I’m so filled with excitement right now. Today marks the first time I have attended a virtual industry conference and I must say it’s bittersweet. On one end, I always find myself increasingly nervous when I attend these events in person, mainly because I find it difficult to connect with people on a personal level. Anxiety kicks in and I completely shut down. On the other end, it shows the world that the InfoSec Community knows how to adapt to adversity.
See this event was supposed to take place last month but was promptly rescheduled due to the world wide pandemic that is COVID-19. Since it is nearly impossible to escape the risk, the event coordinators at Bsides San Antonio felt (and rightfully so), that the show must go on but in a safe manner.
I can’t imagine how expeditiously they must have worked to get this thing rescheduled a month later in virtual mode, but they must have had a killer business continuity plan in place. Jokes aside, I am really grateful for the opportunity to attend and learn from the industry experts.
So how did it go?
The day started out amazing. Overzealous with excitement, I logged in a whole hour early to the main client, GoTo Web. Was a bit worried at first as when I clicked the link, the timer itself wasn’t moving as we were ticking closer to the event. I think I wore out my F5 (refresh key) like no tomorrow. Poor Keyboard.
As 9AM rolled around, I noticed that the web client wasn’t doing anything for Track 4; other than tell me that the webinar was about to start. I had to be doing something right, it was now 9:05 AM. I opened another tab and went to the Twitter account of BsidesSATX to see if there were any updates. Nothing of substance for me.
As I was about to draft a 3-line tweet to the handle, I had an epiphany; perhaps I should check my email and see if there is another link that would take me into my registered event. Yeah, I probably should have started there to begin with.
Not only was there a link that worked on the first try, they also had the information to a Discord chat, which I will hit on in a bit. Obviously and maybe not so surprising to me, they had their stuff together and I did not.
For the sake of the brevity of this post, I’m not going to go into each talk individually as I planned to do separate posts going into the depths of what I have learned. What I will say is that each of the 8 talks I attended, reaffirmed my commitment to shifting my professional focus to information security.
My strategic approach was to attend talks that focused solely or moderately on Incident Response or Forensics. What I got was that and more. My first talk was “Automating Disk and Memory Evidence Collection in AWS” which focused on evidence gathering where I learned some best practices related to log collections, acquisition tools like CloudWatch and Margarita Shotgun and how much time is too much time to gather information from automated tools.
Another notable talk was “The World’s Prettiest (fake) Cyber Warfare Ops Center – and How I Built It” which was given by a 15-year old local student. I wasn’t sure what was more impressive, him having both his Net+ and Sec+ certifications at his age or the fact that he helped build a command center display for the San Antonio Museum of Science and Technology (SAMSAT).
And there was so much more. Cannot wait to finish each of the posts and share them. Each of the events were easy to get into and all of the presenters had an aura of confidence and were welcoming in their responses to the audience’s questions including my own. As I stated previously, the integration of Discord has helped tremendously with interactions during and after each talk.
One of the natural attractions to an industry is the ability to network with others in the profession. Naturally this becomes a huge hurdle when it comes to an all virtual event but I must say Bsides showed out.
Their incorporation of Discord, a popular gaming communication platform was nothing short of amazing. They organized the channels by categories. Tracks had 4 channels and were specifically reserved for active talks. For those that don’t know, Tracks are categorized talks. For instance, all talks that were in Track 1 were denoted as “In The Beginning.” This is typically reserved for entry level talks whereas Track 4, “In The Weeds” were more focused or advanced talks.
When the talks were over, the presenter would transition their responses from their active channel to what Bsides calls Breakout sessions, which were basically reserved for Q&A after the presentation was over. This was smart as, you allow the conversation to continue without interrupting the next presenter.
You also had tracks for Capture the Flag events, Sponsors, Workshops and community talks.
Considering this was all virtual, this event felt very much like you were actually there.
The last thing I would touch on which may be important to many is the streaming service. They opted to use Go To Web which is a co-brand of LogMeIn. Fitting choice considering the industry, I must say. For the most part, there were no connection issues I experienced and the functionality between presenter and administrator seemed seamless. There were a few attendees that expressed issues with hearing the audio but not seeing the slides but I didn’t experience that myself. They seemed to either be accessing the application using either a thin client or Chromium (a browser used by Linux users).
Having gone through this experience, I can safely say I would recommend any organization needing to put on a virtual conference to follow the formula Bsides did. The reality of the situation is that COVID isn’t going anywhere anytime soon, so we must adapt and utilize the resources we do have to maximize our capabilities and accessibility. I’m glad that Bsides is leading that charge.
Next week I will start posting what I have learned specifically from the events that I attended. If you went to the event, please leave a comment below on your experiences. Would love to hear from you.
For over 20 years, I have had the distinct opportunity to work in the Information Technology space under a variety of distinct roles.
My unique position has helped me become a risk management Maven for Fortune 500 and Small Business Companies around the world. For the last 12 years, I have assisted Small Business Owners and Insurance Agency understand the impacts of Cyber Incident exposures and what steps to take to help mitigate potential data breaches.
My desire to expand my reach related to cyber security has led me to establish the Sage Knows IT blog as a way to help Small Business Owners and aspiring Information Technology (I.T.) Professionals better understand the road-maps of I.T. through the experiences I have had.
Information Technology and Information Security is the future of our world and I hope this blog will inspire those that are interested in joining our ever involving field.