Friday, April 27, 2012

Guest Post - Adam Maxwell - "Popping my cherry - B-Sides London 2012"

[Today our guest post is by Adam Maxwell (@catalyst256). He registered for his first security conference, BSides London, and then decided to take it one step further and signed up to be a volunteer. This is a great example of how to make the most of a conference experience. 
This post originally published on Adam's personal blog, The IT Geek Chronicles.]
On April the 25th 2012 a group of crack InfoSec professionals, enthusiasts, hobbyist and newbies (that's me by the way), descended on the Barbican Centre in London for the security event of the year (in my opinion).
That's right; B-Sides London 2012 had arrived.
Most of you probably already know what the B-Sides events are all about, so I won't bore you with going over that, If you don't then you go find the main website here; http://www.securitybsides.com or the B-Sides London website is here; http://www.securitybsides.org.uk/.
This was going to be my first B-Sides event and as I was reading the website to find out as much as possible before the event, there were two comments on the front page that really stood out for me.
The first was this "built by the community for the community", I'm still trying to find my way in InfoSec, but what makes it easier (and more fun) is the people that have the passion, drive, commitment and wiliness to share their knowledge with people like me. Without community events like B-Sides (and there is others) trying to navigate your way around the world of InfoSec would be a lot harder.
The second comment was "So make BSidesLondon whatever you want it to be", for me this was really important I didn't want to attend an event and be anonymous. I have a tendency in new environments to be a little bit shy and I wanted to make the most of the day, meet new people and try to become part of the community rather than a lurker in the corner.
So with less than a week to the event, I volunteered to help out on the day, yes that's right I was now on the crew roster for B-Sides London 2012. Due to work commitments I wasn't able to get to the Barbican early to help out with setting up, but I would just like to say at this point a HUGE thank you to Iggy (@geekchickuk) and the rest of the B-Sides London crew for getting everything ready for the day and in fact for all their work during the day.
Working as crew on the day for me was awesome; I met a lot of new people and had a lot of fun. What did I do on the day?, well if you bought raffle tickets between 10:00 - 12:00 from the table in the corner next to the guys from SANS that was me (sorry about making you write out your own tickets), and in the afternoon (from about 14:30) I was on the swag desk. I may or may not have also been involved in the nerf rocket war between the B-Sides crew and the guys from MWR InfoSecurity.
In the end I only attended one talk which was by Robin Wood on "Breaking in to Security" (check out the B-Sides London website because a lot of the talks were videoed and will be available to watch), but for the me day was still a success. Would I help out again next year? Hell yeah, if fact I've already told Iggy I will, but next year I'm going to do a talk on Track 3 (that's the turn up and talk about something track), I have no idea what about yet, but I've got a year to work that out.
See you all next year...
Adam

Thursday, April 5, 2012

Root the Box - April 7th, 2012 - Chandler, AZ

Today I talked with Zachary Julian, a student at the University of Advancing Technology, about a competition called Root the Box in Chandler, AZ this weekend, April 7th. Root the Box is a computer hacking (CTF) game that requires skill, speed and team work. Each team must scan and exploit systems on the attack network. If a team successfully obtains remote code execution they can upload a reporting service, which awards them points over time.

Check it out at rootthebox.com or on their FB page. There is still time to register for this weekend's event. Root the Box is put on once a semester.

-Who are you?
My name is Zach Julian, and I’m currently attending the University
of Advancing Technology for my Bachelors in Network Security. I
am also on the Root the Box organizing committee, where I serve
as the security officer for the competition. I have loved
computers for many years, and consider myself fortunate to have
found a good community of hackers here in Phoenix, Arizona.

-What's it like as an infosec student at University of Advancing Technology?
It’s a unique experience- Network Security is undoubtedly the best
program UAT has to offer. We have a pretty tight-knit group of
people within our major, which includes a wide range of skill
levels and specialities. If you’re serious about learning
security, UAT is definitely the place to come. Coming to UAT,
I’ve found the class material to be challenging and useful, my
peers extremely bright, and the opportunities to network
constant. I’m always inspired to attain higher levels of
hacker-fu.

-How did you get involved with Root the Box?
So far, I have competed in two Root the Box competitions. After
that, I felt it would be a worthwhile experience to help the
competition in some way. Since my current job consists of
Intrusion Detection analysis, I volunteered to set up and
monitor a Snort box during the competition. This is to ensure
that the participants stay within scope during their attacks. ;)

-How long has Root the Box been happening?
This will be Root the Box number 8. During that time, we’ve improved
on everything from the hacking challenges to the scoring engine.
After several years, the competition has matured quite a bit.

-What skills do you hope students get out of participating?
Each Root the Box is an excellent opportunity to refine and expand
your skills a little bit more. Hacking is the same as any skill
- reading and thinking about it will give you some knowledge,
but there’s no replacement for actual experience. That is why we
so strongly encourage people interested in security, at all
levels, to participate in Root the Box.
Newcomers to hacking will benefit the most - Root the Box features
challenges that draw from all types of digital security, from
reverse engineering to web applications. If security or
penetration testing is your intended career path, Root the Box
will show you what to expect and where to focus your learning.

-How can people get involved?
Come compete! Anyone interested in volunteering for Root the Box will
be able to meet our staff and get a good idea of just what goes
into putting on this competition. More specifics are available
at http://rootthebox.com.

Thank you Zachary for filling us in on this very cool competition! Good luck this weekend!

Tuesday, February 14, 2012

Communicating the value of security

Whether your work has you speaking in front of the media or just championing your ideas internally, whether or not those ideas are heard has as much to do with how they are presented as what the ideas are. In Information Security, the most important task we do is communicating the value of security. For this to be successful, you need to ensure your personal brand has integrity, trustworthiness, and experience. These factors take entire careers to build, but there are also resources that can help.

One of those resources is SECore.info. This new website created by the Open Security Foundation brings verified security experts and reporters together, as well as a tool to help experts promote their ideas through presenting at security conferences.

I'll be speaking more about this topic of self-promotion during Security B-Sides PHX this weekend. Check out the B-Sides page for more information.

SECore is also providing a great opportunity to increase your communication skills on security topics by hosting a workshop during RSA in San Francisco this month. This one-on-one training is co-hosted by the technology PR firm LEWIS Pulse, and will help you with personalized training on how to effectively communicate about your work to the media and to your co-workers.

SECore Media Training for Security Professionals
Date: Wednesday, February 29

Time: 8:15am - 6:00pm (hour-long sessions)
Location: Marriott Marquis, 55 4th Street, San Francisco

Register at EventBrite.