Security Conference, for the Second Time

This weekend, 26-27 October, I had the distinct pleasure to attend BSides DC in downtown Washington DC at the Renaissance Hotel. This was my second foray into security conferences. The first was Shmoocon earlier this year. While Shmoo was certainly bigger and a bit more… robust I guess, BSides DC was a whole lot of fun with some interesting and insightful talks. It was also super kid-friendly. My 6-year-old has now attended her first security conference spending our Saturday in the CryptKids village. I also got my first chance to volunteer and “give back” to the community. Between CryptKids Saturday and volunteering most of Sunday there were certainly some aspects of the con that I didn’t get to experience. Specifically, I didn’t do much more than glance into the rooms at the lockpick village, the IoT village (was there a CTF associated with IoT in there?), or the wireless CTF. I did however get a few seconds to talk to someone competing in the wireless CTF about his gear as he was searching for someone transmitting on 88.9MHz. So, if I have a shiny new [HackRF One] (https://greatscottgadgets.com/hackrf/one/) and [PortaPack] (https://1bitsquared.com/products/portapack) in the future, it will be apparent why…

Vendors

Quickly on vendors - as I near the end of my time in the military (not too near, about 3 years to go!) I feel a little more comfortable talking to vendors looking to hire. I took a few minutes with Red Canary, FireEye, Palantir, CyberSecJobs/ClearedJobs, and another DC local infosec company whose name escapes me at the moment. All were great and engaging and offered valuable snippets of advice. The FireEye rep offered to send me a pretty comprehensive and curated list of resources while the CyberSecJobs folks were doing résumé reviews. Though they paid to be there, the majority of the vendors seemed to be community members who happened to have a table set-up. It was rather refreshing.

CryptKids, the Best Part of the Con

I wasn’t going to bring my daughter(s) to CryptKids. I didn’t even consider it an option until after the tickets were already sold out. So, I just resigned myself to attending by myself taking in as much information as I could. Then, on Friday night - technically after the con began but mere hours before I was going to hop on the metro and head north - I saw someone tweet about not being able to make it. They had a CryptKids ticket for sale. Alright, let’s give it a shot. Twenty dollars and a little snack-packing later, Rosie-the-first-grader and I were on our way.

We got through registration just in time to make the CryptKids Keynote. Aside, BaconCon next to the reg line was genius. That was my first peanut butter, banana, bacon sandwich and it was glorious. On to the keynote. It was endearing sitting in a mostly full hotel conference room filled with kids ranging from a worn-baby to teens along with their parents. Samantha Mosley was the speaker kicking of the kids’ portion of BSides DC, and what a perfect choice for speaker she was. Fighting through a cold Samantha delivered an inspirational combination of preview and encouragement. With her accomplishments, her activism, and her encouragement she was a great role model for the kids in the audience. My daughter, as one data-point, was wide-eyed and engaged the entire time.

Moving to the CryptKids conference room we were marked. For safety, volunteers stamped us with UV visible ink with matching, but unique to we two, stamps. Those stamps were checked whenever we entered or departed the conference room. No one was leaving with my kid, and she wasn’t leaving without me. Well done on safety BSides DC organizers!

We headed straight to the destruction village. There is just something about seeing a pack of kids dismantling electronics. I wasn’t just wanton smashing though. The volunteers explained the challenge, that the kids should be looking to separate specific components, and if they get them all they’ll get a prize. Rosie did not end up getting the prize as we couldn’t find a ribbon cable, an integrated chip, a diode, a transistor, an LED, and a heatsink. Well, we could have but attention span won out. In another nod to safety, volunteers were collecting HDDs as they were removed to later destroy, just in case someone left something sensitive on their discarded desktop computer. Interestingly, another volunteer was also collecting RAM, though via overheard conversations I think he just wanted it for himself.

We made our rounds with Rosie hitting the KANO Raspberry Pi kit (Christmas gift idea!); the kids CTF which was geared toward older kids; lockpicking; snap circuits; and the kids’ wireless CTF. The wireless CTF was especially interesting. Rosie sought a hidden transmitting hotspot with a handheld Raspberry Pi and WiFi dongle running a signal power monitor. It was like a little ham radio fox hunt with a radius of about 20 meters. Just as cool, older kids were running it and they took Rosie under their wing. It was really great to watch. The only “event” that we didn’t hit was the OSINT station. As hard as I tried to convince her it was clean, I couldn’t convince Rosie to dig through trash in search of information.

Rosie’s first security conference could be the first step into a lifelong love of tech, computers, and hacking or it could be a cool thing we did on a Saturday in October. Either way I’m content and very grateful to the organizers of BSides DC, especially CryptKids.

Volunteering and Talks

Sunday brought volunteer time. I am so glad that I got a room at the Renaissance. It was pouring down rain, half of DC’s streets were closed for the Marine Corps marathon, and I had to be there at 6:30AM. Yeah, a hotel room was an excellent choice. I was early, as I am to everything…to a fault… and started helping with registration set-up. Eventually I made it into the staff room for roll call and a small taste of the world’s strongest cold-brew made by the volunteer organizer githur. I linked up with a fellow A/V volunteer (who had worked A/V the day prior) and learned a bit about what I would be doing. The main function was ensuring the stream was started and stopped appropriately. Well, turns out that they centralized that for day-2 and all I did was give the microphone to the speaker-wrangler to give to the speaker. Perhaps I’m being a bit cynical, but that room could have EASILY been run by one person but we had 3. Oh well, too many is better than too few I suppose.

I am really glad I chose the role that I did. Unlike the roamers and stationary folks, I was stationed inside one of the tracks. So, while I couldn’t pick and choose which talks I attended, at least I got to take in some talks. Of the four talks I attended in track 3, I especially enjoyed “Overcoming Workforce Retention and Recruitment Challenges in the Cybersecurity Community” by Kathleen Smith of CyberSecJobs and “What We Do in the Shadows: “Going Dark” With Consumer Electronics” by Tim Kusajtys (though I suspect that that is a fake name). Kathleen addressed the dissonance between the existence of a talent shortage and talented people who cannot find work. We hear the statistics all the time, “there are 2.8 million infosec job openings right now.” Why are they not being filled with the very capable people I see on twitter all the time who are looking for work? Kathleen went into a lot of detail backed by data and experience. I think her most relevant answer, though, was that recruiters should seek to be part of the community first, instead of just trying to poach from it. Tim’s talk was simply entertaining. He’s a privacy aficionado and advocate who explained what your options are to keep corporate noses out of your business in this day and age when you NEED a phone, computer, credit card, and email address to function as a human. I, for one, am inspired to try to roll my own…well… everything. This conference…. If nothing else it bolsters the economy by making me want to spend all my money.

That’s it for my BSides DC experience. I really enjoyed both days, went outside my comfort zone and met a dozen or so cool people, got to be a part of something bigger in this community in some small way. I won’t be in the DC area when BSides DC comes around again. Hopefully I’ll be relatively close because the family-friendly culture and great tech environment make we want to come back again next year.