is for everyone, and learning can start at any age. The effect is immediate and obvious. Parents can attend talks while knowing their children are engaged in safe, supervised learning. There’s laughter in the halls. You see children explaining what they just built or picked. The future of security, it seems, is already in the room.

Adding to the sense of personality and care is the attendee badge. Instead of a lanyard or ID card, each participant receives a small toy whippet. It’s a playful nod to northern culture—and a logistical feat, considering the organizers had to find and distribute 450 of them. But more than that, it’s a symbol of the event’s ethos: thoughtful, personal, and proudly different.

Kicking off with community and content

SteelCon may be fun and family-focused, but its technical content is just as serious and compelling as any top-tier security conference. With two main speaking tracks running throughout the day, attendees have the freedom to choose from a mix of deep technical dives and human-centered discussions. The diversity of sessions allows you to craft your own experience—whether you’re into exploit development or organizational psychology.

The talks began with a session from Chris Truncer, focusing on methods to bypass antivirus detection. Shellcode was a central theme, and while the content was highly technical—perhaps more suited to seasoned red teamers—the talk set the tone for a day filled with advanced ideas and passionate discussions. Though not all aspects were accessible to less technical attendees, it was a strong reminder of the level of talent SteelCon attracts.

Switching gears, the second track offered a compelling contrast. Dr. Jessica Barker took the stage to discuss imposter syndrome in cybersecurity—a topic that’s rarely given the attention it deserves. Barker’s research dives into the psychological barriers professionals face, especially in such a fast-moving, high-pressure industry. Her talk explored confidence, self-doubt, and the subtle (and not-so-subtle) pressure to constantly prove yourself in technical circles.

Her message was clear and powerful: you don’t need to know everything to belong in cybersecurity. Surround yourself with supportive people—what she called “radiators, not drains”—and embrace challenges that push you out of your comfort zone. Her session was both a comfort and a call to action for anyone who’s ever questioned whether they’re “technical enough” or “smart enough” to be in infosec.

Accessibility meets expertise

One of the standout qualities of SteelCon is how well it blends accessibility with expertise. Talks like Barker’s make space for newcomers and non-technical attendees to feel seen and included. At the same time, deep technical presentations satisfy the curiosity of experts and professionals looking to expand their knowledge.

That balance is difficult to strike, yet SteelCon manages it with ease. The schedule is curated in a way that respects the range of interests and abilities within the cybersecurity community. From threat intelligence and malware analysis to psychology and policy, there’s something for everyone—and no single background is assumed or privileged.

This is perhaps one of the most refreshing aspects of the event. In many technical conferences, there’s an unspoken hierarchy—an assumption that only coders or pen testers have something meaningful to contribute. SteelCon actively rejects that mindset. It reminds attendees that cybersecurity is an ecosystem, not a silo. Human factors matter just as much as technical tools. Emotional intelligence is just as crucial as command-line mastery.

A sense of momentum

Throughout the day, what becomes increasingly clear is that SteelCon is more than the sum of its parts. Yes, the talks are interesting. Yes, the venue is comfortable. Yes, the people are warm and approachable. But what really makes SteelCon stand out is the energy—the sense of forward movement.

You feel it in the conversations between sessions, where strangers share stories over coffee and workshop discoveries. You see it in the kids’ track, where children light up at the sight of a lock pick tool or a working app they just built. You hear it in the applause, the laughter, the thoughtful questions from the audience.

There’s an unspoken understanding that everyone here is contributing to something bigger. Whether through sharing knowledge, inspiring others, or simply showing up with curiosity and humility, attendees aren’t just participants—they’re building the future of cybersecurity.

Looking toward the future

By the end of the day, it’s hard not to feel inspired. SteelCon doesn’t try to be the biggest, flashiest, or most elite security event in the country. It doesn’t need to. Instead, it succeeds by staying true to its roots: accessible, inclusive, community-driven, and proudly northern.

