Are Conference Attendee’s Getting Older?

Are conference attendees getting older on average?  A fellow attendee made the observation at DerbyCon.  ShmooCon is probably combating this with their Shmooze-A-Student program as well as their guarantee of tickets for West Point.  But what about the others?

The theory given was that DerbyCon and ShmooCon are hard to attend.  Tickets sell out extremely quickly.  The tickets are more likely going to people who have already attended and want to return.

Anyone else observe this or have any thoughts?

DerbyCon Review / SIEM Management

DerbyCon was amazing as usual.  I can’t recommend the conference enough.

The most useful talk for me was Ryan Voloch’s talk on SIEM management.  I have experience deploying Splunk as a security monitoring solution.  Ryan’s talk focused on managing use cases / searched.  Prior to the talk, I had a note pad for my ideas and used my employer’s ticket system for external requests.  It worked but wasn’t elegant.  I’m in the process of deploying a larger Splunk monitoring solution.  I’m testing the template.

2013 Year In Review

Quartz had an excellent article summarizing the year in technology as being lackluster.  It is pretty comprehensive for the industry in general.
Short of any significant technology or process breakthroughs, I suspect 2014 will be the same as 2013 which was the same as 2012.

  • PCI/PHI will be leaked, likely in larger and larger quantities.
  • There will continue to be a fear of ICS attacks, no one will fix anything.
  • Hacktivists will continuing hacking and getting arrested.  Overzealous prosecutors will continue to think the law is the solution.  I don’t see Chelsea Manning, Edward Snowden, Jeremy Hammond, or John Kirikou having any legal luck in 2014.
  • I am optimistic that two-factor authentication and default SSL in the personal space will increase in popularity.

As far as a review of my year:

  • I bought a Fitbit.  It is interesting.  I think it has caused me to increase my physical activity.  I wish it could track more than just walking though.
  • DerbyCon was my favorite conference for the second year in a row.  DEF CON was great, but DerbyCon is the best.
  • For personal development, I am trying to learn Python.  I can modify existing code, but I really want to be able to write new code.
  • Professionally, my Splunk deployment is a massive failure.  I’m not blaming the product.  I didn’t get the appropriate level of support to successfully implement the product.  Hopefully the deployment can be recovered in 2014.  I’ve also got a Nessus deployment on my plate for 2014.

DerbyCon 2013

My trip started out rough.  The guy I was supposed to stay with fell ill and couldn’t make it.  I ended up staying across the river in Clarksville.  I’d advise against it if you like to walk.  I didn’t feel safe walking back at night.  I stopped at the Buffalo Trace distillery on my way down.  It was a nice tour.

This year’s DerbyCon was very nice.  The crowd was a little bigger than last year.  I had trouble getting in to a couple talks this year.  I do not remember having that issue last year.

I was a lot more social this year.  I attended Hacker Family Dinner hosted by Tottenkoph, BourbonCon, and the Saturday party.  I’d highly recommend Hacker Family Dinner and BourbonCon.  They were quality events.  I got to meet a lot of people.

There were two tool talks I wanted to attend.  I did not get to attend either.   The talks were packed.  The first was the Malware Management Framework talk.  I had watched the original talk at BSides LV and wanted to see the follow up.  I also wanted to see John Strand’s talk on ADHD, the Active Defense Harbinger Distribution.  MMF was a demonstration of a new tool for detecting malware on systems.  My understanding is that ADHD is an active defense tool.

Josh Corman’s talk on The Cavalry is Us should have been the keynote.  The keynotes were both on the Internet Of Things concept.  Other talks mentioned the Internet Of Things.  I think Josh summarized it the best.  We are getting worse faster than we are getting better.  The other way he stated is that our dependence on software is growing faster than our ability to secure it.

Josh had an excellent graphic I’m going to have to use the next time I ask for an advancement in the security posture at work.  The graphic had cost, complexity, and risk in the center with five arrows pointing to it.  Evolving Threat, Evolving Technology, Evolving Business, Evolving Economics, and Evolving Compliance were the arrows.  It seems like an extremely strong argument for why we need to keep moving forward.  I had previously tried the Red Queen hypothesis, but that fell flat.  I guess upper management doesn’t respect C. S. Lewis nor evolutionary biology.

And with that, the conference year is over for me.  My next conference related post will be ShmooCon next year, assuming of course that I manage to get a ticket.