DEF CON 34 | Las Vegas Convention Center | August 6-9, 2026

Policy @ DEF CON

A public-interest security space where hackers, policymakers, researchers, builders, lawyers, civil society, and public servants compare notes before the rules harden into reality.

Join the newsletter Read the Agency theme

Roundtables Policy debriefs Cyber crisis simulations CTFs Meet the Feds Survey data

Facts on this page were checked against public DEF CON pages, DEF CON Forums, and public Policy @ DEF CON social posts on June 20, 2026.

Why it exists

The rules are technology too.

Policy @ DEF CON gives technical people a route into governance conversations and gives policy people a clearer view of what systems really do under pressure. The work is practical: fewer abstractions, better threat models, and stronger bridges between research and public decisions.

This summary is based on the current public Policy @ DEF CON page and the DEF CON 30 policy page description of the team’s role.

01Orient policymakersRegistration help, community context, and shared vocabulary.

02Build connectionsRooms where experts can ask sharper questions without performance theater.

03Move ideasFrom vulnerability research and field evidence into rulemaking, standards, and action.

DEF CON 34 frame

Agency is the operating principle.

Attention

Choose what gets to steer you.

Agency starts with the everyday surfaces that compete for focus. Bring the technical receipts, the policy vocabulary, and the community practices that help people opt out of manipulation by default.

DEF CON 30 snapshot

52 hours of policy signal.

These figures come from the public Policy @ DEF CON stat block for DEF CON 30.

5: Main-stage talks
28: Roundtables
9: Evening lounges
10h: Online content
36%: Female or non-binary presenters/moderators
22%: International presenters/moderators

What happened before

From crash courses to crisis games.

Each card below names the public source used for that year’s facts.

DC29

Hybrid onramps for policy and hackers

Policy debriefs, community roundtables, and an evening lounge helped people compare notes on Section 230, cyber capacity building, decriminalizing hacking, IoT security, zero trust, ransomware, Solarium implementation, election security, and CISA.

Source: DC29 Policy page

DC30

Main stage, policy track, lounges

The program covered CFAA and DMCA changes, open source supply chain risk, ONCD, election security bridge building, ransomware, aviation, healthcare, vulnerability disclosure, wireless spectrum, offensive capabilities, and international policy challenges.

Source: DC30 Policy page

DC31

Video, briefings, and wider policy literacy

The DEF CON Forum archive lists a Policy @ DEF CON 31 CFP briefing thread and a later “DEF CON 31 Video Is UP” thread. Public video listings include policy sessions from that year, including a US cyber policy primer.

Source: DEF CON Forum archive

DC33

Dedicated room, roundtables, discussions, CTF

Policy @ DEF CON signaled a dedicated room in LVCC-W234 with roundtables, discussions, and a policy CTF. Forum topics also flagged Operation Horizon Veil as a global crisis simulation.

Source: public DC33 post

DC34

Agency, formal submissions, next program

The 2026 Policy CFP used OpenConf and accepted talks, interviews, panels, and interactive sessions in 25, 50, and 80-minute formats. The call is now closed while the Agency-themed program comes together.

Source: DC34 Policy CFP

Policy surface area

The backlog is already full.

Topics below are grouped from the public DC29 and DC30 policy schedules, not invented categories.

law

CFAA, DMCA, Section 230, Computer Misuse Act

How laws define authorization, research, speech, liability, and the difference between exploration and harm.

infrastructure

Critical software, supply chain, zero trust

What minimum safety should mean when a dependency, update channel, or federal network becomes public infrastructure.

democracy

Election security and public trust

Beyond voting machines: the full system of running elections, explaining risk, and building bridges with officials.

response

Ransomware, disclosure, crisis simulation

How responders, companies, governments, researchers, and communities should behave when the clock is already running.

sectors

Healthcare, aviation, wireless spectrum

Policy choices where bits meet physical safety, regulated industries, and changing attack surfaces.

institutions

CISA, ONCD, DHS, Cyber Solarium

Direct conversations with agencies and policy shops about what they need, what they miss, and what hackers can fix.

Operation-style games

Policy work gets sharper when people have to make decisions inside a scenario, not just talk around one.

Basis: Operation Horizon Veil forum topic

Policy CTFs

Capture-the-flag structure turns governance, disclosure, crisis response, and institutional constraints into something participants can actively solve.

Basis: Policy@DEFCON CTF forum topic

Crash-course debriefs

Short, dense briefings help hackers catch up on policy primitives and help policymakers understand technical consequences.

Basis: DC29 policy debriefs

Cyber Contingencies Survey

Turning expert risk sense into data.

Policy @ DEF CON launched an annual survey to compare expert expectations around geopolitical cybersecurity scenarios. Year 1 published response data by tier demographics; the long-term value is year-over-year comparison that can sharpen policy conversations.

Open the DEF CON 33 survey data

The survey description and counts come from the current Policy @ DEF CON page.

geopolitical cyber scenarios in Year 1

21 / 52

responses reported from invitations sent

Annual

designed for year-over-year comparison

Stay in the loop

Find the signal between cons.

Defcon.Social Fediverse updates BlueSky Short updates and links LinkedIn Professional community updates DEF CON Forums CTF, crisis simulation, CFP, and archive threads YouTube Policy media and recordings Original DEF CON page Canonical public policy page