I'm like the proverbial kid in a candy store. This my favorite time of year. Between Black Hat, Defcon, and BSides, you have feds, criminals, security experts, reporters, and everyone in between congregating in the city of sin. What's not to like? Here's a rundown of these events, my picks for talks not to be missed, and an invitation.It's a good time to be me: This weekend I'll head to Florida to see friends and spend some time in South Beach. In three weeks I'll go to Seattle to catch up with the start ups of Puget Sound. After that, a few work trips to Asia and Europe.
But what I'm really excited about is that my annual pilgrimage to Las Vegas is only a week away. First, there's Black Hat, which will be filled with sponsored parties and great talks. Plenty of industry deals get closed here. The lineup of speakers and topics looks good this year, definitely worth attending.
As Black Hat begins to wind down, the city will be filled with a different crowd as the Defcon hacker conference kicks off at the end of the week. Defcon is an eclectic mix of who's who from the corporate and underground scenes. Good guys and bad all intertangled for the same purpose: to learn and spread ideas. This year, Defcon is running a bit longer than usual and has added talks all the way through the weekend, so if you're in town, swing by and check it out.
Less well-known is the Security BSides conference, or just BSides for short. The founders of BSides formed it with the intention of creating a more informal gathering where presenters and attendees have plenty of time to mingle and discuss topics in depth. Gone are the VIP suites reserved only for the elite few who speak. Instead, presenters, attendees, and yes even press are treated the same. We all talk, discuss ideas, and help one another learn and solve problems. BSides is beginning to draw traction as it expands to different parts of the country. Each BSides event is organized by people who live in the city where the event is being held; this gives a local feel and makes attendees feel much more at home.
The casual, collaborative environment fosters sharing of ideas. At a recent Boston event, some attendees were huddled in a corner writing code to prove a theory, while others were discussing problems they face day to day and how to solve them. At the end of the day, this is what it's all about.
I have always said my favorite time at conferences is not the talks, though there are some good ones. At RSA each year you can find me in the lobby of the W catching up and discussing the finer points of Russian cybercrime. At Black Hat ... well, it's Vegas, so you probably can't find me unless you have me on foursquare. At BSides I'll be watching quietly to see if this little scrappy conference that could is ready for prime time.
Just a few of the talks I recommend attending
Black Hat Jackpotting Automated Teller Machines by Barnaby Jack. Extending Data Visualization Tools for Faster Pwnage by Chris Sumner Ushering in the Post-GRC World: Applied Threat Modeling by Alex Hutton and Allison Miller App Attack: Surviving the Mobile Application Explosion by John Hering Hadoop Security Design by Andrew Becherner
Defcon How to Get Your FBI File (and other information you want from the federal government) by Marcia Hoffman/EFF Our Instrumented Lives: Senors, Sensors, Everywhere by Greg Conti Open Public Sensors and Trend Monitoring by Daniel Burroughs Web Application Fingerprinting with Static Files by Patrick Thomas Practical Cellphone Spying by Chris Paget The Chinese Cyber Army by Wayne Huang and Jack Yu
Security BSides Mobilizing the PCI Resistance: Lessons From Fighting Prior Wars by Gene Kim A Mechanics View of SQL Injection by Ray Kelly InfoSec Communities Career Success by Grecs Top Ten Things IT is Doing to Enable Cyber-Crime by Daniel Molina Drivespolit: Circumventing Both Automated and Manual Drive-By-Download Detection by Wayne Huang Multi-Player Metasploit by Ryan Linn (Special appearance by HD Moore?)
The clock is ticking down and I am ready to head to the desert. Find me during the week and let's catch up, or meet for the first time. As always, follow me on Twitter, @adamely, to get my up-to-the-minute thoughts during the conference. If you are sleuthy enough to find me on foursquare you might even locate the infamous RaffCon meeting and other parties during the week. See you in Sin City.