Earlier this month, security professionals from all over the world flooded to Las Vegas, Nevada, for Black Hat USA and DEF CON. As two of the largest and most respected events in information security, it is no surprise that they are a preferred choice for security experts and product vendors alike, year after year. Those conferences are indeed popular, but it is important to note that they were not the only security events being held in Las Vegas at that time. On Tuesday and Wednesday, August 4th and 5th, BSides Las Vegas (BSidesLV) held its seventh annual iteration at Tuscany Suites.
The fact that this comparatively smaller event continues to draw attendees in the shadows of Black Hat and DEF CON is a testament not only to the continuing appeal of BSidesLV but also the longevity of BSides as an institution in the field of information security. According to its official parent website, BSides first started after a number of presentations were rejected for Black Hat 19. Those talks were denied simply on the basis of time constraints, the site explains, for events like Black Hat and DEF CON generally limit their schedules to eight-hour days. In an effort to make a flexible alternative security conference, the first BSides organizers created a new event that provides more time for speakers, topics, and events to interact with and complement one another. The benefits of such an interactive format have not been lost on security professionals. "It's an environment with a feel of collaboration and cohesion compared to the rather nervy and vaguely defensive 'mines bigger, faster, exploitier, hack-proofier, deadly code skillier' you often see elsewhere," explains Sarah Clarke, an information security blog writer for Infospectives. "The latter feeling is a natural result of an industry trying to shout it's worth while trying to pull itself together into a united whole." Tony Martin-Vegue, host of the Standard Deviant Security podcast, puts it another way. "Anyone who has been to a Security BSides event anywhere around the world knows it is very special and unlike any other hacker or security conference," states Martin-Vegue.
"It’s a natural evolution of hacker groups from the ‘70’s and ‘80’s where a group of like-minded individuals meet up and share knowledge without vendor pitches, egos, or strict rules," said Martin-Vegue.
That is not to say that vendors and corporate forces are absent from BSides events. But they do take on a different role, as Richard De Vere, principal consultant for AntiSocial Engineer Ltd, rightly points out. "Whilst the need for funding is unavoidable, the corporates hang back at this grassroots event. It seems to be a place of simply geeks being geeks." When people with a passion for security come together and are allowed to be themselves, they can do some amazing things. BSides understands this reality and translates it in such a way that benefits the larger security community, such as by encouraging more experienced infosec experts to mentor younger professionals who are just starting out in the field or who are seeking to find their voice as conference presenters. Cheryl Biswas, InfoSec I.T. Coordinator and Senior Writer at JIG Technologies, remembers her time as a mentee at a BSides event with fondness. "My first experience with BSidesLV was truly rewarding, both as a speaker in their Proving Grounds track and as a volunteer," recalls Biswas. "Proving Grounds mentors inexperienced or first-time speakers with someone seasoned who knows the ropes. My mentor was fun to work with, supportive, and steered me clear of pitfalls as we worked on my presentation. When I stepped up to the podium, I was more excited than nervous to give the talk I had always wanted to deliver. I watched other new speakers deliver their talks with confidence and skill, setting them on course to go on and do more in the field." Additionally, as each BSides event is smaller and cheaper to organize than an iteration of Black Hat or DEF CON, conferences under the BSides umbrella can be held all over the world at numerous times throughout the year, thereby exposing more and more people to the world of security networking. "BSides has meant an entry into the world of security conferences for many people and places," explains Martijn Grooten, editor of Virus Bulletin. "As a concept, it has provided opportunity to speak on the side of big conferences for many people who might not have felt ready for 'the big thing.' The concept has also made it easy for people to organise security conferences in places that hadn’t yet been served by the global circus of conferences." Such exposure naturally translates into security professionals finding new ways and new opportunities to engage the community to which they belong. Benjamin Watson, mobile application security practice lead at GuidePoint Security, couldn't agree more with this statement. "Obviously the BSides events across the world may not boast the same attendance numbers such as DEF CON or Black Hat, but they have a homegrown appeal and provide a level of hacker intimacy where those noob to leet can come to learn and grow without the glitz and glamour," explains Watson. "I think BSides is a great introduction into the different facets and people of the information security community." With access to further reaches of the security community, new ideas and research are never far behind. "The folks who attend these conferences tend to be geared towards learning something new," reflects Irfahn Khimji, senior information security engineer at Tripwire. "As a result, they always ask great questions." J Wolfgang Goerlich, strategist with CBI and an organizer of BSides Detroit, shares Irfahn's thoughts on BSides' learning potential: "The movement has become a staple of the security industry. It has made it easier than ever for the local communities to come together, share and commiserate, and learn what is working and what is coming next. BSides also provides a platform for new speakers and new content, filling a vital role in developing talent." Mentorships, new people, and new ideas--that is just some of what BSides has to offer. In summarizing her thoughts on the field of information security, Cheryl Biswas offers the following: "Security grows when those within the community probe and question beyond the obvious, pushing us toward the next 'big' thing, so that when it happens, we were already looking for it." As security professionals, it is important for us to stay on top of hot issues in the field, such as car hacking and zero-day vulnerabilities. However, as people with a passion for security, we must go beyond these constraints and dream of the world tomorrow that will need our protection. Fortunately, BSides offers us this innovative space where we as a security community can learn, exchange, and grow. Together. Title image courtesy of ShutterStock