People say that Philadelphia has an inferiority complex. They say that that we feel overlooked being located between New York and Washington, D.C. Until earlier this month, as far Security BSides was concerned, that was pretty much true. Great BSides groups are easy driving distance from Philadelphia, but we had nothing in our own backyard. Why not us?
The call to rectify this situation was answered by three Philly-area InfoSec guys over breakfast together at DerbyCon 5.0 in 2015. Brad Bowers, Ryan Knox, and David Parillo kicked off the planning to finally bring a Security BSides to Philadelphia. The inaugural event was held December 2nd and 3rd on the campus of Drexel University.
Over 200 attendees and almost 30 presenters brought the con to life with engaging and informative talks on a wide variety of InfoSec topics. Some of the most popular sessions were “Attacker’s Perspective: A Technical Demonstration of an Email Phishing Attack” by Zac Davis, “I’m Cuckoo for Malware: Cuckoo Sandbox and Dynamic Malware Analysis” by Lane Huff, and “Remote Attacks Against IoT” by Alex Balan. All of the talks were recorded and can be viewed here.
Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania, gave a keynote presentation entitled, “Cryptography and Failure.” It was a discussion about what hackers have learned and where hackers have missed the mark.Here’s what he had to say about his talk:
“Security is probably worse now than it ever was. Somehow, we’ve managed to get good at security and good at failing at the same time”
According to the keynote speaker, failures often lie in algorithms and protocols, engineering and implementation, as well as in systems and applications. “We are in a national cybersecurity crisis,” Professor Blaze said, “Our ability to secure systems seems to be outpaced by our ability to build weak systems. We take one step forward, and two steps back”
His full talk can be viewed here.
It wouldn’t be a true Philadelphia event without some Philly-style sense of humor and irreverence. The official con logo was of Benjamin Franklin allegedly causing the demise of hitchBOT, the hitchhiking automaton whose journey ended abruptly here in the city in the summer of 2015. The secondary logo paid tribute to the great tradition of Philadelphia Phillies baseball sluggers and portrayed Ben Franklin swinging for the fences and the iconic Liberty Bell.
The vendor hall was filled with great conversation and was abuzz with activity for the entire two days. Drones flew around the room while hackers played a CTF and people worked at The Hacktory soldering station. There was lots of breakout space for conversations, and the con attendees were engaged for the entire two-day conference.
Over $1,000 was raised for the non-profit group Hackers for Charity through auctions of conference swag and books from No Starch Press. The BSidesPhilly organizers are grateful for the generosity of the attendees.
BSidesPhilly wouldn’t have been possible without the support of the sponsors. The attendees were enthusiastic and happy to finally have a local Security BSides event to call their own. The con organizers and volunteers are already thinking ahead to 2017 and how to grow and improve from this first time. BSidesPhilly hopes to become a true community organization by welcoming all and being a resource for the InfoSec students and professionals of the greater Philadelphia region.
About the Author: Tracy Z. Maleeff (@InfoSecSherpa on Twitter) is an independent information professional providing research and social media consulting, with a focus on information security. She is a frequent presenter about best practices of data mining from social media, professional networking, and introduction to information security topics. Tracy has 15 years of experience as a librarian/researcher in academia, corporate, and law firm industries and earned a Master of Library and Information Science from the University of Pittsburgh. She is the Principal of Sherpa Intelligence LLC – your guide up a mountain of information.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.