In 2005, I was happy. I'd earned my CEH and CISSP certifications and was content in a job performing security testing. I'd heard about "hackers" and their "0-days" but had never met one nor developed an exploit myself. It was at my first Defcon in 2006 where I learned that hackers did more at conferences than merely attend talks. They participated. They shared. They picked locks! OMG THEY PICKED LOCKS! This was a community that I wanted to join but I didn't know how.
If this sounds like you (or your friend), I encourage you to join me for this talk. We'll laugh. We'll cry. Oh and I will share my top strategies for joining the infosec community too!