Blackhat, BSidesLV and DefCon Oh My... 2012 Edition

Wednesday, August 01, 2012

Boris Sverdlik


And just like that Security Summer Camp has come to another end.. We do it every year, a week of Friends, Talks and debauchery among the security industry which can often times outdo a college frat party.  

This year was somewhat different for me than in years before in that I had actually managed to get to BlackHat and remember why I have come to loathe the conference more and more than in the past.

I remember when BlackHat meant that it was time to see things that we would only hear about on IRC and other non conventional means. Sadly, this is no more. As others have pointed out BlackHat is now the new RSA. It represented RSA as much as any other corporate sponsored conference.  

Vendors were set up with their RFID scanners ready to stalk you post conference with all their wonderful spam... Good thing for me a certain colleague had allowed me to scan his card with my phone, and even better yet I was able to replay it for all... Thanks Martin ;)

There were some interesting talks, but nothing like it used to be.  The main problem to me anyway was the ambience of vendors and the proliferation of FUD that we as an industry have been subjected to more and more in recent times. Hallway con was where it was at for the majority of the conference. I had bounced between the Galleria and the SeaHorse for the majority of the event and as usual had nothing but interesting conversation with old friends as well as new ones.

The upside for being in Vegas for BlackHat is that BSidesLV runs concurrently... BSidesLV and BSides in general always tend to be much better events. The attendees are rarely the industry vendor mouthpiece types and this alone makes the conference enjoyable. I had attended more talks at BSides than I have at other conferences combined this year.  

Johnny Cocaine's open discussion forum on ethics was probably the most enjoyable to date.  The room had almost cleared when he had said that this was going to be a discussion as opposed to a talk. The people who stayed got to enjoy a great roundtable type of debate.  Obviously it being in the underground track precludes me from discussing the details, but I can say I hope we see more of these types of talks. I even got to do a last minute lightening talk on my upcoming presentation which I thought went fairly well..

The venue for BSidesLV is small and as such can feel cramped, but @banasidhe worked her magic once again keeping everything in check... I personally really enjoyed it and would take it over BlackHat any time..

Next up DefCon, well what can I say about DefCon that hasn't been said already? Well, let me think... oh yeah... You kinda suck!

First off WTF is up with wireless village being set up in a closet? Really?? I remember when all of us sat around conference tables tinkering with WEP cracking and the likes. With all of the wireless technologies now being researched are we seriously supposed to be able to converse in such a small room? It was smelly and overall pretty bad experience. The SecCTF and other contest rooms had literally 10x the size. Why were we limited? Ok Rant off for now...

Overall it wasn't a bad year for DefCon, some really good talks combined with some really shitty ones. Hallway Con Once again takes over for most of the event. I did go to see a bunch of sky talks as well as some others. Dave Kennedy and friends tore the roof off their presentation with Bananas and a video with hundreds of shells popping up thanks to their SCCM hack.  

Some other notable talks were around JavaScript bots which was hilarious from what I had heard. Overall, I would of went to more talks if the lines weren't atrocious.  I guess with 15K people, you should expect not to get in to see the talks you want to.

I was also at the last minute asked to wear a mankini during the Comedy Jam/Fail Panel for Charity. While I would rather not post any pictures, I do have to say it was great to be on the panel with such an interesting bunch of characters.

@rmogul kicked ass with his TSA talk, Larry Pesce talk on fail was just perfect... It was a blast serving waffles to the hungry masses with McKeay and Jack Daniel.  I hate to admit it but @myrcurial had almost made me cry on stage when he was talking about how many people are/have been affected by cancer.  I'm so happy knowing that @Wendy451 @gattaca's wife and others have beat their battles and not looking forward to my own...  I'm so proud of our communities persistence in supporting the causes that plague us all. THANK YOU!

The Elitism that everyone has talked about is apparent, but it's apparent in all circles not just ours. As some had said no one wants to flip the bill for 15K people, so there might be some parties you just might not get into. However it's not always about the parties... It's about meeting people, learning new things and hanging out with old friends.

If it wasn't for our podcast, I wouldn't of gotten a ninja networks invite despite all of our contributions to the industry. It is a friends and family thing and there isn't anything wrong with that. You want in, then as Timay (303) and @jericho had said during their talk on the CISSP. You need to be Bad Ass at what you do and you will get noticed.  Get out of your shell and start meeting people and engaging conversations.

It's not just about getting in to the parties it's also about mingling once you are there. Keep networking and your invites will come.  To be honest almost every party that I had attended, I ended up just chatting with friends. The best talks I had all weekend were in the smoking area by registration and not in any party where the music is way to loud to hear yourself think.

Finally, I'd like to thank my followers for posting these all over the ATMs at the RIO... It brought me nothing but laughs...


Possibly Related Articles:
Security Training
Information Security
Training Information Security Infosec FUD vendors Black Hat Conference DEFCON Presentation BSidesLV
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.