The conference wraps with a short address from organizer Robin Wood, affectionately known as the “gaffer.” He confirms that despite selling out the venue this year, SteelCon will remain at Sheffield Hallam next year. The crowd applauds—not disappointed by the lack of expansion, but grateful for the consistency and care the event provides.

As a final gesture, attendees are invited to contribute to a charity fundraiser. The day’s collection is later doubled at the after-party, with the total donation reaching around £1,500. It’s a quiet but meaningful note to end on, reinforcing the spirit of generosity and collective effort that defines the event.

Why it matters

SteelCon is more than a conference—it’s a statement. It challenges assumptions about what a hacker gathering should look like. It proves that serious technical conversations can happen alongside family-friendly workshops. It invites the community to step up, share knowledge, and support each other—not just in talks, but in the hallways, over lunch, and online long after the event ends.

Most importantly, SteelCon reminds us that cybersecurity doesn’t belong to one city, one group, or one kind of professional. It’s a field that thrives on diversity, collaboration, and continuous learning. Whether you’re a veteran researcher, an aspiring student, or a curious parent tagging along with your child, there’s a place for you here.

Next year’s SteelCon will no doubt attract even more attention. But if it keeps its soul—the whippet badges, the kids’ track, the open conversations and genuine care—it will continue to lead not just through content, but through character.

SteelCon Part 2: Malware, Memory, and the Mechanics of Modern Threats

SteelCon may be known for its friendly atmosphere and family-inclusive format, but its heart still beats with cutting-edge cybersecurity research. Beyond the bright atrium and toy whippets, the conference provided a platform for some of the most technically sophisticated and sobering presentations in the UK’s information security scene.

This second part of our three-part series focuses on the deeper, more investigative sessions of the day. It includes a forensic look into system memory, a sweeping malware campaign, and the growing cybersecurity challenges in modern vehicles. These talks captured how the lines between convenience, vulnerability, and responsibility are becoming increasingly blurred in a connected world.

Memory Forensics: Understanding the Digital Mind

One of the most technically demanding talks came from Darren Martyn of Xiphos Research. Rated “18” on SteelCon’s tongue-in-cheek BBFC-style schedule due to complexity and technical content, his session was a deep dive into memory forensics—a critical area for security professionals and incident responders.

Martyn explained that traditional digital forensics often revolves around analyzing hard drives and file systems. However, sophisticated attackers now focus their efforts on system memory, using techniques that leave little or no footprint on disk. These memory-resident threats avoid detection by standard antivirus tools and disappear once the machine is shut down.

Tools like Volatility and Rekall were showcased for extracting data from memory dumps. Martyn demonstrated how analysts could identify injected code, analyze running processes, and detect rootkits or fileless malware. Memory forensics, he argued, is no longer a niche skill—it’s rapidly becoming essential for threat detection and response.

This session emphasized that if defenders are not inspecting memory, they’re potentially blind to entire classes of modern attacks. The evolving nature of malware calls for a corresponding evolution in investigative techniques, and memory forensics is now at the forefront.

The Northern Gold Campaign: Global Reach, Local Lessons

Following the technical intensity of Martyn’s session, researchers Wayne Huang and Sun Huang from Proofpoint delivered an alarming report on a malware operation they referred to as the Northern Gold campaign. This campaign was responsible for spreading the Qbot malware to over half a million systems.

Their research revealed how attackers acquired credentials to hundreds of WordPress websites. These sites were then used to serve malicious payloads to unsuspecting visitors, spreading Qbot and allowing attackers to intercept online banking sessions. Over 800,000 financial transactions were monitored using browser injection techniques, revealing the operation’s size and financial ambition.

What set this campaign apart was its methodical, scalable structure. Attackers purchased access to vulnerable sites, deployed web shells, and used them to install exploit kits. They didn’t target specific countries but instead focused on users who had banking software installed—regardless of location. From December 2015, they introduced an exploit kit to automate Qbot delivery, signaling a shift toward more advanced infrastructure.

For security teams, this case study offered important reminders: never underestimate legacy threats, and never overlook the impact of a compromised content management system. Even seemingly innocuous websites can become distribution points for large-scale malware campaigns.

