The seventh annual BSides Austin
computer security conference ran March 31-April 1, 2016. I served as a Host for
breakout sessions, introducing speakers, and keeping track of time. It was an
overflow crowd of 350 with 150 turned away at the door, or denied a slot on the
wait list. In addition, several student groups could not be accommodated at
all.
We had two tracks on Thursday and three on Friday. You can
find the full schedule on the conference website here. Many of the sessions were easy to
label. “I am a Software Developer. What do you mean I’m on the Blue Team?” by
Aaron Poffenberger was clearly for the Blue Team. “It’s not About the
Technology. It is About the Psychology” by Dr. Hend Ezzeddine and Flora Moon
was easy to label for Social Engineering.
But many others crossed several lines on the corporate org
chart, and the sessions were not narrowly defined. You had to pick your
presentations. That said, all of the hands-on workshops were held in the same
room on the same day.
Each track had a Host and a room Monitor. The monitors counted the room three
times (beginning, middle, end) and interfaced with the hotel staff when needed.
The convention would have cost ten times as much to attend
were it not for the sponsors.
Digital Defense, Rapid 7, SANS, and Splunk were gold sponsors this year. |
The silver sponsors were RSA, Log-MD, ISSA, Pluralsight, Checkmarx, Anomali, and Netskope. |
The five core sponsors were Velocitystorm, Expressworks, Fusion-X (thanks for the beer!), No Starch Press, and Pentester Academy. |
As a technical writer, my interests are more general. I am
seldom held accountable for information security, except as we all are. These
were among my take-aways:
- The best lockpicking tools for the money are the Sparrow Tuxedo ($40) and the Tremendous Twelve by Toools from Southern Specialties ($30).
- The best locks are biaxials from Medeco and the Schlage Primus. You can spend $75 for one of these and secure your servers, or you can buy a dozen others at $5.95 each and let us all have access to your servers.
- For a knowledge worker your credibility is your product.
- The highest priorities for information security should be Asset and Inventory Management, Decision and Remediation Workflows, and Visualization and Metrics. The lowest priorities are vulnerability assessment and scanning, penetration testing, and buying cool tools.
- Work the OWASP Top Ten vulnerabilities.
- Amateurs target systems. Professionals target people.
- Security will not be accepted until and unless IT is made personal: it is you in your home who will be violated by your release of company information at work.
Basic security |
They call it “BSides” in honor of the old rock ‘n’ roll 45
rpm single releases of the 1950s and 60s. The producer picked a hit for Side A
and put something else (usually mediocre) on Side B. Elvis Presley’s “Don’t Be
Cruel” was an exception. The Beatles releases were all exceptions.
Presentations crossed organization lines |
The concept began in the US in 2009 with Mike Dahn, Jack Daniel, and some others because the CFP [Capture the Flag: computer intrusion challenge – MEM] for Black Hat Vegas or DEF CON was oversubscribed and those unable to present decided to hold their own conference on the 'b side'. -- https://en.wikipedia.org/wiki/BSides
PREVIOUSLY ON NECESSARY FACTS
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.