Akamai Diversity
Home > Web Security > A Preview of #BSidesSF

A Preview of #BSidesSF

For those planning the trip to San Francisco next month for RSA Conference and BSidesSF, there's a lot of good talks to choose from. Here's a look at the BSidesSF agenda. I apologize in advance to those I missed. These are the items that piqued my interest at first glance. 

One of the truly cool things about the event this year is that there's no formal registration process. All you have to do is show up. Organizers say it's first come, first serve. But having been to the DNALounge, I'm confident everyone will fit.

Now, about those talks:
At 11 a.m. Sunday, Feb. 23, Misha Govshteyn, founder and chief strategy officer of Alert Logic, will give a talk about Auto-Scaling Web Application Security in the Cloud.  
At 3 p.m. Sunday, Feb. 23, Jack Daniel, Wendy Nather and Javvad Malik will give a talk on "How (not) to talk to an analyst." I know all three and they are often called on for analysis (the latter two ARE analysts, after all). Hearing about their pain points should prove valuable and more than a little entertaining. Jack is technical product manager for Tenable Network Security and a longtime volunteer and activist in the security community. Wendy and Javvad are with 451 Research.
The next day, at 10 a.m., former Black Hat GM Trey Ford will deliver a talk. Ford, recently named global security strategist for Rapid7, breathed new life into Black Hat and will do the same for Rapid7. His topic is still to be determined, but anything the man says will be worth hearing.
Old friend and Microsoft security notable Adam Shostack will give a talk about threat modeling Monday, Feb. 24 at 3 p.m. I've learned much from his books and blogging over the years, so my expectations are high.
 
See the full agenda here.
BSidesSF01.jpg

1 Comment

Adam's work on threat modelling has produced one of the coolest little infosec tchotchkes ever made - the "Elevation of Privilege" card game. If you haven't got one, swing by the Microsoft booth at RSA this year, they usually have a few boxes worth of them. They're a great tool to engage developer's interest with in taking on a formal SDLC process, by first making a game of it all. A brilliant awareness tool, that needs to be taken as an idea to run with in other areas of user/staff engagement.

Leave a comment