The presentation also underscored the importance of strong website credentials, monitoring for unauthorized changes, and staying aware of traffic redirection—especially when using open platforms like WordPress.

The Nissan Leaf Case: The Cost of Insecure Convenience

Scott Helme, a well-known researcher in the security community, took the audience in a different direction—literally. His talk focused not on traditional malware, but on vehicles, specifically the Nissan Leaf, and what happens when a car is connected without proper security measures.

Together with Troy Hunt, Helme investigated the Nissan Leaf mobile app, which allowed users to check battery levels, control charging, and manage climate settings. The app, however, used an insecure API that required only the vehicle’s VIN (Vehicle Identification Number) to function. These VINs are often visible through a car’s windshield, making them easy to obtain.

With just that number, attackers could manipulate charging schedules, activate air conditioning or heating, and repeatedly cycle the battery charge. Helme even developed a Python script that looped the charging command to potentially damage the battery—posing a threat not only to the car but to its warranty and operational safety.

The researchers reported their findings to both Nissan and the Information Commissioner’s Office, but the initial response was underwhelming. It wasn’t until the findings were made public that action was taken.

Helme’s talk wasn’t just about one vulnerable car. It was a cautionary tale for the automotive industry. As vehicles become more software-driven, their manufacturers must start adopting the security practices long known in IT. Secure coding, input validation, and robust authentication are not optional in connected products—they are essential.

Vorsprung Durch Hacknik: Hacking the Auto Industry

Closing out the automotive theme, Chris Ratcliff offered a broader analysis of why cars are so vulnerable to hacking in the first place. His talk, humorously titled “Vorsprung Durch Hacknik,” highlighted the fragmented, outdated, and often chaotic state of vehicle cybersecurity.

Ratcliff compared the pace of car development with that of smartphones. While tech companies release new phone models annually, car manufacturers operate on much longer timelines. In the same span that saw seven versions of the iPhone, only one new BMW 5 Series model was released.

This lag affects the security posture of vehicles. Cars are built using components from multiple suppliers, each with their own systems, codebases, and protocols. The integration is rarely seamless, and when security issues arise, manufacturers often lack the ability to patch them. Many cars on the road simply cannot be updated over-the-air, and retrofitting security updates is usually considered economically impractical.

Tesla, Ratcliff noted, is the exception, functioning more like a technology company that happens to produce cars. Most others remain rooted in traditional manufacturing models, where security takes a backseat to logistics, cost, and performance.

He predicted that cybersecurity will soon become a consumer concern, much like fuel efficiency or crash safety ratings. But until then, buyers are largely unaware of the digital risks their vehicles may carry.

From Systems to Systems Thinking

What ties these diverse technical sessions together is a common thread: systems thinking. Whether it’s forensic analysis of memory, dissecting global malware operations, or evaluating the vulnerabilities in vehicle software, the ability to see beyond individual components and understand how they interact is key.

Modern attackers are no longer focused on one vector or one system. They exploit chains of weak links—an outdated plugin on a blog, an API with no authentication, or a control unit with legacy firmware. As defenders, researchers, and technologists, it’s essential to look at the whole system, not just its individual parts.

SteelCon’s technical talks served as both a wake-up call and a masterclass. They illustrated just how far attackers are willing to go, how creative they can be, and how wide the attack surface has become. But they also reminded attendees that with vigilance, collaboration, and ethical research, the cybersecurity community is more than capable of meeting these challenges.

Building a Culture, Not Just a Conference

SteelCon may have begun as a regional hacker gathering in 2014, but by 2016, it had cemented itself as more than just another technical conference. It had grown into a cultural touchstone in the UK cybersecurity landscape—part learning environment, part social movement, and part grassroots rebellion against the formality of traditional events.

