It’s 7:30am on a Friday morning, what are you doing? Well about a handful of us were at National University setting up for
January 13th & 14th marked the first annual #BSidesSD. As a complete newcomer to “BSides” in general, I thought someone meant to type “Besides…” and made a typo in their sms. True story.
The official description of BSides from the website is : Each BSides is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
And that’s exactly what happened. As a Speaker Assistance & Check-In Volunteer I had the chance to witness first hand how the community truly came together in order to make this event a success. Whether it was on how to handle the WaffleTruck breaking down, or the XL tshirts missing, everyone made the effort to keep the show going. And what a fantastically amazing show it was! Special shout out to the BsidesSD board members – they were the first ones there, the last to leave and the ones constantly smiling & cracking jokes.
The event kicked off with Dave Shackleford as the keynote. His talk on Security as Code essentially highlighted how security must be considered from day 1 as part of any devops. His analogies were a major highlight in the talk. One such was the idea of pets vs. cattle. The industry is/will move from a pets mentality to cattle. Pets is essentially where you had various servers and their admins. If something happened to Zeus (a server), then Bob (Zeus’ admin) would be called. However, neither Zeus nor Bob can be scaled. Cattle mentality is if a thing acts up, you shoot it. You roll back to the other cattle. Essentially, everything has templates. Shackleford essentially inspired, and informed us while adding tidbits of humor.
The topics were quite diverse as the speakers covered from threat (detection, intelligence, analysis, testing), to social engineering, to cryptography. The schedule of the event can be found HERE. Some of the speakers have their own blogs, Adam Englander penned down his thoughts on Bsides which can be found HERE.
As a volunteer, I didn’t get a chance to attend every talk. However, one of the talks that I was fortunate enough to attend was on integrating Data Science to Cybersecurity by Ken Westin from Splunk. This intersection between artificial intelligence and cybersecurity is what I’m most passionate about. With statistics like over a million new malware are released per day, machine learning is needed! Westin aptly mentioned that ML needs to be leveraged to enhance existing analysts. To gain an overview of ML101 with terms like supervised vs. unsupervised, check out an older post HERE.
The link to go view most of the talks is HERE.
Other talks that I was really interested in and can’t wait to get their presentations include but are not limited to Exploiting Recruiters and Social Tinder-neering.
Delicious & sleep-inducing food was provided by That’s What Cheese Said & Zoe’s Place. The lock picking village had some challenges set out, and unsurprisingly some of the attendees turned out to be pros. HERE is one such example. Even the Happy Hour(s) hosted by Palo Alto was a great success or so I heard/saw the next morning. They along with Templar Shield, Cybersec Jobs were ideal sponsors that gave out free swag.
My favorite part of the event, hands down, were the conversations shared in the Speaker Room. 5 white guys & 1 brown girl…..what do you get? Stories of what happens behind the scene in the Navy. My favorite were Q: how to get banned from a ship? ANS: lose all common sense and be stupid. Q: How to avoid working on the ship? ANS: getting circumcised won’t work. The infamous alcohol stories. The crazy work stories. Jokes apart, plethora of life & industry advice were shared and I was fortunate enough to receive them.
Ok, bottom line? BSides(SD) is truly the conference to check out if you want to expand your infosec family, or if you are trying to not trip as you stay one step ahead of the curve.
P.S. This year out of the 100+ attendees, less than 20% were females. Help me increase that representation next year!
P.P.S Special thanks to:
1)@blar51 for introducing me to my Twitter Celebrity @