Well the dust has finally begun to settle after another whirlwind week of activity around the RSA Conference. As in years past, my favorite track turned out to be the hallway track, although admittedly I didn’t get to see many of the talks and avoided the show floor most of the time.
One program I was able to not only join but also participate in was e10+ put on by the Securosis team. This is the second time I’ve been and really like the format. Rather than having someone talk at you followed by a short Q&A, it tends to be a more participatory format where all attendees are engaged and contributed throughout. If you’ve been in Security for a while (at least 10 years) I’d definitely recommend it. I enjoyed our panel discussion about the grass being greener and browner running infosec for both small companies and large enterprises.
On Monday afternoon I gave an updated talk on the Security Mendoza line at BSidesSF. Not realizing all the drama that was about to follow my talk, I obliviously enjoyed the conference and hanging out with everyone. I also caught talks by Andrew Hay on cloud forensics and Brett Hardin talking about penetration testing (and why it sucks). I was a bit worried about timing given the handcuff competition running a bit over but was pleasantly surprised at the engaged Q&A following the talk. Clearly a lot of smart people in the room thinking about this problem. I believe BSidesSF will be posting the talks online and some follow up interviews will also be made available via BrightTalk. I’ll update this post once available but I’m also embedding my slides below.
Outside of the many meetings, events, and parties, the week was wrapped up by Metricon. Having attended several in the past I was bummed I wasn’t able to make this one, although admittedly I was spent by Friday. Fortunately our own Michael Roytman attended and took great notes! Metricon was a different format this year including workshops like groups and lightning talks. Michael wrote up a blog post recently on using game theory to solve infosec problems. Within the post he references a paper that does a good job displaying why network topology isn’t nearly as important as you think when prioritizing vulnerability remediation. If you’re relying on firewalls and ACLs as your mitigating controls you might want to take a close look at the referenced research.
Overall we had a very good conference, if for nothing else a red hot hallway track. That said, I’m looking forward to a little conference respite before Thotcon and BSides Chicago.