Published on: February 20, 2025 Updated 2 times since publishing
SafetyDetectives recently had the opportunity to sit down with Andrei Avădănei, the founder of DefCamp—one of Eastern Europe’s largest and most impactful cybersecurity conferences. Since its inception in 2011, DefCamp has grown from a small gathering of passionate cybersecurity enthusiasts into a globally recognized platform that brings together thousands of professionals, researchers, and ethical hackers from over 60 countries. In our conversation, Andrei shared insights into the vision behind DefCamp, how it has evolved, and the unique role it plays in shaping the cybersecurity landscape. From fostering community-driven engagement to tackling today’s most pressing security challenges, DefCamp continues to be a cornerstone for innovation and collaboration in the field.
DefCamp has grown into one of Eastern Europe’s largest cybersecurity conferences. What was the initial vision behind it, and how has it evolved over the years?
Passionate about cybersecurity since forever, I wanted to create a space where cybersecurity enthusiasts, professionals, and researchers could come together, exchange knowledge, and push the boundaries of ethical hacking and digital defense. Back in 2011, Romania and Eastern Europe as a whole had an incredible pool of talent in cybersecurity, but there were limited opportunities for these bright minds to connect, showcase their skills, and collaborate on real-world challenges.
What started as a small gathering of passionate individuals has now evolved into one of the largest cybersecurity conferences in CEE. Over the years, we’ve expanded our reach, attracting global experts, industry leaders, and companies eager to invest in security innovation. DefCamp has become a hub for learning, hands-on competitions, and meaningful discussions about trends and the future of cybersecurity.
One of the biggest transformations has been our focus on practical, real-world applications. The DefCamp Capture the Flag (D-CTF) competition, for example, has grown into an internationally recognized contest, helping security professionals as well as best cybersecurity students refine their skills. Moreover, we’ve also broadened our overall agenda to include not just technical insights, but also strategic discussions on how cybersecurity impacts business, policy, and society.
Despite this growth and when I say growth I mean over 2000 attendees under the same roof from over 60 countries around the world, our core mission remains unchanged: to empower, educate, and inspire the cybersecurity community. We are proud to be a driving force in Central and Eastern Europe’s security landscape, fostering innovation and building a stronger, more resilient digital future.
What sets DefCamp apart from other cybersecurity conferences, and what do you consider its biggest achievements so far?
I strongly believe that each conference is special because behind it there is a lot of work, a lot of passion and a real commitment to the community to create an impressive experience. What truly sets DefCamp apart from other cybersecurity conferences is our strong focus on hands-on activities, community-driven engagement, and a deep commitment to fostering talent in Central and Eastern Europe. While many conferences lean heavily on theoretical discussions and briefings, we prioritize practical, real-world applications, we encourage research and welcome on stage technical people showcasing their work. On the other hand, our Hacking Village competitions, and workshops give attendees the opportunity to test their skills, collaborate with experts, and gain insights that they can immediately apply in their work.
Besides the well known DefCamp Capture the Flag (D-CTF) competition, which has grown into one of the most respected CTFs worldwide, we are very proud to have organized last year for the first time OSINT Search Party CTF with the support of Trace Labs organization and it’s been a great success. Both competitions attracted top-tier ethical hackers, security researchers, and students who challenge themselves against real-world cybersecurity scenarios.
Another milestone is the way we’ve built a truly international platform for knowledge-sharing. We’ve welcomed some of the brightest minds in cybersecurity – from industry pioneers to ethical hackers – who have shared invaluable insights and research. Actually a few years back we had on stage a young hacker who was such an inspiration for the community expressing her passion and commitment to this impressive industry. So I can say that DefCamp has become a bridge between Eastern Europe and the global cybersecurity community, helping to showcase the immense talent coming from this region.
But beyond the numbers and global recognition, what I’m most proud of is the community we’ve built. DefCamp isn’t just an event; it’s a movement. It’s a place where professionals, students, and companies come together to exchange ideas, collaborate, and push the boundaries of cybersecurity. The energy, curiosity, and innovation that our attendees bring each year continue to drive us forward.
From the discussions and challenges at DefCamp, what are the most pressing cybersecurity threats organizations and individuals should be aware of today?
At DefCamp, we have the privilege of bringing together some of the brightest minds in cybersecurity, and from the discussions, research, and hands-on challenges we host, several key threats consistently stand out as the most pressing for both organizations and individuals.
