The third annual BayThreat conference was held this past weekend (Dec 7th and Dec 8th) in Sunnyvale, CA. Ryan Huber and myself from Risk I/O attended the event. BayThreat is a security conference that has a great community feel. This year’s event outgrew its previous location, and was held at the festive Firehouse Brewery in the historic section of Sunnyvale.
Baythreat’s 2012 theme brought two sides of hackerdom together: Attackers vs Defenders. The two speaking tracks “Breaking Security” and “Building Security” did an excellent job showcasing the different techniques for hacking into a system and the best practices for
defending an IT infrastructure. There were many thought provoking speakers who gave insightful talks.
On a side note, the show organizers were very sensitive to picture taking. I brought a Canon DSLR to take a few snapshots for this blogpost. After the third picture, I was asked to stop taking pictures and delete the images I had taken. Apparently the session I attended had a no-picture/ no-record policy.
One of the standout talks that Ryan and I attended was Jay Jacobs from Verizon. In the lecture entitled “InfoSec Dataviz,” Jay discussed how the human brain can better understand threat data and statistical analysis through graphical representation. As an example, Jay presented a recorded video of a system being port scanned over a 30-day period. It was clear from watching the video that most attackers approach systems for windows of opportunity looking for known ports that may be open with known vulnerabilities. Interestingly, during the 30-day period, only one would-be attacker scanned every port on the system sequentially. Fascinating.
BayThreat was a great show, and I’m glad Risk I/O was able to sponsor the event and help support the security community in the San Francisco Bay area. We are looking forward to being involved again in 2013.