Why Infosec Conferences are Awesome [DC, BSides, Steelcon, The Rest]
Taking a quick step away from tutorials and write-ups, here is what was originally a blog about DEF CON 25 and all the things in-between. However, as I'm just back from BSidesManchester, and having also been to a few other conferences this year I decided to amalgamate all of the experiences of each into one post.
Basically to give you an overview of the conferences I've been to this year and the differences between them, explain why conferences in this industry are arguably the most fun you can have and also one of the most useful opportunities to leverage to speak to people.
The conferences I've been to this year have mainly been BSides events and other UK events with the wildcard of DEFCON 25:
- DEF CON
The conference circuit starts for me in February and finishes around August. However, that might change soon with attendance of others.
February: Securi-Tay (Dundee, Scotland)
Starting out in February to begin the conference circuit(for me anyway) was a short trek up to Dundee for Abertay's Securi-Tay which was its 6th(?) year. Featuring some great talks and some great sponsors, it certainly kicked off the year to a good start with plenty of students along to chat to and some big names in the industry too. This was my first year attending Securi-Tay, and I found it pretty enjoyable however compared to other slightly larger conferences it has room for improvement.
The big benefit of Securi-Tay is that it's very student friendly. As it is run by a university society, it creates some great avenues for students to interact with potential employers and vice versa. I'd recommend it to any students in the UK hoping to get into the industry and specifically to those in Scotland as it's not too far in comparison to a trip to London or further afield.
April: BSides Edinburgh (Edinburgh, Scotland)
Moving on from Securi-Tay, was the first year of BSidesScotland which was held at Edinburgh's Royal College of Physicians. Not your conventional venue for a BSides event, however, it worked really well. As with all conferences, there were lots of interesting talks, some of which were given at Securi-Tay 2 months previous, however, re-done to capture more of an audience.
For a lot of people in the Scottish security scene, this was a first conference for a lot, so lots of interesting folks to chat to and learn about new ways of doing things. The biggest difference between this BSides event and others I've been to was mainly the venue and wealth of different talks on lots of interesting topics. This was a special conference for me, as not only was it the first BSides to take place in Scotland. It was also where I met DrFed who invited me to help out at DEF CON 25 as a GOON(explained further down in the DEF CON part of the post).
As a first run at a BSides event, I have to say the team made an excellent effort, hats off to Marion & the Rorys for pulling it off! Here's to
BSides Glasgow 2018 Coming Soon!!!
June: BSides London (London, England)
This was another first time at an event this year; BSides London.It was also the place where I [un]officially launched my book thanks Iggy for the opportunity to do this.
Out of all the UK conferences I've been to it is by far the largest attended, it is also the longest running(?), so the greater attendance comes with the maturity of the con. As I was tied to a desk signing books for a significant proportion of the conference I didn't get to see any talks :(.
However thankfully with a lot of conferences, these talks are recorded and uploaded to YouTube thanks to the legend that is Cooper. As a result of this, I managed to watch Neil Lines 'Enemies of the West' Talk on catch up, which is very good, really informative about windows infrastructure attacking. I picked up a few useful tips for use in two different exams.
I've not mentioned it so far but with most conferences there usually are parties, and after parties, in most cases, these tend to be at a local drinking establishment. Usually, this is where the greatest ideas for the next conference(s) are created. It's also worth noting you don't have to be a fan of alcohol, all of the conferences since Securi-Tay(this year) I've been sober at, and they're just as fun if not more enjoyable as you wake up feeling very fresh the next day.
July: Steelcon (Sheffield, England)
Out of all of the conferences I've been to steelcon is certainly the most family friendly. With a fully active kids track, it is very accommodating to all ages which is great to see inspiring the next and future generations of hackers!
Featuring a few tracks of talks it is run very similar to BSides events however with the added emphasis on charity and including all of the community through all ages, certainly, the other conferences are inclusive however SteelCon feels the most at home with age ranges. This year was my second time going along, and it's tied with Defcon and BsidesMCR as my favourite one to attend so far.