One of the biggest concerns today is the rise of sophisticated ransomware attacks. We’re seeing threat actors move beyond simple data encryption to double and even triple extortion tactics, where they not only lock files but also threaten to leak sensitive information or disrupt critical operations. Ransomware-as-a-Service (RaaS) has made these attacks more accessible, lowering the barrier for cybercriminals.
Another major issue is supply chain attacks – taking over the media headlines in the past years as well – where hackers target vulnerabilities in third-party vendors or software providers to infiltrate larger organizations. We’ve seen this play out in incidents like the SolarWinds attack, where a single breach impacted multiple enterprises and government agencies.
Social engineering remains a powerful attack vector, with phishing evolving through deepfake technology and AI-powered scams. Attackers are using more personalized, highly convincing techniques to manipulate people into revealing sensitive information or granting unauthorized access.
For individuals, privacy concerns and identity theft are more critical than ever, especially with the growing digital footprint we all leave behind. Cybercriminals are leveraging stolen personal data to conduct fraud, hijack accounts, and even manipulate social media profiles.
Additionally, the security of AI and IoT (Internet of Things) devices is a growing challenge. As more devices become interconnected, vulnerabilities in smart home technology, industrial systems, and even vehicles are opening new attack surfaces that many organizations are still struggling to secure. We have a competition called Null Your Warranty Village at DefCamp focusing on hardware hacking and every year we see lots of vulnerabilities found by the attendees so most definitely IoT security is vital.
At DefCamp, we emphasize that cybersecurity is no longer just a technical issue – it’s a business, societal, and even geopolitical concern. Organizations need to adopt a proactive security mindset, focus on cyber resilience, and continuously test their defenses. On the other hand, individuals must remain vigilant, educate themselves on cyber hygiene, and take control of their digital privacy. The threats are evolving rapidly, and staying ahead requires constant learning and adaptation.
Ethical hacking and Capture The Flag (CTF) competitions play a big role at DefCamp. How do these activities contribute to the broader cybersecurity landscape?
Ethical hacking and Capture The Flag (CTF) competitions have been at the core of DefCamp from the very beginning, and I truly believe they play a crucial role in shaping the broader cybersecurity landscape. Cybersecurity isn’t just about knowing the theory or talking about it, it’s about applying skills in real-world scenarios, and that’s exactly what these competitions provide.
One of the biggest impacts is how they help train the next generation of security professionals. Many of today’s top ethical hackers and security researchers started out in CTF competitions, where they developed the hands-on skills needed to identify and exploit vulnerabilities. It’s one thing to read about security concepts in a textbook, but another to actually break into a system in a controlled, ethical environment and understand how attackers think. That experience is invaluable, both for individuals looking to enter the field and for companies looking to strengthen their cybersecurity teams.
Beyond individual skill-building, these competitions also contribute to the overall security of systems and organizations. Many of the vulnerabilities discovered during CTFs lead to improvements in security frameworks and best practices. We’ve had at DefCamp companies that brought their technology to be tested by the community, of course everything arranged in the form of the CTF but at the end of the day it was very rewarding for both the company – hackers revealed vulnerabilities found in a controlled environment and for the hacker – who most probably won a reward or a prize.
The cybersecurity community is always evolving, and ethical hacking challenges push the boundaries of what’s possible, exposing weaknesses before they can be exploited by malicious actors. It’s a proactive approach to security – one that helps organizations stay ahead of emerging threats.
Another aspect that makes these competitions so impactful is the collaborative spirit they foster. Cybersecurity is not a solitary field; it thrives on knowledge sharing and teamwork. At DefCamp, we’ve seen competitors come together, exchange ideas, and even form teams that go on to work together professionally. That kind of networking is just as valuable as the technical skills learned during the competition.
I also see CTFs as a bridge between academia and the overall industry. Many students enter these competitions as a way to test their knowledge, but they quickly realize that the challenges require out-of-the-box thinking and practical skills that aren’t always covered in formal education. That’s why companies pay close attention to CTF participants – because they know these are people who have proven their ability to solve complex security problems under pressure.
Most importantly, ethical hacking competitions like the ones we host at DefCamp Hacking Village promote a responsible, security-first mindset. Hacking isn’t just about breaking things – it’s about understanding how they work and making them more secure. By encouraging ethical hacking, we’re helping build a community of security professionals who are passionate about protecting digital systems rather than exploiting them. And that, in my opinion, is one of the most important contributions we can make to the cybersecurity world.