In the first two parts of this series, we explored SteelCon’s unique atmosphere, its embrace of community and inclusion, and the sophisticated technical presentations that kept even the most seasoned professionals leaning forward in their seats. In this final installment, we turn our attention to what makes SteelCon truly special beyond the talks: its people, its values, and the role it plays in shaping the future of ethical hacking in the UK.

This is the story of how SteelCon isn’t just hosting the cybersecurity conversation—it’s helping define what that conversation should be.

The Final Sessions: Wrapping Up with Substance and Impact

As the day progressed, it became clear that SteelCon’s organizers had struck a careful balance: high-level technical content alongside human-centered topics, presented by both established voices and rising newcomers.

The final sessions of the day continued this trend. Attendees had the option of diving deeper into the security of IoT devices, cryptography, or car hacking. One of the most talked-about talks came from Chris Ratcliff, whose session “Vorsprung Durch Hacknik” examined how car manufacturers unintentionally build insecure systems into their vehicles, often without realizing the long-term risk they pose to consumers.

Ratcliff’s observations resonated strongly. Unlike tech companies, most carmakers aren’t used to building products that require regular patches or software updates. The result? Millions of vehicles on the road today have security vulnerabilities that cannot be fixed without costly recalls. This isn’t just a hypothetical concern—it’s an emerging crisis in an industry that’s being dragged into the digital age faster than it’s ready for.

Meanwhile, in Track Two, discussions turned to web application security, supply chain threats, and privacy issues in consumer technology. Each session reinforced a central theme that echoed throughout the day: complexity is the new enemy. Systems are no longer siloed; everything is connected. And that means everything is vulnerable.

Staying Local, Thinking Global

One of the defining choices made by the SteelCon organizers was to keep the event in Sheffield. Despite the sell-out crowd in 2016 and rising demand for tickets, founder Robin Wood (also known as “DigiNinja” in the infosec world) confirmed that the venue would remain at Sheffield Hallam University.

This wasn’t due to a lack of ambition—it was a conscious commitment to SteelCon’s roots.

In an industry that often centers itself around capital cities and global business hubs, SteelCon’s choice to stay local sends a powerful message: important work is happening everywhere, not just in London or San Francisco. Sheffield’s industrial history, with its steel mills and working-class resilience, provides a fitting metaphor for the kind of security work that SteelCon promotes—practical, honest, grounded.

Attendees come from all corners of the UK and beyond, but the conference never loses its regional character. That character is evident in everything from the relaxed dress code to the northern accents on stage, to the no-nonsense, “get involved” attitude that permeates the event.

It also helps foster a sense of ownership and loyalty. SteelCon isn’t an event you attend passively—it’s a conference where people feel at home. Volunteers know attendees by name. Speakers stick around to chat and answer questions. Children race through the atrium after finishing a session on how to build a robot or pick a lock.

This is not incidental—it’s intentional. And it’s what sets SteelCon apart.

More Than an Audience: A Participatory Culture

Unlike some conferences that can feel like lectures with vendor booths, SteelCon has a culture of participation. Whether it’s through workshops, hallway conversations, or the famed “kids’ track,” everyone is encouraged to contribute something.

That spirit of contribution is especially evident in the way SteelCon treats its younger attendees. The conference goes beyond merely providing childcare—it offers actual cybersecurity education for kids, introducing them to programming, lockpicking, cryptography, and ethical hacking in ways that are hands-on and engaging.

One session had children learning how to break simple substitution ciphers. Another had them building and programming Lego Mindstorms robots. These weren’t token activities to keep them busy—they were thoughtfully designed introductions to the same concepts being discussed in the main conference halls, just delivered at a different scale.

Parents who work in cybersecurity often lament the difficulty of balancing work, professional development, and family time. SteelCon provides a rare solution to that challenge: a place where your career and your family can coexist for a weekend in an environment of shared curiosity.

The effect is generational. The kids walking around with whippet badges and starter lockpick sets may very well be the keynote speakers in 10 or 15 years. By planting these seeds now, SteelCon is doing something few conferences even attempt—creating a pipeline of future security professionals who won’t need convincing that they belong.

