Most of you are are probably aware of the RSA conference, but many may not be familiar with Security BSides. From the site:
What is BSides?
BSides is a community driven unconference built for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos and interaction from participants. It is where conversations for the next-big-thing are happening. We've followed the BarCamp format... because it works.
The format is intimate, i.e. small, and the content is voted on by the community. This was my first opportunity to participate in this type of conference and I found it a great environment for learning and interacting with peers.
I spent the morning at BSides and it was time well spent.
Life on the InfoSec D-list by Andrew Hay
The opening keynote was delivered by Andrew Hay. Andrew started a series of interviews called the D-list a while back and I consider myself fortunate to have been included. Before you take umbrage at the name D-list, you need to understand what Andrew means.
Being on the D-list means you are in the trenches getting the work done. You are contributing to the field and active in the community. You may not be a "star", but you care and are committed to the profession.
He talked about the importance of community and gave some tips on ways to possibly move up the chain should you be so inclined.
I thought it was a great keynote and that perspective is in no way influenced by the fact that I consider Andrew a good friend 🙂 We all have ways we can contribute to the profession and community and being on the D-list is not to be scoffed at.
Preparing for a PCI forensic investigation by David Barnett
After Andrew's keynote, David Barnett delivered a talk about PCI investigations. David is an ex-QIRA. For those who don't know, a QIRA is a Qualified Incident Response Assessor. This is the individual that will show up to perform the incident response assessment in the event you are involved in a PCI DSS breach.
David shared what is involved when a QIRA comes on site and also offered some tips on how to manage an incident in a manner that will make it much less painful. From his talk description:
Reviewing lessons learned from dozens of past forensic cases, this presentation will highlight how to prepare for a PCI mandated forensics investigation including; what steps should be taken to limit fines and fees, how to ensure you have proper legal representation, how to limit the scope of the investigation, and what questions to ask before deciding on who will conduct the forensic investigation.
This was an interesting talk with a great deal of information in it. I hope to get the slide deck and will offer other thoughts after that.
This talk was a panel that explored what can be done to remove the inherent risk that passwords bring to the table. It was a lively discussion and was particularly interesting since Michael attended via Skype. His head was huuuuge 🙂
Of particular note to me was the discussion about the difference between identity and authentication and how in most cases we have merged the two. Very interesting stuff. The conversation continues on Twitter. Join in here.
After the password panel, I moved from BSides, which was held in a co-working site not too far from the Moscone center, over to RSA. Transportation back and forth was generously provided by BigFix. I hopped on the bus and enjoyed a nice ride back to the conference site.
This was the second time I attended this panel and its third iteration. It is a fun and informative discussion about what is going on in the security industry and that we can't keep doing the same things and expecting a different outcome. There was a lot of ground covered from APT to what technologies should die to several other topics. Very interesting stuff.
Case m00p by Mikko Hypponen
After repeating my Groundhog Day experience :), I went to a talk given by Mikko Hypponen of F-Secure. Mikko’s talk was a walk-through of the investigation and eventual apprehension, at least of some members, of the computer hacking gang called m00p. Mikko is a very engaging speaker and this was a very interesting talk.
Nothing cutting edge because the case itself was a little older, but very interesting to see the steps that Mikko went through to track these folks down. The most amusing part about the story was the gang’s constant need to tell what they did and their naiveté in thinking that Mikko would not share that information with law enforcement.
This rapid-fire information onslaught was an extension of a talk Chris and Rich gave last year. It focused on the fact that innovation is often disruptive and that cloud computing is acting as such an agent right now. Chris and Rich are fun to watch and at the same time introduce a great deal of information.
One of the biggest takeaways I had from this talk is not necessarily new, but still very important. We have to talk to the business in a manner that shows we are supporting their effort, but at the same time help them understand we want to do so in as secure a manner as is appropriate. Rich offered up some tips and good questions to ask and hopefully I can get the slide deck later so they can be shared more widely.
The final event for the first day of RSA/BSides for me was the speaker’s dinner. I attending as a speaker this year. I led a peer-2-peer session on Wednesday that I will talk about in a separate post. I enjoyed the dinner and discussion even though the drinks and hors d’ oeuvres time was packed, hot and loud 🙂
I thought the first day of both conferences was fantastic and the rest followed along the same path. More on that later.