With cybersecurity evolving rapidly, what are some emerging trends that you believe will shape the future of the industry?
I believe cybersecurity will continue to evolve at an incredible pace, bringing both new challenges and opportunities alike. From my perspective, a few key trends will shape the industry in the coming years, and organizations need to prepare for them now.
One of the biggest shifts we’re already seeing is the increasing role of artificial intelligence (AI) and machine learning (ML) in cybersecurity. These technologies are becoming essential in detecting and mitigating threats faster than ever before. AI-powered security solutions can analyze massive amounts of data in real-time, helping organizations stay ahead of attackers. However, the other side of this is that cybercriminals are also using AI to develop more advanced threats-automating phishing campaigns, creating deepfake scams, and even writing malware that can adapt on the fly. It’s a constant race, and organizations need to leverage AI responsibly while staying ahead of AI-driven attacks.
Another trend that keeps coming up in discussions at DefCamp is the impact of quantum computing on encryption. While we’re still a few years away from quantum computers being able to break current cryptographic standards, the time to prepare is now. Organizations need to start thinking about post-quantum encryption and transitioning to quantum-safe algorithms. If they don’t, once quantum computing reaches a certain level, sensitive data that’s encrypted today could be vulnerable in the future.
I also see a growing concern with the expansion of the attack surface, particularly with the rise of IoT and operational technology (OT) security. Everything is becoming interconnected, from smart devices to industrial control systems, but security isn’t always keeping up. Many organizations still don’t fully understand how much risk they’re exposing themselves to by integrating IoT devices without proper security controls. I think we’re going to see more targeted attacks on critical infrastructure and smart environments, making IoT security a top priority.
Another issue that keeps growing is supply chain security. We’ve seen major cyberattacks where attackers don’t go after a company directly but instead target a third-party vendor with weaker security. This has been a huge wake-up call for organizations to start looking beyond their own defenses and evaluate the security of their entire supply chain. If even one vendor is compromised, it can have a ripple effect across multiple businesses.
Finally, I believe regulation and compliance will become even stricter in response to these emerging threats. Governments and international organizations are already pushing for stronger cybersecurity frameworks, and businesses will need to keep up. Regulations like GDPR and NIS2 have set the tone, and I expect to see more global standards emerging to ensure companies are held accountable for securing their data and systems.
It is clear that cybersecurity is becoming more complex, and threats are evolving faster than ever. That’s why it’s so important for professionals to stay engaged, continuously learn, and participate in community events like DefCamp. The best defense is a combination of innovation, collaboration, and a proactive mindset. Organizations that take cybersecurity seriously and adapt to these trends will be the ones that stay resilient in the face of new and emerging threats.
What’s next for DefCamp? Are there any upcoming initiatives, collaborations, or new directions you’re particularly excited about?
DefCamp has always been about pushing the boundaries of cybersecurity knowledge, fostering a strong community, and providing hands-on experiences for security professionals, enthusiasts, and students. Looking ahead, I’m really excited about several initiatives and new directions that will take DefCamp even further.
We’ve started last year our collaboration with Global Cybersecurity Camp (GCC) and we’ve seen first hand how important cooperation and knowledge exchange work and we will most probably continue to develop such partnerships with different organizations around the globe,
Another area we’re continually investing in is Capture The Flag (CTF) competitions and hands-on challenges. Over the years, the DefCamp Hacking Village has been one of the main attractions for all attendees and speakers alike, competitions have become internationally recognized, and we want to elevate them even further by incorporating more advanced real-world attack scenarios, AI-driven challenges, and red vs. blue team simulations. The goal is to create an even more immersive and realistic training ground for ethical hackers to sharpen their skills.
We’re also looking at cybersecurity awareness and education for businesses and non-technical audiences. Cyber threats are no longer just an IT issue; they impact entire organizations, from executives to employees. We want to expand our efforts in providing practical, accessible cybersecurity education to help companies build a stronger security culture.
Lastly, I’m really excited about strengthening our international collaborations. DefCamp has always had a strong global presence, but we want to take it a step further by partnering with more international conferences, cybersecurity organizations, and research groups. The cybersecurity landscape is global, and collaboration is key to staying ahead of emerging threats.
At the end of the day, DefCamp isn’t just an event – it’s a movement and a state of mind. Our mission remains the same: to empower, educate, and connect the cybersecurity community. The next phase is all about growth, deeper engagement, and making an even bigger impact.
I can’t wait to see where we go from here.