The Badge, The Gaffer, and The Community

No discussion of SteelCon 2016 would be complete without mentioning the badge—a small toy whippet, one for every attendee. It’s a quirky, regional choice that serves no technical purpose. There are no LEDs, no embedded chips, no challenges to hack. And that’s precisely the point.

The whippet badge embodies the event’s personality. It’s humble, playful, and unmistakably northern. Sourcing nearly 500 identical toy whippets turned out to be a challenge for the organizers, but the result was worth it. Attendees loved it, and it became a visual shorthand for belonging. If you walked into the atrium with a whippet clipped to your backpack or belt, you were instantly part of the club.

Robin Wood, the event’s lead organizer, addressed the crowd at the end of the day. He thanked the volunteers, the speakers, the sponsors, and most importantly, the attendees. Despite being visibly exhausted from months of planning and coordination, he spoke with warmth and gratitude. There were no grand pronouncements or fireworks—just a simple commitment to keep going, to keep building, to keep SteelCon what it is.

That commitment extended beyond words. A charitable collection taken up during the event raised several hundred pounds, and was later doubled at the afterparty to reach approximately £1,500. That spirit of generosity and collective purpose sums up SteelCon in one word: community.

Why SteelCon Matters in a Crowded Field

Cybersecurity conferences are everywhere. From global giants like Black Hat and DEF CON to niche summits focused on a single discipline, the calendar is packed year-round. In that context, it would be easy to dismiss a regional conference in northern England as “just another event.”

But SteelCon isn’t just another event. It stands out because it embodies a particular philosophy about what a security conference should be. It doesn’t try to be flashy. It doesn’t cater to corporate executives. It doesn’t measure its success in the size of its budget or the celebrity status of its speakers.

Instead, it succeeds by being human. By welcoming children. By refusing to gatekeep. By staying humble even as it grows.

SteelCon is built on trust, openness, and a refusal to play into the elitism that sometimes infects the cybersecurity world. It draws on the best elements of hacker culture—curiosity, collaboration, irreverence—and channels them into something constructive, inclusive, and meaningful.

That matters. Because while zero-days and nation-state threats may grab headlines, the long-term health of cybersecurity depends on community. On mentorship. On education. On events like SteelCon.

Lessons for the Industry

SteelCon offers several key lessons for the wider industry:

  1. Security is Everyone’s Job
     SteelCon’s inclusivity shows that you don’t need to be a penetration tester or reverse engineer to belong. Project managers, educators, designers, parents—everyone has a place and something valuable to contribute.

  2. Education Starts Early
     By including kids in meaningful ways, SteelCon challenges the myth that security is too complex or too serious for younger learners. It proves that with the right approach, foundational skills can be taught at any age.

  3. Culture Is as Important as Content
     The best technical talks in the world won’t matter if the event environment is unwelcoming or exclusive. SteelCon succeeds because people feel safe to ask questions, explore ideas, and even admit what they don’t know.

  4. Staying Local Builds Loyalty
     In choosing to remain in Sheffield, the organizers have created a sense of place and identity. That identity helps retain volunteers, repeat attendees, and speakers who feel invested in the event’s long-term future.

  5. Ethics and Impact Go Hand in Hand
     From car hacking to malware research, SteelCon encourages responsible disclosure, ethical exploration, and sharing knowledge for the collective good.

Looking Forward: 

As cybersecurity continues to grow in complexity, and as public trust in digital systems becomes ever more critical, events like SteelCon are more than just helpful—they are necessary.

They serve as proving grounds for new ideas, safe spaces for underrepresented voices, and launchpads for the careers of future researchers, engineers, and defenders. They offer something that’s becoming increasingly rare in tech: genuine community.

By focusing on real people over resumes, learning over networking, and impact over prestige, SteelCon has built something more powerful than just a conference. It has built a culture.

And that culture will continue to matter long after the badges are packed away and the atrium goes quiet—until next year, when a new group of wide-eyed learners and whippet-wearing veterans return to Sheffield to keep the spirit alive.

Related Posts