Based on the crowds who come along, the general atmosphere, it's run by three great guys who all have a fantastic sense of humour, what I will say is be careful what you say to Robin on twitter throughout the year as it might end up getting you in hot water the following year at SteelCon. Not for the worse but for the humility.
It claims to be a conference in the 'North' however just sayin' Scotland is a lot more north ;-)!
July/August: DEF CON 25 (Las Vegas, Nevada, USA)
DEF CON, Las Vegas, Nevada, USA. The single biggest hacking event on the planet! This year was my second time attending and my first volunteering as a SOC Goon a.k.a an enforcer of fun and keeping folks safe.
Starting out the trip from the get go I flew out first class which was a first for me, made the trip seem like less time in the air, and it allowed me to have a laydown and a sleep :D. Upon arrival into the states, border control was a breeze(which is always nice), skipping on ahead to the Wednesday.
Few people other than those who help set-up DEF CON will know what stanchion-con is or have even heard of it. Neither had I until it was upon me, essentially it is all the set-ups of various lines and structures for the conference including the famous line-con(the queue for registration on the first morning of DEF CON).
Now to many, this may sound pretty dry and dull however it ended up turning out to be pretty fun, lots of laughs and funny moments. Plenty of heavy lifting too(gym starting to pay off) lugging about a few hundred poles and tapping them up to organise what would later become the line for registration the next day.
Being the first day of official shift as a DEFCON newbie goon (n00n), as I was still jet-lagged at this point, I woke up at 3 am and sauntered down to help out at 4 am with making sure the registration line flowed freely and that there weren't too many stoppages.
With registration opening at 6 am, the game aimed to get as many folks into the reg hall as possible allowing for a fast, free flow of movement. While talking to people and making sure everyone was alright. Bearing in mind most people that go to LineCon aren't morning people, they're just awake or have camped over night to get their badge.
This is where being a Goon comes into its own in the morning, you have the opportunity to encourage conversation, and the line ends up being more fun. As after all being a SOC Goon really is the enforcement of fun, we're not here to rain on anyone's parade just to ensure the halls are free flowing, and folks are having a good time.
Eventually, when registration was open, the foot-flow was very quick with the average time from entering LineCon to getting a badge hitting 20 mins, and by 8.30am the registration hall was cleared out meaning it only took ~2 and a half hours to clear the hall which I've been told is record time. Estimated this year there were about 30k+ badges sold!
Working as a n00n at DEF CON
My second time at defcon but first year volunteering as a goon, it's amazing how different it is to attend as a goon(helper) vs a human(attendee). All of the hard work that goes on behind the scenes is unreal, usually, before shift, you turn up an hour before, with first shift starting 2 and a bit hours before the conference show floor opens.
This allows for setting up lines and planning a lot of traffic flow ensuring everyone is getting to where they need to be, to give a better idea have a read about herding cattle. Aside from herding cats, there's a lot of policing talks to ensure folks aren't line jumping etc, using exits as entrances and all that jazz.
As an experience over all, it was mental fun, lots going on and I hope to help out again next year!
August: BSides Manchester (Manchester, England)
My last conference of this year(so far, unless something else comes up and looks interesting, sorry 44Con). Now in its 4th year BSides Manchester has evolved a lot gaining a lot of traction in the space and bringing lots of different people together from around the world.
This was the first conference I ever attended(back in 2014) and also enabled me to speak to people which later resulted in a job working for Pentest Limited(Now renamed to Secarma). It shares a lot of traits with the other BSides events however has a very big presence from a lot of newer companies in the space and Manchester is a bit of a hub when it comes to security companies.
Well worth going along to if it's nearby, I've seen folks going along to it from all over the world and flying in just to share knowledge and a drink. This year's event saw the first official 'beersides' as it was dubbed, the pre-event party with a few lightning talks about various subjects. Check out the #BSidesMCR2017 hashtag on twitter for all the antics that happened during the con.
Security conferences are great opportunities for all. The best advice I'd give to anyone who is aspiring to get into the industry or who is already in the industry is to get along to at least one. They are the BEST way to network and gain contacts.
Paired with talks and workshops, there's also usually a lot of free sponsor swag such as cool gadgets and t-shirts plus all the pens you could ever need to test.