ShowMeCon wrap-up and what's ahead

I know. I know. It's been two weeks since ShowMeCon. I've been busy! Within hours the neighbors wanted to hang out (I brought the St. Louis beer). The next day, I had a big case of the don't give a shits. I didn't get a podcast ready for that night's release.

I went to work Monday expecting to head home and work on some stuff (like get a podcast out). Instead I was informed the development team I work with was heading to Nashville Sounds game, because some people were in from out of town and I was invited. I went. Tuesday, I played soccer for two and half hours, because I like pain (I didn't regain full functionality of my legs until Saturday). Wednesday was a social night, because those same people were in town (yay!). I got home and got the podcast out, three days late. Thursday, I wrote about suicide. Friday, I wrote about password policy. Both very serious topics.

Things sort of got normal after that. I took the weekend to kind of dink around on stuff I wanted to do. Monday I got two of the four podcasts edited I needed to. I was invited over the neighbors Tuesday for beer and baseball. Finally, last night I got four podcasts scheduled. I'm heading to Asheville tomorrow for BSides Asheville (still looking for a ticket). Much beer (and maybe a podcast) will be involved. Tonight is the night for me to write something and hopefully get a little Overwatch in. Damn I've been busy. Didn't really realize that until writing it down.

Back to ShowMeCon. This was my third year and fantastic as always. It's the ideal security conference. The hackers think it's too businessy. The business people think it's two hackery. There are more women at this conference than any other security conference, I've been to combined. I love it!

I did my first ever podcast panel, which went really well for being the first time. They had a personal trainer there to talk about health and fitness. There were a lot of questions at the end. This might be something I need to write about. I do work at a wellness company after all!

During the conference I managed to get two interviews for the podcast recorded. I really like the idea of recording interviews at conferences. It's a much better vibe when the two people are in person. It flows better. There's the low rumble of the crowd. The low thud of doors smacking closed. It's fantastic. Those will be releasing over the next two weeks.

Now that ShowMeCon is over, I've been re-evaluating my desire and need for submitting to conferences. I've been speaking since 2015. It's a great challenge and a good career booster. Now that I'm at a company that I adore and in a role that continues to expand, I'm starting to wonder the value I'm getting out of submitting to conferences. I love sharing ideas and challenging myself to become a better speaker. The downside to speaking is that it takes time away from my family.

I have two kids still in the single digits. I'd like to spend more time with them. At one point I was slated to be at 12 conferences this year. With other obligations, conflicts, and one conference not happening this year, I'm down to eight. That's still quite a bit. I've presented at all five I've gone to this year. It's not just going to the conference that takes time. It's also the preparation leading up to the conference. I spend several hours putting the talk together. Then I spend the week leading up to the conference practicing the talk. This is on top of the weekly podcast I produce.

I spend a lot of time in the field. Because of my expanding role I'm spending more time at work now too. I'm trying to find that balance. I'd like to spend more time with my kids. I think that will be at the cost of the conferences I attend. If I do submit a talk, it'll be for a podcast panel. The preparation for that is much easier than a full blown talk. I'd like to say I'm cutting back on conferences, but I don't think it'll take much for me to go to a conference (someone asks). We'll see.

 This blog post first appear on Exploring Information Security

Converge and BSides Detroit wrap-up

IMG_5368.jpg

Last week, I headed to Detroit for a wonderful conference called Converge. It was quickly followed on Saturday by BSides. This is one of staple conferences every year. The crowd is great. The venue is top notch. The other speakers are fantastic. The organizers are awesome! And of course dueling coney dog restaurants. 

This year I got the opportunity to both speak and put on a workshop. The topic is the one I've been peddling all year, Social Engineering for the Blue Team. The talk went well enough. I had to transfer slides to our new company template and I missed some notes. The workshop went really well. I got some great feedback and found some refinements that need to be made. I only had six people in the workshop. Which worked out well, because I had a lot of back and forth and contributions from the crowd. I look forward to doing it again in the future.

I recorded one podcast interview and then did another conference interview that will come out this week. I'm going to try and do more podcast interviews while I'm conferences. Before I wanted to enjoy the conference and not worry about audio equipment and recording. That's a bit selfish, because I think I can record in-person with people. This would ideally lead to some better quality interviews and content. Shout out to Jesse who told me that he liked the new format. Thanks Jesse!

I'm playing with the format a bit so, I think this can slide in nicely. I plan to record some impromptu interviews where I just hit the record button and go. I think for the over-the-internet interviews I'll use my old format. I'll tweak it a bit. Ditch the old opening where I have the interviewee listen in. Instead I'll record an intro for each episode. This will allow me to give impressions of the interview and any promotional things. Still experimenting.

