In September 2025 I went to BruCON, and it was my first real "big" security conference. I walked in not really knowing what to expect and walked out with a notebook full of ideas, a handful of new contacts, and the certainty that I'm in the right field.

The vibe

BruCON is chill. That's the word that keeps coming back to me. It's a serious con with serious content, but the atmosphere is relaxed and approachable, no gatekeeping, no "you don't belong here" energy. I ended up in conversations with people at wildly different points in their careers, and the thing that stood out is that everyone there shares the same mindset: curious about how things work, interested in breaking them carefully, and genuinely invested in making things more secure.

Meeting people with that same wiring, in person, at that scale, was honestly the highlight for me. It's one thing to read blogs and lurk in Discords. It's another to stand around with a drink and actually talk about what you're working on.

One encounter in particular ended up changing the rest of my year. While wandering around the room with all the stands, we got talking with a teacher from Howest. Somewhere in the conversation he mentioned that Howest was still looking for a few students to take part in Hack The Government, and asked if we'd be interested. If we were, his advice was simple: go over to the CCB stand, which was right there at the event, and talk to them directly, since they were the ones organising it.

That single conversation is the only reason I ended up on the HTG participant list. No chat with that teacher at BruCON, no HTG for me. I'll leave the details of the event itself for another post, but the through-line is clear. I wouldn't have had that opportunity without showing up at BruCON. Lesson learned: show up, and talk to people.

What made my interest in cyber grow

Before BruCON my mental map of "cybersecurity" was pretty narrow, essentially web, network, and whatever came up in class. The villages and talks widened that a lot. There's so much more going on in this field than I realised, and a bunch of it is weird in the best way.

A few things that stuck with me:

The Maritime Village, CAN bus manipulation

Easily one of the coolest things I saw all week. The Maritime Village had a setup where they were playing with CAN bus messages on marine equipment, and the results were wild: they could spoof data on the navigation display, drop or move vessels on the map, mess with the fuel gauge, and generally make the instruments lie to the crew.

Seeing a fuel gauge drop to empty because someone across the table sent a crafted message made the whole "hardware-attached-to-a-network-is-still- a-network" thing click in a way that no lecture ever did. Same class of problem as car CAN attacks, just with much bigger, much more expensive targets.

Radio stuff, HackRF and friends

There was another demo in the RF space that I only half-understood in the moment, but the pieces I did catch blew my mind. Using something like a HackRF One, they were doing things like injecting fake ADS-B traffic so that aviation displays would show "ghost" planes sitting on an airway that wasn't actually there. Completely fabricated aircraft, showing up on real-looking screens.

They also demoed GPS spoofing: transmitting a crafted signal strong enough that nearby phones thought they were somewhere else entirely. Watch your phone's map jump to a different country while you're standing still and tell me that's not unsettling.

I don't have the RF background to reproduce any of this yet, but it pushed radio and signals way up my "things to learn" list.

Takeaways

• Go to the cons. Even if you think you're too junior. Especially if you think you're too junior.
• Cybersecurity is way bigger than the web/network slice I'd been looking at. Hardware, radio, maritime, automotive, it's all in scope, and it's all fascinating.
• The community part is not filler. Talks are great, but the people are why you come back.

Thanks to everyone at BruCON who humoured a first-timer asking basic questions. I'll be back.