The seventh annual BSides Austin computer security conference ran March 31-April 1, 2016. I served as a Host for breakout sessions, introducing speakers, and keeping track of time. It was an overflow crowd of 350 with 150 turned away at the door, or denied a slot on the wait list. In addition, several student groups could not be accommodated at all.
We had two tracks on Thursday and three on Friday. You can find the full schedule on the conference website here. Many of the sessions were easy to label. “I am a Software Developer. What do you mean I’m on the Blue Team?” by Aaron Poffenberger was clearly for the Blue Team. “It’s not About the Technology. It is About the Psychology” by Dr. Hend Ezzeddine and Flora Moon was easy to label for Social Engineering.
But many others crossed several lines on the corporate org chart, and the sessions were not narrowly defined. You had to pick your presentations. That said, all of the hands-on workshops were held in the same room on the same day.
Each track had a Host and a room Monitor. The monitors counted the room three times (beginning, middle, end) and interfaced with the hotel staff when needed.
The convention would have cost ten times as much to attend were it not for the sponsors.
|Digital Defense, Rapid 7, SANS, and Splunk were gold sponsors this year.|
|The silver sponsors were RSA, Log-MD, ISSA, Pluralsight, Checkmarx, |
Anomali, and Netskope.
|The five core sponsors were Velocitystorm, Expressworks, |
Fusion-X (thanks for the beer!),
No Starch Press, and Pentester Academy.
As a technical writer, my interests are more general. I am seldom held accountable for information security, except as we all are. These were among my take-aways:
- The best lockpicking tools for the money are the Sparrow Tuxedo ($40) and the Tremendous Twelve by Toools from Southern Specialties ($30).
- The best locks are biaxials from Medeco and the Schlage Primus. You can spend $75 for one of these and secure your servers, or you can buy a dozen others at $5.95 each and let us all have access to your servers.
- For a knowledge worker your credibility is your product.
- The highest priorities for information security should be Asset and Inventory Management, Decision and Remediation Workflows, and Visualization and Metrics. The lowest priorities are vulnerability assessment and scanning, penetration testing, and buying cool tools.
- Work the OWASP Top Ten vulnerabilities.
- Amateurs target systems. Professionals target people.
- Security will not be accepted until and unless IT is made personal: it is you in your home who will be violated by your release of company information at work.
They call it “BSides” in honor of the old rock ‘n’ roll 45 rpm single releases of the 1950s and 60s. The producer picked a hit for Side A and put something else (usually mediocre) on Side B. Elvis Presley’s “Don’t Be Cruel” was an exception. The Beatles releases were all exceptions.
|Presentations crossed organization lines|
The concept began in the US in 2009 with Mike Dahn, Jack Daniel, and some others because the CFP [Capture the Flag: computer intrusion challenge – MEM] for Black Hat Vegas or DEF CON was oversubscribed and those unable to present decided to hold their own conference on the 'b side'. -- https://en.wikipedia.org/wiki/BSides
PREVIOUSLY ON NECESSARY FACTS