So it’s the end of January 2015 and I realized there was still no article about my experience at BSidesLV 2015 for this site. It was my original intent to write the article right after the conference, but life got in the way.
Even though it’s not exactly current news, I still feel the need to write a brief article about my experience at BSidesLV 2015, mainly for those first-timers out there.
And here we go …
Before heading into security summer camp, I took some precautions to ensure my digital safety. Remember, it’s not just the good guys who lurk around these things. If you’re a first-timer, these steps can help you from having a bad time.
Carried Cash: I left my other forms of payments at home. Whether I was donating to the EFF, Hackers For Charity or buying a coffee between sessions, it was with cash.
Phone Minimalism: As a matter of daily habit, I keep Bluetooth and WiFi off anyway, but for the conference I went a step further and kept my phone completely off unless needed. At a minimum, I recommended turning off Bluetooth and Wifi.
Faraday Cage: I kept my goodies in a Faraday cage. After BSidesLV, I ran across a Kickstarter for Silent Pocket and happily supported them. I recommend everyone have some sort of Faraday cage.
Laptop Wipe: I brought a laptop to use (since I was doing a Violent Python class), but I made sure there was nothing on it but the needed items (OS, IDE, etc). Also I was careful when connecting to WiFi (many, many rogue APs were present). Additionally, I wiped the laptop after the conference. I don’t recommend bringing your laptop with all your personal information, family photos, etc on it.
Printed Materials: I printed out maps, session information and other goodies I thought I might need. This kept me from having to use my phone/computer + Internet. As a back up, I made a PDF of all this data and put it on my phone’s storage, my laptop and a thumb drive just in case. A bit much? Maybe.
Initial Expectations & Experience
BsidesLV 2015 was my first infosec conference, so I wasn’t sure what to expect. I had watched many conference videos, so I had some idea, but it was all new to me. Also, I wanted to fit in.
I remember panic setting in as I wasn’t sure if I’d be able to actually get into the conference. I had waited too long to make my decision to attend and all that was left were the first-come-first-served walk-in badges.
Fortunately, I had stayed up late one night and registered for the Violent Python course as soon as class registration opened up. This move granted me a badge!
And it was a good thing too. Even though I still went very early on day one, they ran out of walk-in badges fast and many people were turned away.
Upon gaining entry, I milled around the conference hall looking at vendor stands while waiting for the conference keynote with WendyLady vs ErrataRob to kick off (hacking planes & cars — stunt hacking — was the topic of the day). I remember feeling like I was the only one there who wasn’t working a security job officially (of course that isn’t the case).
I knew not a single person there nor anyone in security. But in some ways, this was a good thing. It allowed me to observe everyone without distraction and to focus on learning. That said, it would be nice to meet others, get into security, etc.
Tracks & Talks
For those that don’t know, the conference has a set of tracks you can follow. Each track has several talks on the main topic. However, you don’t need to follow the tracks completely. I mixed it up. I found that I couldn’t do all of what I wanted due to scheduling conflicts, so choose your talks wisely.
Here’s what I ended up doing:
Underground Wi-Fi Hacking for Web Pentesters w/ Gregg Foss.
Getting the data out using social media w/ Gabriel Butterick, Dakota Nelson and Byron Wasti.
Violent Python training w/ Sam Bowne.
Poppin’ (Digial) Locks w/ Devin Egan.
Privileges in the Real World: Securing Password Management w/ Andrew Dulkin.
Introduction to the Career Track w/ Josh Marpet.
Being the Paid Expert in the Room: Consulting for a Company or On Your Own w/ Beau Woods.
Better Spectrum Monitoring with Software Defined Radio w/ Michael Ossmann.
Wi-Door - Bind/Rev Shells for your Wi-Fi w/ Vivek Ramachandran.
Software-Defined Radio Signal Processing with a $5 Microcontroller w/ Jared Boone.
From there, I spent more time in the career area. I talked to a couple people, including Amazon, about working in security. I really enjoyed this track BSidesLV put on and am glad they are going to do it in 2016. Some of the talks in this track:
Infosec careers, myth vs. reality w/ Heather Pilkington
It’s Not Just Your Answer: Hacking Tech Interviews w/ Adam Brand.
Some things you just can’t find on Google w/ Matt Duren and Brian Sheridan.
Longevity in Infosec - Turning Passion into Expertise & Respect w/ Tony “UV” UcedaVelez.
As you can see, the two days were more than worth my time. If you’ve never been to a conference and are even a little curious, I recommend taking a couple days off and going.
Overall, I was very pleased to have went to BSidesLV 2015. I went in with a lot of questions, such as wondering how does a developer get into infosec, what’s it like and so forth. Thanks mainly to the career track (their first one ever), I got many answers. While I’m still not in security, I do have a great idea on how to transition someday. And more importantly, going to the conference made me feel like I’ve taken my first official steps down that path.
IMHO, I think going to a conference is more than a worthwhile venture. Even if you don’t know anyone or aren’t in security yet (like me), it’s worth it.
Just look at all the good talks/classes I went to over the two days. And more to the point, while I still don’t know anyone personally in the space, I’m planning on attending BSidesLV 2016. I make it a habit to surround myself with people who are doing what I want to do and who surpass my knowledge/ability. That’s how you rise up.
If you’re feeling intimidated at all, don’t be. Just go.
And in case you missed the link, go here for BSidesLV.
If you have any questions about my experience there or just want to connect, LinkedIn or Twitter are best.