I attended Austin BSides on March 20. What a great event for security practitioners. I learned more in the one day for the princely sum of $10 than many $3000 RSA trips!!
BSides is dominated by security practitioners sharing their expertise, rather than vendors tirelessly (and tiresomely) plugging products.
You can just feel the excitement and anticipation.
Some Highlights from BSides Austin:
- HD Moore, from Rapid7 and of Metasploit fame, delivered the Keynote. He presented the results of his recent study, which involved probing the internet. Yes, the whole internet. The vulnerabilities he found were shocking. As an aside, he showed some of the correspondence he received as a result of his probes. Long story short, there were people who wanted him in handcuffs, until he explained the research value of his project. Even then, it sounded like some people were still in favor of handcuffs..
- Samuel Shapiro of Digital Defense covered Your Printer is why you got owned, which was a really fun talk backed up by a lot of experience and interesting stories.. Samuel nailed it: printers are just computers on the network. Just because they talk to paper too doesn't mean they are not a target capable of being compromised, breached and used to get to other assets on the network.
- At lunch, Max Westbrook, a Private Investigator, talked about his job, what he does on a daily basis and how he attained his PI license, and told us about some cases he had recently worked.
- Michael Gough and Ian Robertson did a talk on the Malware Management Framework they are building. They talked about malware (affectionately called "maulware" attacks) and how they have defeated them, without having to call out for reinforcements. Michael has a fun and educational blog called HackerHurricane.
- There was a great panel on Emerging Threats. Marcus Carey was a popular panelist, with his military and NSA experience and ThreatAgent.com, but I do have to note he was drinking Diet Pepsi whereas the other panelists were drinking beer. Actually after about an hour, the panel became a bit more like a drinking game than a stodgy security panel, with anything from "PCI" to "Emerging Threats" becoming words demanding that all panelists drink. Michael was the moderator and he was pretty militant enforcing that rule.
The Emerging Threats Panel. Note: Beer has indeed been served. Marcus is at the far left, nursing a Diet Pepsi as Michael enforces strict mandatory drinking requirements.
Interesting security comments / observations:
- Unfortunately, Prevention is dead. Total Fail.
- When under attack and you've found the culprit, DO NOT show you hand. Protect your assets, but let the guy think you still don't know Force him into a small area and keep an eye on him.
- Security practitioners tend to believe the following are threats: users, IT, management, outsiders, insiders, 4 year old children, other countries, and everyone else. The group could not agree on any group, or anyone, to trust.
Clare Nelson of ClearMark Consulting summed it up nicely, "When I compare my RSA trip last month, the content pales in comparison with BSides. Michael did another spectacular job directing BSides Austin to make it a truly valuable learning experience. For an RSA presentation to be accepted, all of the good stuff (failure of a product to function, war stories, etc) gets filtered out! This is truly a disservice, because no one in cybersecurity can afford to buy products that don't work."
All in all, it was a remarkable event. Watch out for local BSides meetings coming up in your area - they are pretty awesome. In the meantime, you could check out our SIEM, Log & Event Manager, with a free full-function 30 day trial..