What a weekend. I had the privilege of coordinating the inaugural Security Bsides event saturday. First off, a major shout out to the entire org team, sponsors, speakers, and most importantly the community, that made it possible.
What is Bsides?
Some call it a security conference, but I think it’s so much more than that. The huge mega-conferences provide some great sessions, cool parties, and a chance to have everyone in the same place at the same time.
Bsides strives to be a more “intimate” conference that brings together the vibrant community. The key I’ve found, is in the fact that people don’t attend a Bsides event, they participate. Presenters don’t present data, they start conversations, which then continue, spill out into the hallways and spread the fire of knowledge.
What was so Cool?
You had to be there to see it, to hear it, but for an organizer, I see success whenever I see a speaker leave the stage, step in the hall and suddenly, they are off sitting in a group having a debate (sometimes loudly and enthusiastically) about something that was presented. Or they are on a whiteboard working out a solution, new creation, or just detailing a problem with their peers.
I see success when someone pops their first lock in the pick village, and gets that look in their eye of disbelief, as they hear that click.
I see success when someone’s arduino comes to life for the first time, and in the span of a couple hours they go from zero to coding basic arduino. Hearing the excitement when someone gets their code to run for the first time after hammering away at it.
This is success for a bsides conference and why it’s so cool. The IT industry, specifically the security portion (sorry @myrcurial ) can be a meat grinder. Security geeks spend our days getting pummeled from all sides. We get beat for finding issues and have to fight the fight to get them fixed, beat for not finding an issue, or just given 80 hours of work to do in 40 hours… and told quality is important. On top of all that, if we do make a mistake, it’s likely to be dangerous and very visible. (miss a vuln, get hacked, who get’s the backhand?..)
Conferences like Bsides are almost a retreat for the security community. A place where we can talk important issues in an environment that is built to foster the search for knowledge. A place that encourages out of the box, outrageous thinking. They end up being a place where we can work with others concerned about the same things. A true cross company, cross cultural melting pot of ideas. From that, the next big solution, technology, methodology or crazy meme is born and nurtured.
Here’s a little hard data for the Seattle Bsides event:
Keynote –> Jack Daniels Hacking Non-Traditional Systems –> Luis "connection" Santana Hacking the Industry: From Hacker to Consultant –> Sean Malone and Noah Beddome SSL++ : Tales of Transport Layer Security at Twitter –> jim oleary @jimio Getting Shit Done –> Lori Woehler @msftlori Fuzzing 101 –> Andy Renk Advanced Programming for Penetration Testers -Benson Kalahar and Tom Steele Who's coming after the cookies in your cookie jar? -@wepIV Privacy for Security: Dancing with Lawyers - Jason Shirk Offensive Defense –> Stephan Chenette Panel: Security: Past, present and where the fucks my hoverboard? -> Noid, Jack Daniels, James Allen , moderated by Josh Michaels
Workshops: Lock Pick 101 –> Scotland Intro to crypto attacks –> David Marshall Arduino Class –> Matt Duharte OWASP ZAP Tutorial –> Yvan Boily
Attendee count: about 140-150
The range of topics for a one day conference was pretty awesome.
If you get a chance to participate in a Bsides conference, do it. Don’t wait, sign up and go. Be a speaker, sponsor, participant, organizer. Checkout: Security Bsides to see when Bsides is in your area.