We received quite a few interesting looks at last year’s OctoberTekfest, when we unveiled the KegBot and Hack for Beer challenge. A couple of hours into the challenge, we developed a crowd of folks gathered around the booth. Some people came to watch and cheer on their friends, while others took notes with hopes of decreasing the amount of time it took to “Pwn Beer.” The most interesting thing that happened, at least from my perspective, was that all of the folks that came to the booth experienced all of the excitement and frustration associated with executing a hack to a networked system. Many folks took note that some of the methods used to hack the KegBot, leveraged vulnerabilities and configuration issues that could have been easily mitigated. Several conversations started that examined the ideas of: What if the firewall placement changed? or What if the admin’s workstation had been patched, or not left on or unlocked? This is the true value in the whole demonstration. The process forces us to think about the issues that allowed the hack to happen in the first place. The beauty of the demonstration is that it was conducted in a controlled environment, no real data was ever at risk, and we all learned a lot.