Last week, on March 12 and 13, 2015, I had the opportunity to attend and present at BSides Austin. The conference was two full days of exciting talks and conversations ranging from general security practices to privacy concerns.
About 250 people attended, but I never felt lost in the crowd or afraid to chime in on group discussions.
Engaging with so many smart and passionate people excitedly explaining their ideas reaffirmed that I have made a great choice in choosing computer security as a profession.
Wendy Nather, of 451 Research started the conference with her Keynote, ‘Ten crazy ideas for fixing security’. She told us the story of her father encouraging her to learn programming and how things have changed for people learning today. Her ideas and suggestions came from her and her fathers long history in the industry and inspired the audience to think of our work in new and unique ways.
Jay McLaughlin, CSO and Senior Vice President for Q2 presented the follow-up keynote, speaking about how his firm helps to protect financial institutions from computer-related threats. He posed that security is not a department in an organization, but an essential function. While it’s fun for those of us interested in computer security to convene and engage in technical discussions, we need to cultivate our ability to speak the language of executives by discussing risk instead of security solutions. Addressing risk will allow us to communicate with decision-makers so they make business decisions to address or include security concerns.
Michael Gough spoke and engaged with the audience with his talk, ‘We preach, but do we practice what we preach?’. He covered a wide range of topics, including credit and identity protection, proper data storage and encryption concepts as well as general computer security best practices. He even mentioned OpenDNS as a great tool to protect against phishing and malware!
I presented on building an intrusion detection system in a cloud environment to provide visibility into attacks on shared hosting. During my talk, I was able to demonstrate catching attacks from any source to websites hosted on completely different networks.
Kate Brew, Content Manager at AlienVault and Charisse Castagnoli, Information Security Strategist at Websense together delivered a clever and humorous talk titled, ‘Blue team responses to people who hack like a girl’. They illustrated several actual security situations while quizzing the audience on appropriate mitigations, with prizes for the best answers.
Adam Kujawa of MalwareBytes spoke on the basics of malware analysis, providing a great introduction to the art and science of guessing the purpose of malicious software. He explained static and dynamic analysis and walked the audience through some great tips and techniques.
The first day was closed out with what was referred to as ‘Fire Marshal Talks’, named after an incident many years ago where the local fire marshal ordered the closure of an overly-full conference. The attendees reconvened outside and continued with quick ‘fire talks’, where anyone could speak up about related items of interest.
The impromptu fire marshal talks this year ran about 5 to 10 minutes each and were in-depth and entertaining. Speakers covered the topics of physical security, penetration testing and poor shared-hosting practices.
One presenter, David Longenecker spoke about an interesting personal project in which he is using intrusion detection software to track when a computer on his home network visits a domain that’s being blocked by OpenDNS. He has created rules that notify him when the domain was categorized as phishing, malware or any of the other classifications we use at OpenDNS when protecting those who use our services.
On the second day of the conference and in the spirit of the Fire Marshal talks, we had a visit from an actual fire marshal. Larry Jantzen, Battalion Chief of the Austin, TX Fire Department Special Operations explained how the fire department trains and certifies and the methods they use to save lives and keep people safe.
In the final talk I was able to attend, Philip Beyer presented on communicating for success in security, in which he provided solid advice on effective professional and personal communication as it relates to the security industry.
There were two tracks with simultaneous speakers each day, so I regret not being able to experience all of them. If given the chance, I would have seen every single one!
However, I am so thankful to have been able to attend and present at BSides Austin. It was professionally managed while remaining inexpensive. This and all the other BSides across the country are a great resource to the security community.