July 13, 2026
What I learned Running My Own Defcon Group
A few years back, I was working as a hacker at Praetorian, doing my job the way a lot of us do now — remotely, from wherever the good…

By Aleksa Zatezalo
5 min read
A few years back, I was working as a hacker at Praetorian, doing my job the way a lot of us do now — remotely, from wherever the good coffee and stable internet happen to be. For me, that was Belgrade. I'd log into client environments, chase down vulnerabilities, write reports, and then log off into a city where almost nobody around me understood what I actually did for a living.
That disconnect started to bother me. I had a career built entirely around a global, tight-knit hacker community, and I was living in a city where I didn't know a single person in that world. So I decided to build one.
There was also a more practical itch behind the idea. My company was hiring at the time, and I wanted to refer good candidates — partly to help grow the local security industry, and partly, if I'm honest, because a referral bonus never hurts. But you can't refer people you haven't met, and you can't meet people who don't know you exist. I needed a room. So I built one.
That room became DC381 — Belgrade's DEFCON group.
Building the Thing
I didn't overthink the format. DEFCON groups have a proven shape, so I borrowed it and adapted it locally. We had:
- A Telegram chat for day-to-day conversation and event coordination
- An invite-only bulletin-board-style website, password protected, for more serious discussion and resource sharing
- A presence on Meetup, because that's still where a surprising number of people discover local tech communities
We hosted events and gave presentations roughly once a month — a mix of my own talks and, eventually, talks from members who wanted to try their hand at presenting. We started with a small handful of people in a room that felt more empty than full. Over time, that grew into about 15 regulars showing up consistently.
On paper, that's a success story. A community built from nothing, growing steadily, with real infrastructure behind it. And in a lot of ways, it was. But running it taught me more about people than it did about penetration testing — and most of those lessons were harder than any CTF.
Take Away #1: Genuine Interest Is Rare — and Hard to Spot
Here's the uncomfortable truth: a lot of people who show up to a hacking meetup aren't there for hacking. They're there for the aesthetic of hacking.
Security has a certain mystique. Hoodies, terminals, green text, the idea of quietly having power over systems other people don't understand. Some people are drawn to that image the way others are drawn to true crime podcasts — as spectators, not practitioners. They'll ask you what it's like to "run a botnet," genuinely curious, with zero relevance to their actual work or any intention of learning the underlying skills. They built one side project once, and they like to dream about the rest.
That's not a criticism, exactly. Curiosity is fine. But it means the room is rarely full of the people you think it's full of.
Out of everyone who came through DC381, two people showed up with real, demonstrable knowledge from day one. A third, a recurring member, put in the work over time and eventually passed the PNPT — a legitimately hard, hands-on certification. Today, the four of us are genuinely friends, and we can have real technical conversations without anyone performing for the room.
The other twelve or so people who cycled through? They were there to LARP. Not maliciously, not even consciously in most cases — but the gap between "I like the idea of hacking" and "I do the work of hacking" turned out to be the single biggest filter in the entire experience. And you can't tell who's who from a Telegram intro message. You only find out over months.
Take Away #2: Getting People in the Room Is the Easy Part
If you'd asked me before I started which part would be hardest — attendance or engagement — I would have guessed attendance. I was wrong.
Getting people to show up once, especially with free food, a novel topic, and a bit of local hype, is genuinely not that hard. Getting them to engage — to actually participate, prepare, contribute — is a completely different problem, and I don't think I ever fully solved it.
The clearest example: one member specifically asked for a way to post requests and ideas privately, so I built exactly that — an invite-only form on the bulletin board site. That same member also asked to learn WiFi cracking, so I organized and hosted an entire workshop around it. He never used the form. Not once. And he showed up to the WiFi cracking workshop — the thing he'd personally requested — completely unprepared.
That stuck with me. It's tempting to think engagement is a supply problem: give people the tool they asked for, build the workshop they wanted, and they'll show up ready. But engagement isn't downstream of supply. People will ask for things sincerely and still not follow through, and there's no amount of infrastructure that fixes that. You can lower every possible barrier and some people simply won't cross it. That's not a design flaw in your community — it's just how motivation actually works for most people, most of the time.
Take Away #3: Speakers Are the Scarcest Resource
Content is the thing that makes a recurring meetup actually recurring, and content means speakers. This turned out to be the hardest resource to source, by a wide margin.
Seasoned speakers — people already on the BSides or conference circuit — aren't looking for small local meetups. Their time is better spent on stages with bigger audiences and bigger names attached, and that's a completely rational calculation on their part. You're not going to pull established talent into a monthly community meetup in a mid-sized city.
That leaves first-time speakers. And most people, even technically brilliant people, are quietly terrified of public speaking. It's one thing to be excellent at your craft; it's another to stand in front of a room and explain it. That fear filters out the vast majority of people who'd otherwise have something valuable to say.
What's left is a very small group: people who are not just knowledgeable, but passionate enough to volunteer their time, prepare a talk, and take the risk of speaking publicly, often for the first time, to a room of people they mostly don't know. That combination — competence, passion, and courage — is rare. Organizing is the same problem in a different costume. Everyone wants the group to exist. Very few people want to do the unglamorous work of keeping it running.
What It Was Actually Worth
Despite all of that — the LARPers, the unopened forms, the speaker drought — I'd build it again without hesitation.
DC381 didn't turn into some massive movement, and I don't think that was ever really the point. What it did was cut through the noise. Out of dozens of people who passed through, it surfaced a handful who were real — real curiosity, real skill, real follow-through. Those are now genuine friends and a genuine local network, in a city where I started with none.
If you're thinking about starting something similar: don't measure success by attendance numbers, and don't be discouraged when most of the room turns out to be spectators rather than participants. That's not a failure of your community — it's the default distribution of any open room. Your job isn't to convert the spectators. It's to build something real enough that the handful of genuine people can find each other, and each other is enough.