His ex-military credentials give us the good shivers, and his dedication to philanthropy is helping bring technology education to the places it's needed most. Meet Marcus J. Carey, founder of Maryland IT security consulting and research firm Saecur, and mastermind behind DojoCon, the newest, and in many ways most promising, IT security convention on the East Coast.

After moving from the public sector at U.S. Navy Cryptologic Security Group, to the private sector's Computer Sciences Corporation, Marcus landed in his very own boardroom with a headful of ideas and, clearly, a belly full of Wheaties.

Collaborating with Johnny Long, whose group Hackers for Charity brings PCs and the know-how to use them to impoverished areas of Uganda, Carey launched DojoSec, a monthly security meetup which quickly became popular in the U.S. northeast. Now, Carey casts his net wider with November's upcoming DojoCon.

We catch up with Marcus in his secret underground bunker beneath the Baltic Sea for some crumpets, pear cider, and a quick chat.

DojoCon is a newcomer on the conference scene, yet it immediately sets itself apart from the pack with its uniquely charitable goals. Tell us a little about Hackers for Charity, and how you two teamed up.

Actually DojoSec, DojoCon, and Hackers for Charity were all born in the same place. Johnny Long and I were both working as security researchers at Computer Sciences Corporation (CSC). It was weird that we came from different backgrounds, he was a hacker and I am the ex-military network defense geek. Working with Johnny was a blast because in mentoring me to be his replacement, he taught me how to "hack stuff". Co-workers would joke about our relationship calling me "Pretty Much Johnny".

Johnny and I had a lot in common. We both shared the same faith and the desire to help people out. After Johnny's first trip to Uganda he found his calling. My calling has always been to share my knowledge. I'm a compulsive mentor.

Long before there was a DojoCon, Saecur has been holding DojoSec monthly security breifings. What are those all about?

The goal of DojoSec monthly briefings is to give people a taste of what they're missing at industry conferences. Many conferences are cost / travel / work / family restrictive. I just want to provide a forum for people to share information.

So what inspired the DojoCon convention?

After attending a couple of conferences with Johnny, I was convinced we could do something like that locally. Many of the speakers we would see at major were local to Maryland, Virginia, or DC. With Johnny, I knew I had an ace in the hole for the first keynote speaker. People loved Johnny, and they loved the food.

We have been able to recreate the quality of the first DojoSec almost every month since October 2008. So that's how DojoSec became a hyper-local security phenomenon. According to people who would know, it's the most well attending local security meet-up in the country.

It has long been a goal of mine to be able to make a significant financial contribution to Hackers for Charity. DojoCon will start the process of making that goal come true.

Were the DojoSec briefings a stepping stone to DojoCon in the sense that the connections you made doing DojoSec have allowed you to smoothly scale up?

Definitely, DojoSec has received a lot of support from the information security grassroots. I've had amazing people show up to DojoSec and volunteer to speak. There is a saying that "Real recognizes real". There are a lot of very "famous" people in the information security industry that have reached out and supported me. I just want to say thanks to everyone.

The DojoCon theme for 2009 is “The State of Information Security”. If it was entirely up to you to answer that question, what would you say that is?

The industry is made of humans. Currently our industry is overly reliant on tools. Many "security professionals" and "hackers" don't have a basic understanding of how computers, operating systems, networks, or programming works. This causes them to rely on what someone else says, writes, or develops.

Same questions as above, in four words or less.

Back to the basics.

Sounds straightforward. So, organizing a conference and herding cats: similar?

DojoSec monthly briefings preparations is like herding a couple of cats every month. DojoCon is definitely more pressure. Pressure can bring out the best in you.

From what we've seen, there are three types of security conferences out there: white hat cons, mischievous hat cons, and boring hat cons. Where on the heretofore fairly polarized hatrack would you prefer to see DojoCon land? What kind of atmosphere would you like DojoCon to inspire?

I want to create a relaxed learning environment at DojoCon. The goal of this conference is for people to learn from the industry's finest. At DojoCon you will see "People Who Actually Know What They Are Doing" hats. I value all aspects of information security from attack to defense, free software to commercial, as long as it works. There are a lot of people out there posing as experts, but are just hyping stuff up. At DojoCon, attendees will hear from experts that really have contributed to the overall security industry.

What's your vision for this event?

I want DojoCon to be like a trip to Disney World for the information security professional. Just sit back, listen, learn, and question the best our industry has to offer. I want them to leave with a well-fed mind. With DojoCon, I'm trying to create magic!

Check out the first DojoCon, November 5, 2009 near Baltimore, MD!

See the Con-Techie DojoCon listing - >