SOURCESeattle Write-Up

Tuesday, September 18, 2012

Robert M. Lee


SOURCESeattle has come and gone and I wanted to take a moment to share some of my experiences and some of the information I took away from the talks. 

It can be difficult to pick out which conferences to attend when they are so many good ones (not all) in the industry but I would recommend SOURCESeattle and here’s why:

I am still fairly young in the industry and most of my perspective in infosec comes from my role as a Cyberspace Operations Officer in the Air Force.  Where most people say “infosec” I say “cyber” and try to speak on the broader domain impacts, cyber deterrence, sharing threat intelligence, education, and the importance of us all working together. 

My view is largely influenced from the military because to me there’s an aspect of human life and national security with cyber that really hits home.  I’m still optimistic about the direction of the domain and the people in it, or as many would say I have not been around long enough. 

And with that optimism I can say that SOURCESeattle was one of those conferences where I really left on a high note; here are a few of the presentations I enjoyed:

The first day I went to a talk on RESTful Services by Ofer Shezaf of Hewlett-Packard.  He spoke on RESTful (Representational State Transfer) web services opposed to SOAP and the various ways you can defend and pentest RESTful.  All the links to the talks at SOURCESeattle will be posted online and if you are interested in web based applications, services, or RESTful it was a good talk to catch.

The next talk two talks were Journey to the cloud by Bryan K. Fite from BT and Why Develops and Vulnerability Researches Should Collaborate by Dr. David Reeves and Karthik Raman of Adobe.  Both of these talks were very interesting but there was a bit more to them than just the talk. 

Bryan, for example, was just an all-around nice guy and I got more out of my conversations with him than even his informative talk.  He spoke with me about his conference DAY-Con in Dayton, Ohio and his project of Packet Wars (I’d suggest checking both out). 

David and Karthik hit on something I thought was vital to any conference and discussion that many of us talk about but few of us master; collaborating.  The security industry in general is one that we must all collaborate to graduate in and their talk really captured this.

Rodrigo Montoro from Trustwave/Spider Labs then spoke on Scoring PDF Structure to Detect Malicious Files.  This was one of my favorite talks not only because Rodrigo was very friendly and helpful but his approach to detecting malicious PDFs was brilliant. 

Where most PDF scanners take thousands of lines of code to pick apart features that may be malicious, he was able to write a program in about 200 lines of code that had something like 98% detection rate and blew most of the high end solutions out of the water.  It was proof that sometimes the simple answer is the correct one and that by understanding your adversaries properly you can really do better defense.

I missed the rest of the talks that day in favor of speaking to the other people at the conference in the lobby.  I spoke with Martin McKeay, who may be a familiar name for his long time blog and podcast on infosec, and a few of the ridiculously awesome Microsoft employees there about what really makes our community such a great one to be part of. 

Although Martin pointed out that most of the community doesn’t fall into this category, it was that people are so helpful and willing to share ideas.  There are so many people who aren’t scared of “losing an advantage” and instead want to educate and make the community as a whole better. 

The end of the day though was wrapped up with another reason why conferences rock, beer.  iSec picked up the tab for everyone at the party that night which allowed for a really great time. (Thanks again!)

The second day started off with my presentation on the Interim Years of Cyberspace.  I half seriously joked with everyone that my approach is almost an Internet hippy approach at heart.  My push was that we are currently in the forming years of doctrine, approaches, technologies, and education that will last throughout the domain as was the case with the period between World War I and World War II for airpower. 

I really stood on my soap box that this isn’t just an infosec domain, or cyberspace domain, or military, etc.  It’s a domain where all of us participate for better or worse from groups like Anonymous, to hacktivists for good like Th3J35t3r, to hackers who want to give back like Johnny Long and Hackers for Charity. 

It’s a time where we all need to work together and really focus on education to make sure that we don’t lose sight of the long term battle.  I drew comparisons and lessons learned from airpower and applied them to cyberspace.

I then attended a talk by Jeff Lowder and Patrick Florer on the Base Rate Fallacy.  I have to admit that this was the talk I was least excited about at first.  Statistics, base rate fallacy, etc. do not really inspire me at first but having met Patrick and Jeff I really wanted to see their talk; and I was pleasantly surprised.  It was such a great discussion and presentation that I will probably watch it online again.  They captured some pitfalls that many in the security industry fall into and discussed applicable ways of moving forward.

Lastly I really enjoyed Stephan Chenette from IOActive’s talk on the Future of Automated Malware Generation.  He spoke of other research done and then discussed his own experiences on how malware creation tends to be a business for many groups and how it is applied. 

He then discussed how manual analysis of malware will only fail and that automated analysis/detection is needed.  He provided some links to other good research and spoke of teaching “the machines” to do analysis for us through the selection of features that are commonly malicious. 

As I mentioned earlier I’m still fairly optimistic about the domain and community moving forward.  Part of being optimistic is still getting excited to meet people I have only read about online, watched YouTube videos of, or follow on Twitter.  Many of these individuals are those that I admire in some way because of their own passion, perspectives, and approaches to the community. 

SOURCESeattle allowed me to interact with many of those individuals I consider peers and allowed me to make a number of new friends in an already small community.  In the end that’s really why many of us go to cons isn’t it? 

Most of us are intelligent people, maybe not myself included, and like to believe that we have a good grasp on what is needed in our work areas or the domain as a whole.  Yet we go back to listen to other people’s perspectives not just because we want to learn from them but because we want to see our peers and friends again. 

In that regard, SOURCESeattle nailed it.

Possibly Related Articles:
Security Training
Information Security
Training Cyber Security Information Security Infosec Education Conferences Collaboration SOURCESeattle
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.