Moss's hacker empire is one of the most visible in the exploding array of cybersecurity conferences around the world. The growth of that conference circuit mirrors the rapid expansion of the industry as a whole: Moss estimates that there are more than 350 annual conventions today around the world. Among them are events with names like NullCon, IoT Devcon, SchmooCon, and even a Kentucky-based security event called DerbyCon.
The granddaddy of them all may just be the global RSA Conference, which is sponsored by the cybersecurity company RSA. It's grown from a 50-person event in 1991 to an event with more than 28,500 attendees, 405 exhibitors and 550 speakers.
But Moss, who goes by the alias The Dark Tangent on Twitter, said there was more to the popularity of his early Defcon events than just food and drink—especially their open and inclusive vibe, which went against the grain in a typically secretive cybersecurity industry. And, he said, because he owned the event himself, he could invite any speaker on any topic and not have to answer to a corporate master. It was so inclusive that Moss invited federal security agencies to come to his early sessions, reasoning that they'd show up undercover anyway.
Read MoreMeet the NSA's hacker recruiter
And he said he tried to keep his events from being about selling products to focusing on sharing tools every participant could have access to. "This crowd is really applied," he said. "They want to invent something, fix something, do something."