What can you tell us about B-Sides this year?
BSides San Francisco is one of the biggest BSides events each year, and this fifth BSides San Francisco promises a lot of great conversations and content. We are returning to DNA Lounge this year, it was a great venue last year and is a very "San Francisco" place for an unconventional gathering. We will have presentations, lightning talks, locksport, and "I am the Cavalry" gatherings, and much more. BSidesSF: Education! Collaboration! Community!
Why decide to make this a free event?
Most B-Sides are free or very low-cost. We try to keep the barrier to entry as low as possible. A nominal or even refundable registration fee can help limit "no shows" and ease planning, but this year we are back at DNA Lounge and the venue's capacity makes it easy for us to just open the doors and let folks in. If pre-registration is required some people are reluctant to drop in, even when we announce walk-in space available; we like spontaneous conversations and open doors can facilitate those. And, it is a lot easier on the organizing team to skip the hassle of registration.
What do you anticipate from the sessions/speakers this year?
As always, we hope for a lot of good conversations, on a wide variety of topics. B-Sides allow speakers and participants to be candid and exchange ideas. The wide range of topics should help facilitate some great discussions and a few polite disagreements.
What are some of the big issues attendees can look forward to hearing about?
There will be a wide range of topics again this year; privacy, government surveillance, application security, cloud and web reliability and scalability, malware and attack analysis, youth mentoring and threats to security research in light of crackdowns on "hackers" by people who don't understand security and technology. The nature of B-Sides means that the presentations aren't the end of the discussions, they are the beginning. Conversations can continue in the chill-out space, at the bar, wherever interested folks gather.
Given the RSA/NSA news, what kind of impact do you feel this will have on B-Sides, if any, this year?
I don't expect it to have a significant impact. Everyone in the B-Sides community is aware of the issues, and there certainly will be some conversations about Snowden, RSA, NSA and related topics. We offered to host any of the speakers who pulled out of RSA but still wanted to be heard, but the advent of TrustyCon gave a dedicated outlet for some of those speakers, and on a day which doesn't overlap with B-Sides. There will be plenty of opportunities for people's opinions to be heard on the topic, in several venues, including B-Sides.
What are your thoughts on the industry's response to the leaked information?
As cliché as the phrase "wake-up call" is, I think it fits here. I see a few stories in this. First, we've seen some very sensitive information lost by one of the most secretive agencies in the world, if they suffered such a catastrophic loss of data, anyone can (and that's scary). Related, it appears that the NSA had some fundamental flaws in their execution of data protection. If they failed covering the basics, we all need to take a hard look at how well we are doing the fundamentals. I do think that many organizations are more focused on things like the recent card data breaches, those issues have more readily understood technical countermeasures. In contrast, there aren't really effective technical solutions to political problems.
Will you be attending any of the other shows that week?
I'll be working the booth at RSA for Tenable, and attending several formal and informal gatherings throughout the week.