Off the grid…. and on to the cons!

Just like any good spook it’s time to come in out of the cold and back into the warmth of HQ. It’s been quite a while since my last post and I need to just make the time to do it. I will get better….  As many of you can recite from memory, “Do or Do not, there is no try!” – Yoda

So begins the summer of the Cons!! There are many good one coming up and I was going to try to get to Security B-sides Detroit. The Rust Belt, the Midwest, West Virginia, and Northern Kentucy and the robustness of security cons is not to be trifled with. Here’s a list (I’ve probably missed a few so I apologize in advance!):

– Notacon up in Cleveland just happened
– Thotcon in Chi-town back in April
– 2 Security B-Sides in June/July (Detroit/Cleveland)
– Not in the region but DefCon and BlackHat is the summer biggie
– DerbyCon in Louisville, KY in September
– GrrCON in Grand Rapids, MI in September
– Hack3rcon in Charleston, WV in October

So there is virtually no shortage of quality conferences to go to and pick up a bit of knowledge. In fact, for someone living in the Midwest they can get to quite a few conferences, not boondoggles (well okay a little bit because Hackers love Hooch!), for the same cost of hitting the major July out west event. This may be the right amount of cost savings for any company wanting to keep their security pogues happy and brains filled with teh knowledge.

Why conferences? It is truly amazing how much you actually can learn, if you can break thru the booze haze and hangover! It’s also a great opportunity to see old friends and make new ones. For us poor saps cloistered in the buildings we call offices or home offices it’s a welcome reprieve to let our hair down, or in my case last year cut off for Mowhawks-for-Charity. The look on the CISO’s face was awesome when he saw me walking into the office. It sparked a great conversation of what is a hacker and what the security rank-and-file will look like in 5-10 years. It is always great to have those “educational” conversations with senior management!

The networking portion is also a good time and it’s great to meet others in the same profession but in different industries to hear about this issues. The conversations may be different but the content is common… “OWASP Top 10 is what we’re focusing on”, “Access is a huge security headache”, and my favorite “the users in our company have no regard for security”. The nice thing is that even with that commonality there is a lot of ways to address the problem.

If we should ever have a chance to meet, please don’t take it wrong if I don’t say much at first. I’m the type of guy that will listen a lot, digest the information, and begin to ask you a ton of questions. I’m not asking so many questions to be a jerk, I just have a genuine interest in learning. I like adventuring into rabbit holes and going deep until my brain hurts.

For those reading; yes I’m back, yes will be more diligent in posting, and yes I may rant a time or two!

0ddj0b

Advertisements

DerbyCon the beginning…

I have to say without a doubt that the first day at DerbyCon was tremendous!  Everything seemed very well run from the beginning and organized.  The Hyatt Regency has very nice conference facilities that are easy to access; literally just through the main entrance.  It’s also nice having the track rooms and other activities (Lock Picking village, Hardware Hacking, Vendors) on the same floor and accessible within an extremely short walk.  Some of the sponsors of the event such as Accuvant, fishnet security, Rapid7, No Starch Press, and Syngress were onsite.  Enjoy the venue for now, I suspect as it continues to grow in popularity a much bigger space will need to be found.

Even though Black Hat and DefCon were just last month the presenters had fresh and new material that had not been seen (at least that I can recall).  It was also nice only having the one track to choose from to ease one into the cornucopia of security goodness that will occur over the next few days.  A few notable moments and observations:

  • Those attending the con seem to be much more of the Black Hat crowd, the 30-something security professionals (there were a few mohawks out there but not many).
  • Dave Kennedy, Adrian Crenshaw, Martin Bos have pulled together the “who’s who” in information security for this event.  There’s not a talk on schedule that doesn’t pique my interest!
  • The venue is excellent for the inaugural event.  The audio/visual was excellent and there were no technical mishaps or outages during the technical presentations.
  • Seeing the Adaptive Penetration Testing session with Dave Kennedy and Kevin Mitnick may have been the icing on any Fanboy’s proverbial cake.  To see both present and then Dave reveal the new changes in the SET by performing a demo was awesome and I know made many anxious for the updated release this weekend.

There was one talk that really stood out and that was Johnny Long’s Hackers for Charity update.  It’s interesting and refreshing to see the community aspect of the Con.  With so much individual projects and presentations, to actually see what the Security and H4x0r community can accomplish for a great cause is very inspiring.  This is not the only Con to have this type of presentation for a need in the community but again, to hear of the scale and difference that people are trying to make with their skills, time, and resources is truly astounding!  I’m also impressed that regardless of the religious beliefs of Johnny that individuals can see that what he’s doing is much more than a calling for him.  Providing the Ugandans with food and a valuable skill, they are not only giving them a lively hood, they are giving them hope for a better life which they are realizing with Johnny’s non-proft and others that are linked with his group.  Another extension of what he’s doing can be found at InfoSec Without Borders.  This is an initiative to help charities and non-profits with their information security needs.  I hadn’t given it much thought in the past or even realized that non-profits don’t have the staff or ability to help secure their assets and data.  This struck me just as hard as what Johnny’s non-profit is doing in Uganda.  Both of these really have me wanting to give back both in time and money and I will definitely be reaching out to see what I can do to help.  I hope that others step-up and consider volunteering or donating to these worthy causes.

Great first day!  Heading off to the Accuvant party at the Maker’s Mark Lounge on 4th Street for some frosty adult beverages and a chill night.

Get ready for the ride, the next two days are gonna be off the hook!

DerbyCon is the Shizzle Bizzle!!

How many times do we as security professionals, nerds, and H4x0rs get to participate in a ground breaking industry event?  Not many, and this is one not to be missed!!  Better than the Shamwow and more versatile than the Magic Bullet DerbyCon is poised to give many other security conferences  a run for their money.  The schedule for the event reads like the “who’s who” in information security and is poised to be just as good as DefCon, ShmooCon, and ToorCon.

Interested?  Good, then click the image above!!

I’m thinking that this will the Sean Connery James Bond of Security Conferences to come.  I hope to see you there!

  • December 2017
    M T W T F S S
    « Apr    
     123
    45678910
    11121314151617
    18192021222324
    25262728293031
  • Categories

  • oddjob

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 60 other followers