Boston BSides needs more space to grow

Popularity of the security conference has organizers looking for a bigger venue, non-profit status

 The Boston BSides conference is bursting at its seams and may have to find a new place to carry out its mission of providing inexpensive IT security training, educational sessions and informal networking where peers can share experiences and help guide aspiring security pros.

The conference this weekend at Microsoft’s New England Research and Development (NERD) Center in Cambridge, Mass., was full to capacity with about 400 people attending – the NERD limit, says Daniel Reich, one of the show’s organizers.

He says the organizers had to turn away about 100 others who wanted to attend, and after reading surveys by attendees and comments on Twitter, they may be looking for a larger venue for next year.

This includes possibly reaching out to co-locate with other Boston area groups such as BeaCon, OWASP and SOURCE Boston. Boston BSides is also considering becoming a legal non-profit to help with handling its finances.

Now the work is done by volunteers who choose keynote speakers, select those presentations that are made in conference sessions and staff the conference registration tables and keep things running smoothly, he says.

The cost to attend is $20 for the conference and up to $70 extra for workshops the day before. “That’s a lot of value to help you get started in a career in networking,” Reich says. “We want to keep it affordable, as close to free as possible.”

The hands-on training was new this year and the two full-day classes – Advanced Web Hacking and Introduction to Hardware Hacking - sold out almost immediately, he says.

Potential speakers submitted 51 proposals for just 18 slots. A committee winnowed them down to 27 that they felt really ought to be accepted, and faced a painful process cutting the final nine, he says.

The hardware hacking training by Brent Dukes covered how to recognize the components of a circuit board, identify the specific brand and model of them, find documentation for them and tap into their firmware. It included reprogramming a toy.

A half-day session on testing physical security presented by Keith Pachulsk delved into how to try to penetrate facilities in an effort to gain access to IT infrastructure, personnel and other assets. He does tis on behalf of clients who want their facilities and security measures tested, and he went into how to do this safely, which involved avoiding the very real possibility of violence by the clients’ security teams. He talked about how to get into buildings, move around them without detection once you are in and tapping IT networks.

A half-day training gave hands-on accounts of how to prepare for and participate in capture-the-flag security challenges. Presenter John-Nicholas Furst recommended tools and hardware to bring to these events and drew a picture of what it’s like to face other, formidable teams.

With a focus on advancing careers of younger security pros, Boston Bsides tries to bring in big-name keynote speakers so attendees get to interact with them up close. This year the two keynotes.

One was Peiter Zatko, also better known as Mudge. He was a key member of the hacker group L0pht and wrote the password breaking software L0phtCrack. Later he oversaw cybersecurity research at DARPA and worked at Google’s Advanced Technology & Projects division. He spoke about how attackers and vendors selling defenses can wind up in perverse relationships where they perpetuate a standoff rather than close avenues of attack.

The other was Gabriella Coleman, a professor of Scientific & Technological Literacy at McGill University. She spoke about the group Anonymous, whether it ought to be considered a terrorist group and an apparent effort to paint it as such by governments. She’s written a book on the subject called Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous.

Join the CSO newsletter!

Error: Please check your email address.

More about AdvancedFurstGoogleMicrosoftTechnologyTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place