« How to Fix the TSA | Main | You Can't Solve What's Undefined »

How to Run a BSides: Reflections on Ottawa

Step 1: Start with a top-notch planning team.
Step 2: Find an outstanding venue.
Step 3: Find enthusiastic and generous sponsors.
Step 4: Develop a strong slate of speakers.
Step 5: Deliver on its awesomeness.

In the case of #BSidesOttawa, this is now "mission accomplished" thanks to the outstanding efforts of Justin Foster, Peter Hillier, and Andrew Hay (plus a few others whose names I'm remiss in forgetting). As a co-conspirator in #BSidesAustin, I greatly appreciate the amount of effort that goes into planning for a conference. The guys in Ottawa definitely knocked this one out of the park! It's looking favorable that this will trigger a handful of BSides events through the country, which I personally think is outstanding.

This post is a wee bit delayed thanks in large part to workload and the American Thanksgiving holiday. That being said, I think it's high time to cover some of my personal highlights from the inaugural #BSidesOttawa event...

Overall Thoughts

This event was hands-down the best BSides I've attended. The vibe and energy were great, there was lots of conversation and back-n-forth discussion. The peanut gallery was very active during presentations, and the Hallwaycon track (not that there was a hallway) was excellent. In part because of the nature of the venue (a restaurant/bar scene), we had no option but to sit together with or near people we wouldn't know, which inevitably led to lots of good conversation.

And the venue... oh, what a fun place! It was "just a restaurant/bar"... sure... (there were 2 bars, actually)... and it wasn't huge... but it fit us very well, the service was great, the food was great, and the libations were handy and very useful for further lubricating discussions! It'll be very hard, I think, to completely recreate this atmosphere, but I hope they're able to get close next year! :)

Preso Content

Yes, the venue and atmosphere and attitudes of attendees made the event a great success, but the content was also a major part of that success. In fact, without the great content there would likely have been less conversation and debate, which in turn would have stomped on Hallwaycon, among other things. Three cheers and a cookie for the planners and their ability to pick great talks! Here are some of my favs:

* Reprisal of Andrew's "D-List" talk - Andrew Hay delivered his "Life on the D-List" talk, a reprisal from previous BSides events. As always, it was entertaining and hit on some interesting attributes of the psyches of members of the self-described "elite." Incidentally, if you're a fan of the D-List, please join the parody Facebook page! :)

* Kellman's talk "Myths, Mistakes and Outright Lies (when it comes to your computer security)" - Kellman Meghu, Security Engineering Manager for Check Point Canada (@kellman) gave an entertaining talk about some of the lies we tell ourselves about security.

* Speed Debates Panel - Jack Daniel headed-up a speed debates panel that included 3 Yanks and one Canadian. How that happened is anybody's guess. Afterwards we realized that it could easily have been 4 Yanks (ha!). At any rate, this was a fun panel for stirring the pot a bit and getting conversation going a bit more.

* Fuzzing Cows - Karim Nathoo & Mike Sues really know their stuff! They talked about fuzzing at a level that I've never seen before, which was awesome. They walked through several demos of fuzzing activities, which caused some eyes to bulge and brains to explode as people realized just how powerful this testing technique can be.

* Nmap Scripting Engine - Speaking of smart dudes, Ron Bowes (Tenable) is amazing! He talked about making use of the Nmap scripting engine, and then actually wrote demo code on the fly (he'd tested the code before, but he still ended up writing it live). As they say in Boston: wicked smaht!

* "Does Canada need a CERT?" - Adrien de Beaupré led a lively discussion about whether or not Canada needs its own CERT. Should it be reliant on others, like the US? If they were to stand-up a CERT, should it be government-run, or should it be independent like Brian Honan's Irish Reporting and Information Security Service (IRISS), which is Ireland's first CERT. Special attendees dropped in just for this discussion, which led to a great back-n-forth conversation about what the objective of a CERT would/should be, whether one is needed, whether they're even particularly relevant today, and so on.

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/1074

Post a comment

About

This page contains a single entry from the blog posted on November 30, 2010 10:01 AM.

The previous post in this blog was How to Fix the TSA .

The next post in this blog is You Can't Solve What's Undefined .

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.