Tag Archives: Chris John Riley

So, what about that SecurityZone?

Thanks to Chris John Riley’s post, I was inspired to share my views and experiences from SecurityZone. Some of which I have already shared on the last post on SexyDefence, but there’s so much more to that…

SecurityZone 2011 speakers and organizers

First things first – SecurityZone. Colombia. I know… Sounds weird, especially when considering that this turned to the last stop in the DirtySecurity World Tour 2011. Well, when I was first connected to Ed Rojas who basically masterminded this whole thing (with the help of a small group of his friends/partners) I was skeptical as well. But as it works out in the industry, a quick check and a vouch from a colleague and I was ok.

Then I saw a like-minded person in Ed whom I shared a similar vision about how a conference should be running, and what kind of content should be in it, and I became the de-facto speaker recruiter/bringer…

At that point I was amazed again by the kind of industry we work in, and the kind of relationship I have with my friends in the industry. With a first-time conference, and in a country that isn’t exactly getting a lot of friendly press I approached some of the best people in the industry (whom I just happen to be able to call close friends), and was able to witness some of the best responses ever. From a “sure, I’m in!” to a “sure I’m in! oh, you think this place is safe? whatever, I’m in!” we managed to rally up a wicked lineup.

updated: On our way from the airport to the hotel (we were picked up by Ed personally!), I got the news that two of the speakers couldn’t make it in the last minute. My immediate response to Ed was “no problem, Nickerson and I will fill those slots in for you”. Funny thing is – I didn’t speak with Chris before on this, and as expected when I told him about it I got the expected “sure thing. let’s think which talk would fit best here”. EPIC.

I won’t repeat Chris’ views from the conference as I totally share them, but just to add a few experiences:

The place is safe. Probably safer than some of the metro areas I’ve been to in the US (not to mention some of the shadier places I’ve had a chance to visit). There wasn’t a single incident where we were in any kind of situation where danger was apparent or even a concern. And remember that wer were rolling #DirtySec style (which in most places means at least one encounter with the local law enforcement…).

Cali Police Department - picking their way out of cuffs...
The Cali Police learning from schoolkids how to pick handcuffs

Running a full day red-team workshop with Chris Nickerson was totally awesome (and yes – we plan to take it on the road for 2012). What made it even more over the top were the schoolkids not only doing simultaneous translation, but also learning how to pick locks (and the obligatory twitter I got later that night “@iiamit btw we opened all our doors yesterday with our new tools!”). Furthermore, as the police saw us start the lock-picking session and huddled at the door, we invited them in, and because of the language barrier had the schoolkids teach them how to pick locks, and best of all – handcuffs… Yeah, I know, if there was a doubt on my placement on santa’s naughty list, that definitely put me there 🙂

Being driven around beautiful Cali could not have been better – we saw the highs, lows, mountains, downtown, suburbs, and even some of the touristic sites in the region (sugar plantations, the Casa Paraiso) and looking at other conferences I spoke at this year, probably the best hospitality EVER!

This has definitely been the right closer for the #DirtySec world tour of 2011, and I can only hope that 2012 will include some more SecurityZone content (stay tuned – we are working on some great content…)

See you all at Shmoocon!

Introducing SexyDefence

After a long time of no updates, I’m finally back to a “normal” schedule, but as always – there’s some new project that emerges from just being around extremely smart people and accessibility of alcohol…

So, during an exciting tweeting session at the SecurityZone green room (which is never green BTW), where all of us geeks were relaxing and instead of actually talking to each other (again – we are all in the same room), we were exchanging gestures and an occasional snicker as we “discussed” things on twitter. At one point, the question of “why on earth can’t we make defense as sexy as we managed to make offense?” (in the context of information security of course).

That started what we call “SexyDefence”.Bar Refaeli in soldier uniform

The parties to blame are: James Arlen, Stefan Friedly, Chris Nickerson, David Kennedy, Wim Remes, Dave Marcus, Chris John Riley, Georgia Weidman, and yours truly. We managed (in 30 the 30 minutes we had before we went back to “normal” con business and ran a panel on SexyDefence) to set up a space where this new initiative would be panned out. Here are the main points (just a beginning) of what we consider as the SexyDefence “manifesto” 🙂

0. Rediscover your passion for the job you have instead of whining about the job you don’t have.
1. Wake the fuck up and learn how your company works (for realz – not just the techie stuff)
2. Use everything you have. whatever the “bad” guys use is fair game for u as well. research vulns on attack tools…
3. Intelligence. Gather it. On you, on your threat communities. Now use it. Intelligently.
4. You have more information at your disposal than you think (logs. Lots of them). Figure out a way to use it.
5. Remember that it’s the users (humans) that will screw you up. Make sure your “plans” include dealing with them (not just tech)

Feel free to take a look (and as always contribute – see PTES) here: http://wiki.doinginfosecright.com/index.php?title=Main_Page

Happy hacking!

p.s. – Yes, I figured that a picture of the local model Bar Refaeli in uniform would be better that the one used on James’ blog of RightSaidFred…