Software Development

Security BSides Delaware conference features latest info on infosec

Want to talk security, hang with those who love to hack and learn from industry experts? #BSidesDE is your new jam. Here's a recap of last weekend's event.

BSidesDE organizers Josh Marpet and Janice Paulson present a speaker with a surprise birthday cake. (Photo by Ruth Bryna Cohen)

Nearly 300 people, including IT professionals, hobbyist hackers and members of the public, converged for two days of all things infosec at the Security BSides Delaware conference, held at Wilmington University Nov. 13-14.
The event, part of Delaware Innovation Week, hosted an impressive roster of more than 35 speakers this year. The conference is one of 37 BSides events to be held this year around the country, with many more continuing to pop up worldwide. Chapter founder Janice Paulson saw the need to bring BSides to Delaware while studying network security at WilmU.
“I was going to DEFCON and HOPE, and I found my classmates couldn’t afford to go. So I decided to bring the conference to them,” Paulson said. “It’s expensive to go to conferences, and some people don’t have the means. Learning shouldn’t be limited to people of privilege.”
So she and husband Josh Marpet, of data security consultancy Guarded Risk, organized the first BSidesDE in 2010. The most recent conference was the group’s sixth. Not only does BSidesDE save locals money on travel, it also doesn’t charge any registration fees. Free breakfast and lunch is provided to attendees.
“Were going to make sure it’ll stay free for as long as we can,” Marpet said. “And we’re aiming next year to have more sponsors so we can do that.”
The conference organizers specifically seek out sponsors who are hiring to help connect those attending the conference with jobs, Marpet said. Sponsors this year included Dell Secureworks, Mitre, First Data, MACH37, Guarded Risk, Liticode and SANS, which were on hand to talk to job seekers.

The talks

The conference included a packed schedule of two tracks of speakers on both days. Speakers ranged from a pre-teen computer enthusiast to seasoned pros working in the business over 30 years, and the topics covered the gamut, from breaches affecting the home computer user to security issues facing big business and government.
Cris Thomas, a strategist at Tenable Network Security who has testified to a Senate committee on weak government security, addressed some lightning-rod issues in his talk on the history of infosec.

  • On Edward Snowden: “Love him or hate him, this guy has done more to promote infosec than anyone else in the last few years. It really has set the stage for the cryptowars.”
  • On the Office of Personnel Management hack: “No government agency wants to be the next OPM. The fallout from this will be felt for a number of years.”

Thomas said the now-commonplace practice of “bug bounties” — hackers who charge companies a fee in exchange for letting them know about undiscovered, zero-day vulnerabilities — would have been considered unethical and unthinkable years ago. “It’s been amazing to me to watch this come about,” he said.
Developer Justin Klein Keane spoke about security risks arising from the internet of things. Keane said his mission is to eliminate security mistakes he sees occurring with alarming regularity. IoT sits “above” the cloud, mobile, web and network, and presents a problem because it’s all done over web traffic.
“Insecure web interface, insufficient authentication and insecure network services are at the top of the list of problems,” he said. “I think this is why everyone intrinsically knows IoT is bad for security.”
Dave Vargas, president of Vargas Advanced Technologies Group, discussed strategies for responding to ransomware attacks, when end-users are threatened with destruction of their data unless they pay a fee.
Ransomware had mainly targeted individuals in the past, but has now expanded to businesses and become increasingly sophisticated with high-level cryptography, Vargas said.
Computer scientist Russell Handorf wowed an audience by demonstrating how it was possible — through the use of signal intelligence — to catch a thief who had been breaking into cars in his neighborhood.
Alex Muentz, an attorney and security adviser with Leviathan Security Group, talked about the evolving view of business toward buying information security services, as well as cyberinsurance, which still remains in a nascent stage, and hasn’t quite settled on predictable business models.
“Why do we pay for information security? It’s not profitable,” Muentz said. But with the risk of regulatory fines, lawsuits, contract losses, and reputational and headline risks looming over a company, it’s a necessity, he said. “We spend money on security so that we don’t spend more money.”
For job seekers, recruiter Kathleen Smith of ClearedJobs.net was joined by colleagues Lee Wanless of g2-inc.com and Lamont Price of Tenable in a joint presentation. All emphasized the need to form lasting, ongoing relationships with recruiters, to become self-aware, and to be able to articulate what you want to do — not just what you’ve already done.
In his discussion of open source intelligence (OSINT), Brian Martin, principal at Liticode, pointed out that OSINT is a great entry-level position in infosec. OSINT relies on finding publicly available information for political or commercial ends. “There’s no degree or clearance required for it,” he said. “Red Teams need these people.”
Those interested in strengthening their tech chops had much to choose from at BSidesDE.
Speaker Daniel Rico ran a seminar on WireShark post-incident analysis, Keith Patchulski spoke about physical penetration testing, Jim Gilsinn explained the mechanics of an ICS/SCADA man-in-the-middle attack, and David Rhodes took attendees into hands-on work with Burp Suite’s popular pen testing software. Paul Neslusan spoke about Kill Chain Evolution, and Bryan Bechard led attendees in an incident response simulation game.
If you couldn’t get to BSidesDE this year, many of the talks were filmed, and will be posted to YouTube. You can also find further information on the talks and speakers at bsidesdelaware.com.

The legendary Bernie S came to BSides to sell refurbished computers from Nonprofit Technology Resources.

The legendary Bernie S came to BSides to sell refurbished computers from Nonprofit Technology Resources. (Photo by Ruth Bryna Cohen)

Companies: Tenable Holdings

Before you go...

Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.

3 ways to support our work:
  • Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
  • Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
  • Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
The journalism fund Preferred partners Our services
Engagement

Join our growing Slack community

Join 5,000 tech professionals and entrepreneurs in our community Slack today!

Trending

What actually is the 'creator economy'? Here's why we should care

Skills, not schools: A new path for government tech

Meet Delaware’s winners in the 2024 Technical.ly Awards

Interactive timeline: Delaware’s year in tech, where life sciences, sustainability and broadband dominate

Technically Media