On September 20th, we held the 8th annual Security BSides event in St. John’s, Newfoundland and Labrador. I’ve been involved with the event since the 2nd year, and so have had a great opportunity to watch it grow and change. It’s been a heck of a ride so far, and I’m really looking forward to the future events.
This year, speakers came from across North America, giving us possibly the most impressive schedule we’ve had so far. All the talks were great, and the stand-outs for me personally were Tyler Parrott’s on CSE‘s AssemblyLine malware analysis tool, and Lily Chalupowski’s tutorial on malicious Chrome extensions. We were also very pleased to present all our speakers with a challenge coin, as a token of our appreciation for their contribution to the security community. As with all conferences, there were a couple of hiccups; this year, we even lost power to the hotel midway through a talk! Luckily, lunch was ready and didn’t require electricity.
The other highlight for me this year, was the Capture The Flag (CTF) event. We decided to partner with an organization called Trace Labs, to run an Open Source Intelligence (OSINT)-oriented contest, in which the teams tried to find information on people who have been reported missing. The teams all worked very hard, and the information compiled gets passed along to the appropriate police force. We had the highest number of participants in the CTF yet, and everyone seemed to find it a compelling challenge. Of course, the prizes didn’t hurt either. Books, security tools, laptops, and challenge coins – not bad incentives!
On the broader topic of conferences, Mark Nunnikoven of Trend Micro recently asked a question to the audience of his podcast, Mornings with Mark:
What do you get out of conferences? What’s the number one thing? What’s the number two thing that you like doing at conferences? Is it the hallway track? Is it attending sessions? Is it the keynote? Is it something else entirely?
…there’s a bunch of other things I can contribute to the conference, and I want to maximize that. Is it streaming live from the conference floor? Is it being more active on Twitter? Is it recording a bunch of videos leading up to it? Is it recording interviews on site with various folks who have interesting insights on to topics that are relevant to the audience? What is that key?
First off, I’m gratified to see someone asking these questions. They’re useful to anyone that is involved in organizing a conference, or speaking at one. After all, if the audience isn’t getting what they want or need out of your talk or conference, they’ll stop attending eventually.
I get different things out of BSides St. John’s than I do other conferences. Being a volunteer, I don’t get to give my full attention (or any attention in some cases) to the talks that are going on. What I get is an opportunity to renew connections with people I don’t always get to see regularly. I get to meet people I haven’t before, and find out about them. I get to help people. These things are immensely gratifying.
Being at a conference where I’m not responsible for much (maybe a talk) or anything, I try to do the same as much as possible – meet people, reconnect with old friends and colleagues, and help people. The bonus is, I get to learn new things, whether that’s new processes and techniques, or just a new trick for presenting. I try to attend with as few expectations as possible, to stay open to new opportunities, in whatever form they might take.
If you were able to attend BSides St. John’s this year, I hope you enjoyed it. If you weren’t able to attend, I hope you can make it next year.
See you at the Registration Desk!