The conference went really well. I caught up with some friends and made some new ones in the process. If you missed it this year, I highly encourage you to check it out next year.

Converge and BSides Detroit talks and slides

I had a great time at Converge and BSides Detroit.

This was my third attempt at going and I'm happy I finally got the opportunity to do so. The last two years I've had to cancel my plans due to life reasons. I did two talks this year. One at Converge and one at BSides. Both are linked below along with the slides for both talks.

How to kick start an application security program - Converge Detroit

I've given this talk at three other BSides prior to Converge. I feel like this is my best presentation of the talk so far. I will be giving it again at ShowMeCon in June.

Slides

 

The AppSec Starter Kit - BSides Detroit

This was my first time giving this talk. I thought it went well for it's first attempt. It still needs polish. It will probably be a while before I give this talk again at a security conference. I made this talk to present at developer conferences. It hasn't been picked up, yet. I'm hopeful it will for some talks later this year.

Slides

This blog post first appeared on Exploring Information Security.

BSides Knoxville - May 5, 2017

I love BSides events. It's the simplest idea that has a tremendous impact on the information security. A lot of work goes into each BSides event and there are over 200 of them worldwide. I've been to two this year already in Huntsville and Indianapolis. It was my first time attending each of those conferences (one of the perks of moving to Nashville). I had an outstanding time at both. I was afforded the opportunity to speak and make some new connections with people in the industry. I will be attending Nashville next weekend and speaking at two more next month. Detroit and Knoxville.

What I love about BSides is that each one is unique. Huntsville is in rocket city. It is one of the simplest and well run conferences you can go to. The area is a lot like Augusta. Not much around, but a lot of really smart people. Indianapolis is similar in nature and a quite possibly the most laid back. It's located at a culinary school and I ate pastries all day. Nashville feeds its attendees with catered (YES CATERED!) barbecue from Martin's BBQ. I'd put the lunch up against any conference anywhere. I will be heading to Detroit next month for that BSides which coincides with Converge Detroit. I've bailed on the organizers two years in a row due to life changing events. Not this year, though! Flight and hotel are booked. 

Knoxville is another new conference for me this year. It's already turning out to be quite the unique experience for me. I am speaking at the event. Which is a bit of an outlier for me. I've submitted to three different conferences in Tennessee and BSides Knoxville is the only one that accepted my submission. It's fulfilling that dream and my dream to have a walk up song.

I'm a big baseball fan. My dream of coming out to a walk up song in professional baseball died a long time ago. In my adulthood, I've thought about what walk up song I would choose if I were given the opportunity. That day has arrived! Along with my presentation acceptance email were instructions on sending in my preferred walk up song. I only get 20 seconds, but that's all I need.

I started thinking about all my favorite songs. There were too many to make a choice from. I decided to take to Twitter to ask for suggestions. I got some really great responses. I also took the question to ColaSec a security user group in Columbia, SC. My talk is on kick starting an application security program, so I took the question to the development team I work with. I got some really weird and interesting response. I had about 20 potential songs, so I made a survey. From there I picked the top three and created a Twitter poll.

If you have Twitter I'd love for you to vote and share. I like all three songs in the poll, so I will absolutely use the poll winner for my walk up song. If you're going to BSides Knoxville I would highly recommend planning your schedule. It helps the organizers place talks in rooms and time slots. From talking to several organizers of security conferences scheduling is one of the most frustrating things. This will make scheduling easier for the organizers of Knoxville. They're putting on an awesome conference at a ridiculously good price. It's the least you can do.

If Knoxville is in your plans May 5, 2017, hit me up on Twitter and let me know you're attending. Or walk up and say "Hi!" (I don't Twitter at conferences anymore). I'm really excited for the conference and hope to see you there.

This post first appeared on Exploring Information Security.

CircleCityCon gallery is up and bonus GIFs

All the CircleCityCon pictures are now available on Flickr.

Below are some GIFs I made from the pictures I took.

DJ Rance giving CircleCityCon attendees something to bounce to.

DJRevRance.gif

Who's behind the mask?

Here's the ladies of CircleCityCon having some fun during their "photo shoot."

This post first appeared on Exploring Information Security.

Heading to CircleCityCon

Early Thursday morning I will depart South Carolina and head North to Indianapolis, Indiana, for the three day security conference called Circle City Con. The conference is a three day event with training, speakers, and nightly entertainment that begins June 12, 2015, and ends June 14, 2015.
I am signed on as the photographer of the event to document with pictures all the fun things.

