Well another year, another Chicago conference weekend in the books. Last weekend was the THOTCon/BsidesChicago tandem which started my conference circuit with THOTCon 0x2. Since then I’ve hit a number of conferences across the Midwest and even Ireland, but I went back to my home town to see old friends & make new ones.
You could tell that both conferences did their best to not only provide relevant content, but also create an atmosphere where people wanted to be and wanted to learn. The struggle with this is that without doing the traditional “conference setup” of rooms with chairs and permanent audio equipment you run into bleed over from “hallway con” or other areas. Both conferences struggle with this because of venue choices in Chicago. You are restricted based on your budget & locations that can hold hundreds of people, as well as public transit and a venue that can serve alcohol. That said, I think both did their best to reduce the noise so those who wanted to hear the talks could do so.
So regarding the presentations, I have to say it was difficult to do a “best of” on each. I was able to catch a number of them at both conferences and many had really relevant or interesting topics. I sat in on my friend @claudijd and his fiancée @L_ORA about a privilege escalation vulnerability in Cisco firewalls, as well as a talk by Joe Cicero on P.I.S.S.E.D. (Privacey In a Surveillance State, Evading Detection). Both were very detailed and gave a great overview on their topic. I had to give “best talk” to two different presentations for this one though. I couldn’t make up my mind on who presented better nor on what topic was better between them.
@wbm312 gave a great talk about the legal issues on taking devices across the border, including the fact that the US Government considers anything within 100 miles of a border, International Airport, or main body of water (Great Lakes, etc.) as the “constitution free zone“. This hit close to home as I just came back from visiting my girlfriend in Vancouver, BC.
@hacks4pancakes also did an outstanding job on her talk with the “Ten Commandments of Incident Response (For Hackers)”. It briefly touched on “burn out” which I believe is an issue in Information Security, but also gave lessons learned from her personal experiences. One main takeaway for me was the fact that technical skills are great, but let your technician work on the problem rather than sit in meetings asking when it will be finished.
Moving on to Saturday was BsidesChicago. A number of talks were given by coworkers or friends at this one. I had to leave a bit early as I was fading fast (whole introvert thing getting in the way), but I have to say I enjoyed @securitymoey’s talk on “InfoSec Big Joke – 3rd Party Assessments“. He brought up some pretty good points including vetting the answers that your service provider returns. If you aren’t doing it, no one is.
Overall I had a good time and got to hang out with some great friends that I don’t get to see often now that I’ve moved to “the mitten” of Michigan. Looking forward to seeing them all again soon & in the interim back to learning!