Three BSidesLasVegas Hidden Gems

Security B SidesSince we signed up as a “blogger” for this whole awesome BSidesLasVegas thing, I thought we should start by putting out some quick recommendations on how you may want to spend your time at this event. First off I generally have a rule of planning to attend no more than three talks per day … hence the name of this post. Ideally, I would like to attend all of them but then you end up missing a lot of the “hallway” discussions and other fun activities and contests. Additionally, I tend to avoid talks that are going to already get a lot of press. I would rather spend time trying to discovering some hidden gems. You can always read about the others later in the popular press. These are just some little rules I like to live by … that just how I roll. 😉 Anyway on to some recommended talks…

On Wednesday I will be getting in mid-morning so I’m just going to head over in the afternoon around 1:00 or so. Unfortunately, this means I can’t take part in some of the interesting morning talks. Regardless, starting at 1:00 I will probably hit the Collegiate Cyber Defense Competition talk by Chris Lytle and Leigh Hollowell. The presentation looks to focus on lessons learned from these competitions and how they can be used as a learning tool. I am thinking of starting an internal competition similar to this within my company. That combined with its focus as a learning tool really makes this talk a worthwhile talk for me. Next up will probably be “The Dark side of Twitter, Measuring and Analyzing Malicious Activity on Twitter” from Paul Judge and David Maynor. If you don’t know it by now, I’m sort of addicted to this whole Twitter thing [there I said it] therefore I really want to learn more about its potential downsides. Their talk will summarize malicious activity on Twitter based on two years of data and 20 million user accounts. Finally since I’ll be giving the first of three career/community-related talks, I plan to stay for Joseph Sokoly’s “Infosec Young and Restless” and then see what the Infosec Mentoring Panel has to offer. Joseph will look at improving our community image and the panel will touch on getting the most out of mentor/mentee relationships. [I’m counting this as one talk … even I have a hard time following my own rules.]

Thursday will be a bit more difficult as I’ll have a full day of talks to choose from as well as the start of some Defcon activities. I will probably start the morning out with “Social Network Special Ops: Extending Data Visualization Tools for Faster Pwnage” from Chris Summer. Visualization has always been a fascination of mine (especially for showing pretty pictures to management). That combined with information that can be extracted from social networking data and its associated connections looks to be quite an interesting way of gaining invaluable insight about an organization or person. I’m usually in favor of best practices however I do understand it has its pros and cons. For that reason I plan to check out “The Road to Hell is Paved with Best Practices” from Frank Breedijk and Ian Southam to get some of the cons. It seems it will be a fairly balanced presentation though that will answer the question “Will best practices make use more secure?” Finally, I will probably head over to see Zach Lanier’s “It Melts In Your Hand: An Overview of Security (Failures) In Mobile Applications.” Mobile is big and will only get bigger in the future. The presentation will touch on security not only from a device perspective but how these devices are connected.

Well those are some quick recommendations for BSidesLasVegas. Be sure to check out the BSidesLasVegas Talks page for more details on these presentations as well as other talks that you may be interested in. Are there any “hidden gems” I missed? Let us know in the comments below…

And if anyone wants to meetup, just mention @grecs on Twitter or find the guy with a gray Breezewood shirt on Wednesday. And like I mentioned above I’ll be giving at talk on this day as well at 4:00 titled “Infosec Communities for Career Success: Understanding, Participating, and Cooking One Up” so you can also catch me after that. There are tons of people I’ve met through Twitter and mailing lists and would enjoy finally meeting a few of you in person. See ya!

Leave a Reply

Your email address will not be published. Required fields are marked *