B-Side Security SF

I went to day one of the 2015 B-Side Security SF conference. I was expecting a small local conference but it was a pretty good sized event with a lot of people there. The focus was on the talks and networking, no vendors hawking their security wares. I went with a coworker from Twilio and enjoyed the event. It was a two day event but I wasn't able to go to day two on Monday.

Talks

I saw three talks on Sunday. The first was put on by OSi Soft about using the cloud to host critical infrastructure. Since my company is all about the cloud I sat through it. What they mean by "Critical Infrastructure" is things like public service such as the power grid and 911 Phone Operators. The format of the talk was pretty good, the two presenters took turns presenting arguments against using the cloud to host these things and then the other presenter countered the arguments. The style of mock-debate was pretty good, but the arguments that they used felt superficial. Their reasoning was pretty high level and I think everyone there was hoping for more specific, technical arguments. Overall, not a worthwhile talk.

The next talk was the best, put on by Lisa Lorenzin. She didn't represent a company, just herself, and the talk was about her personal actions and research into not being caught up in government surveillance. Lots of emotion and very practical advice on keeping your data to yourself. She also discussed much of the political fallout that came about by Edward Snowden.

The last talk was given by a research at OpenDSN. He gave a talk about how the number of DNS requests a host makes can be used to help determine if the machine has been compromised. The talk started off pretty interesting, but the presenter went very deep into the math behind his work and I could not follow along. I got the basic idea, that statistical analysis can be used to flag machines as possibly being compromised, and that a lot of work goes into avoiding false positives, but the details were way over my head. The talk was mostly on the math. I would have liked a less technical discussion.

Workshop

The highlight of the day was after lunch, Sam Bowne put on a workshop based on the "Violent Python" book. Even as a newbie to python I found the class very helpful. He has the class material posted on his site and I plan on going through a few more pages of work when I get a chance.

Sam also gave a few informal talks and told some stories of his times searching the web for exploits and also finding machines that had been compromised by others. He had some very interesting experiences to share and if you see Sam Bowne on a talk at a security con I highly recommend him!

Conclusion

The day was very enjoyable and I was impressed by what B-Side put on. Big thanks to the sponsors and others who made the con possible. I plan to go next time it is in town.