I'm heading to my first Defcon on Wednesday, and naturally, I'm a little bit anxious about prepping my devices so as to not get pwned. The advice I've seen for this varies wildly – some people go all out and use a separate phone and laptop for the convention, while others simply turn off wi-fi and Bluetooth.

I'm thinking the best strategy for me is somewhere in the middle – make sure I'm locked down and have backups, but don't put myself through hell when the odds of anything bad happening are realistically low. I'm not a worthwhile target; anyone who would waste 0days on the likes of me is probably not smart enough to have found a 0day in the first place.

So, I'll be bringing my normal work laptop (MacBook Pro), my normal cell phone (HTC 10), and even my tablet (Asus ZenPad 3S 10 – probably won't be using this much besides on my flight though). Without further ado, here is the checklist I'll be following to prepare for Defcon:

Pre-con

Patch, patch, patch! OS X system updates brew update; brew upgrade app updates Android updates (if available)

Backup everything.

Shut down local web/database servers.

Port scan myself with nmap – make sure I'm not running anything else.

Enable 1Password Travel Mode.

Withdraw enough cash that I never have to use an ATM in Vegas.

Remove RFID cards from my wallet (namely my office badge).

During the con

Keep all unnecessary radios off (Wi-fi, Bluetooth, NFC, GPS). Due to BroadPwn, I'm not gonna be using wi-fi at all on my Android devices (neither of them is up to the July update yet).

In the con, only use direct-to-internet wi-fi. In the hotel, only use wired.

Always use VPN, and turn it on before connecting to wi-fi.

Leave laptop/tablet in the hotel safe unless I have a specific reason to bring them out.

Do not let any of my devices leave my vision.

Don't trust any device anyone gives me. The last two are obvious, but I'm particularly keen on mentioning them now that PoisonTap is a thing.

Use USB condom if using a public charging station.

Only communicate using Signal if possible.

So that's my list. It might not be perfect, but I think it should be sufficient for me. What do you think? Am I too carefree, or even too paranoid? Did I miss anything crucial?

[discuss on /r/Defcon]