I would love to meetup with anyone going that I know, or even don't know. If you see me walking around the con stop me and say, "hi." Also, if anyone lives between South Carolina and Indiana and needs a ride, let me know. We might be able to work something out.

This post first appeared on Exploring Information Security.

Impressions from BSides Augusta

Simply awesome!

What a great BSides event. Not only was it a short drive for me, but the event itself was top notch, all at the fantastic price of free. I can't gush enough about how great of an event this was. Excellent talks, great location and wonderful people. I volunteered for the event and you can read my experience from that as well as a rant about how awesome volunteering is by clicking <------- this link.

I love that this BSides decided to go with a blue team and a red team track. It helped define some of the talks that might not have been apparent in the title or in the abstract. Full disclosure: I'm a blue team guy and thus spent most of the day in the blue track. I hear there were some fantastic red team talks like Tim Tomes', The Adobe Guide to Keyless Decryption:

But there were also some fantastic blue team talks like Tim Crothers', Techniques for Fast Windows Investigations:

Or Chris Campbell's, Using Microsoft's Incident Response Language:

What I loved in particular about this talk was the Chris spent the majority of his talk going over actual code and techniques, which is not something I see a lot of talks doing. If you're interested in PowerShell, have it up while you're watching this talk.

There's also Chris Sanders' talk Defeating Cognitive Bias and Developing Analytic Technique which kicked off the blue team track:

Finally, Mark Baggett closed out BSides Augusta with his awesome talk Crazy Sexy Hacking:

These talks were the ones that impacted me the most. Everyone is going to get something different out of each talk. I would recommend you check out all the talks at the BSides Augusta YouTube channel. I don't think you'll be disappointed.

One other awesome thing happened at BSides Augusta in that the local media showed up announced and took footage of the event as well as conducted interviews with some of the organizers of the event. This is not just a good thing for BSides Augusta, but the infosec community as a whole.

We must present ourselves to the world as professionals and BSides Augusta did that very well. I look forward to more BSides, especially at Augusta.

 This post first appeared on Exploring Information Security.

Exploring information security: How to organize an infosec conference

In the second edition of the Exploring Information Podcast (EIS) my infosec cohort Adam Twitty and I talk to Ed Rojas about how to put together an information security conference.

EdRojasThinking

Ed Rojas (@EdgarR0jas) is a Master Consultant for HP Enterprise Security and the creator of Security Zone information security conference in Columbia and the organizer of the BSides Nashville security conference. I had the pleasure of attending BSides Nashville this year and got the opportunity to snap a few pictures. Ed was a very accommodating and passionate host for the event. 

In this interview Ed talks about:

  • The first step to organizing a security conference

  • The time and effort it requires

  • How to pick the right date

  • The biggest challenges putting together an event

  • Some of the mistakes that were made

  • Where to host the event

Leave feedback and topic suggestions in the comment section.

This post first appeared on Exploring Information Security.

InfoSec links June 12, 2014

Striking similarities between a WoW raid team and an infosec team - Tripwire - The State of Security

If you’re not a gamer or hate World of Warcraft (WoW), then go ahead and pass on this article. It talks about how a WoW raid team has different roles, responsibilities and skill sets to make a successful raid run. Those same ideas and concepts can be applied to a infosec team which requires different roles, responsibilities and skill sets to accomplish its objective of securing the business. I primarily played a healer on my WoW raid teams and I think I could make a case I’ve done the same thing in information security.

Flash Poll: The Hunt For Cyber Talent - Marilyn Cohodas - Dark Reading

Information security professionals are at a premium right now. Companies are struggling to find not only security professionals, but the right security professionals with the right skillsets and at the right price to secure an environment. I’ve seen this within organizations. While it’s frustrating from a day to day operation standpoint, finding the right people and the right amount of people; I’m actually starting to see some personal career benefit.

InfoSec Conferences - Client Side Vs Server Side - Javvad Malik - J4vv4d

Javvad gives some great tips on going to security conference. If you’re in information security or trying to get into the field, one of the best things you can do for your career is attend security conference. They’re all over the place and take place throughout the year. In the last month I’ve been to two and in about a week and half I plan to go to another one. It’s a great place to learn and explore as well as make connections within the infosec community. Javvad’s final suggestion is to make content, which I’ve begun doing. You can check that stuff out in my photography section under media.

 This post first appeared on Exploring Information Security.