Alternative security events such as BSides and 44Con have injected much-needed life into the conference circuit.
Apart from my cats, there aren't many things that will get me out of bed at 4.30am, so the fact I got up that early to get on a train to London recently should be some indication of how excited I was to attend the first London Security BSides conference.
The idea for BSides started in the US, its primary goal being to offer a free security conference for people who couldn't afford the main-stream circuit. The first Security BSides, in 2009, ran alongside the long-established Black Hat conference and featured many speakers rejected by the latter. Since then the international BSides movement has grown quickly and is now a regular feature of the Infosec calendar.
In the UK, the first Security BSides ran on the second day of Infosecurity Europe, although the two events couldn't be more different. Whereas Infosec is primarily a commercial event, albeit with a selection of keynotes and discussions on a range of security topics, BSides London was entirely free of sales pitch. That's not to say there was no commercial support – in fact, BSides' sponsor list was impressive – but sponsorship was a very light-touch affair. It's refreshing to see that big-name security vendors are prepared to give back to the industry and not expect a list of sales leads in return.
The presentations covered a wide range of topics, and came from industry big-hitters. Three separate tracks ran, with one reserved for ‘ad hoc' presentations from attendees. All the talks I attended were original, well presented and free of marketing hype; a genuinely refreshing change.
The final talk was presented by four very brave guys in full Village People outfits, discussing the problems of communicating security issues outside the industry (“We're shouting in an echo chamber,” one of the presenters noted, summing up the problem of dealing with a closed community). The finale of the talk was a rather out-of-tune but very, very funny ‘Infosec version' of the YMCA song (if you do nothing else, check out the video at tinyurl.com/3f2pos5). This neatly summed up the whole conference for me: a healthy mix of serious security work and good fun in a friendly atmosphere.
Despite being the first BSides event in the UK, and organised by volunteers who also have demanding day jobs, the conference ran more smoothly than many fully commercial events I have attended. For a free event, it was nothing short of superb, and the organisers, speakers and volunteers all did an excellent job.
For marketing types, the idea of sponsoring a conference such as BSides without any stands, brochures or sales pitch might seem bizarre. Speaking as a potential customer, however, I'm far more likely to consider a company having seen its staff present at such a conference than I am because it gave me the best stress ball, t-shirt or flashing pen, or had the most attractive ‘booth babes'.
If I see a genuinely interesting presentation at a conference such as BSides then I am far more likely to consider the vendor and visit its stand at the next Infosec show. Presenting or sponsoring BSides and similar events is probably the best marketing opportunity in the security industry.
It looks like the ‘unconference' scene in the UK is going from strength to strength, as shortly after BSides, the 44Con website went live (www.44con.com). This two-day conference with additional days for training sounds like it will be every bit as good as BSides and excellent value. I'll certainly be there (but that shouldn't put you off going). The quality of the BSides talk given by one of the 44Con organisers, Steve Lord of Mandalorian, was enough alone to convince me to attend his own event.
The last ‘underground' conference I attended was Access All Areas way back in '97. I'm really optimistic that BSides and 44Con will become regular fixtures in my calendar from now on. They should certainly be in yours.