[Infowarrior] - Infosec’s Alternative Subculture on Display at Security BSides

Sun Apr 19 09:22:04 CDT 2015

Infosec’s Alternative Subculture on Display at Security BSides

By Stephen Lynch

April 16, 2015

https://blog.opendns.com/2015/04/16/infosecs-alternative-security-bsides/

Next week, thousands of people will attend RSA Conference, the biggest information security event in the world. But at OpenDNS’s offices in San Francisco’s SoMA neighborhood, an alternative event will be taking place, one that is growing in popularity among security professionals, eschews the flashiness of larger trade shows, and focuses on providing alternative viewpoints and practical methodology.

Taking place from Sunday to Monday, April 19 and 20, the Sixth Annual Security BSides San Francisco conference will feature a diversity in community-curated workshops and sessions seldom seen at larger security conferences. The show’s agenda ranges from workshops on reverse engineering Android apps to talks about media’s perception of the infosec community. On Sunday, a talk about analyzing malicious domains runs alongside “How to Sell Security Without Selling Your Soul,” a discussion of how to attract and retain good people in the industry.

“BSides is the punk rock event of the security industry,” said Banasidhe, one of the core organizers of BSidesSF and executive producer of BSides Las Vegas. “Volunteers are putting in so much of their own free will and their own heart into the event. No one is doing it for the money. No one is doing it for the fame. It comes from the community, for the community.”

Unlike big budget conferences like RSA and Blackhat, BSides relies heavily on the infosec community for sponsorship and support. BSides San Francisco will be almost entirely staffed by volunteers, and the BSides Las Vegas is still accepting community donations for its August event.

While two of the biggest events–BSides San Francisco and BSides Las Vegas–are both scheduled so they benefit from the large crowds attending established security conferences like RSA, smaller satellite un-conferences abound. The Security BSides organization bills itself more as a framework for building events for and by members of the information security community. With a roster of more than 60 BSides conferences listed on the main website, BSides counts cities from Algiers to Warsaw as past event locations. According to Banasidhe, the fact that the events have taken place on every continent except for Antarctica shows how much untapped demand there is for access to security education.

“In the case of Las Vegas and San Francisco, we’re providing alternatives for people who, for example, might be unemployed or students,” said Banasidhe. “It’s an extra couple of days of infosec training in an arena that allows them to learn without breaking the bank. BSides allows them to do with in their own backyards.”

OpenDNS Security Labs Researcher Kevin Bottomley agrees. “The event is almost free, which is nice. You meet really cool people, and not just those in the information security,” he said. “You could meet people from HR or someone who is interested in learning more about the security industry. It could be an IT guy whose company has gotten phished in the past, and he may want to be more knowledgeable of it and find ways to fight it.”

Bottomley, who is giving his own talk at BSides SF on the evolution of modern phishing campaigns, also points to the different and varied topics at BSides as another reason to attend the conference. “There was some pretty cool physical security stuff at BSides a couple years ago, which is something you don’t see at more mainstream events. At BSides, I always like to check out the Lockpick Village and see how fast I can tear through all of their locks.”

But more than just novelty, Bottomley says that the diversity of BSides provides him with a much-needed perspective by showcasing other aspects of the infosec community than the ones he focuses on for his day-to-day work.

“BSides is good for networking, good for meeting people from other companies,” he said. “It gives me a chance to see what other people are doing, what they’re presenting on. Usually you focus on one narrow aspect of security for most months or years at a time. This is an opportunity to listen to what other people have to say.”

BSides SF is happening April 19 & 20 in San Francisco. For more information, visit http://www.securitybsides.com/w/page/90944586/BSidesSF2015

--
It's better to burn out than fade away.