Small conferences and big ideas

This past weekend I had the pleasure of presenting at two different conferences in two different cities on Bootstrapping a Security Research Project. Both conferences were small when compared to large vendor-backed events like Black Hat, Interop, and RSA Conference. Those that know me know that I often viewed smaller conferences as a fantastic way to collaborate on various security topics without the hustle and bustle of a sprawling show floor and 8 or more concurrent topic tracks.

The first stop on my weekend security-a-thon was MISC.conf in St. Paul, MN.

MISCmiscconf is a conference for individuals interested in computers, information security, tinkering and other miscellany and is hosted by the Minnesota Information Security Community (Inc.). Held in a train station in downtown St. Paul, the inaugural MISC conference had the venerable Richard Thieme, author of Islands in the Clickstream, Mind Games, and UFOs and Government: A Historical Inquiry, sharing his thoughts and historical data points on the origin and evolution of personal privacy and human rights.

Funny, informative, and using language that can only be described as “colorful,” especially for a former man of the cloth, Thieme led a fantastic discussion on everything from personal privacy, its evolution, and the historical context of language used today. Perhaps the most memorable comment, that I happened to tweet, from Thieme was:

After Thieme it was my turn to take the podium and present my session on Bootstrapping a Security Research Project.  The entire talk was summarized (or Storified) by Veracode application security advocate and researcher Darren P. Meyer here.

Mike Saunders followed me with his excellent talk on Software Defined Radio (SDR) 101. In his talk, Saunders covered some of the basic hardware and software tools for getting into SDR, focusing on using Airspy SDR# in Windows. I’ve provided some links to helpful resources to get you started. In his blog post regarding his presentation Saunders mentions that he will try to outline some of the content that was discussed that wasn’t reflected in the slides – so keep checking back.

After that talk I had to Titlerush to the MSP airport to catch my flights to Miami (via Atlanta) for the annual HackMiami Hackers Conference.

My good friend Ian Amit, Senior Manager at Amazon, provided the keynote on the second day of the conference. The talk was around the value of threat intelligence, feeds, contextual alerting, and vendor efficacy.

I was up next and, after some skillful DIY podium building, presented my talk to an engaging audience.

Several attendees stated that research was either a part of their day jobs or conducted as a hobby performed during off hours and bad television shows.

Following my talk was an overview of attacker trends, as observed by Akamai, presented my other good friend Dave Lewis. Lewis’ session, DDoS: Barbarians at the Gate(way), delved into the attacker’s tool set and highlighted the types of attacks that are being leveraged against companies today.

13227681_10154092730535126_882232043049492348_oBoth events were intimate venues but I have to say that the hotel room view edge goes to HackMiami and the Deauville Beach Resort. In my opinion, however, the weather edge definitely goes to MISC – I believe it was an enjoyable 45F (7C) in MSP compared to the oppressive 90F (32C) in Miami.

I enjoyed speaking to attendees at both conferences and strongly encourage our readers to consider submitting talks to, or at least attending, these excellent local events next year.

1 Like
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.