Tag Archives: Chris Nickerson

March – April Events

After a quiet start for the year (and keeping up with my promise to try and cut down on travel) we are fast approaching exciting times. March will have a couple of great events I’m really looking forward to, and April packs a really great conference and training. So, without further adue:

DC9723 kicking off 2012 – March 13th

We’ve been having some issues in the local DCG with a venue, and after 3 months of delayed meetups we have finally settled into what looks like a fantastic venue. It’s called “The Library”, and true to its name it is one of the public libraries in Tel-Aviv. Renovated, and retrofitted to accommodate a shared workspace for entrepreneurs and small startups, it overlooks one of the more beautiful views of the Tel-Aviv coastline, and is located at the heart of the city – right next to tons of bars and hangouts.

Furthermore, for this inauguration meetup for 2012, we are proud to host Brad Templeton of Singularity University. I’m guessing it’s mostly kismet/karma that brought us together, but it couldn’t have been a more fitting match for this meetup. To complement Brad’s talk and discussion, we’ll have a great friend of mine – Keren Elazari who will discuss the past, present and future of the CyberPunk culture. Really can’t wait for this one to happen.

Link to The Library’s meetup for registration and more information.

Hackcon – March 26th-29th

One of the cons that were on my “hit-list” for a while. Having being recommended by close friends who already spoke there, I will be heading to lovely Oslo for the aptly named HackCon (yeah, I know… Oslo in March may not be _that_ lovely, but…).

With a great speaker lineup, and a website that absolutely refuses to be in English (google translate mandatory as my Norwegian is a bit rusty), this one is shaping up to be an experience!

Link to the program (which fortunately is mostly in English 🙂 )

Source Boston (Training + Conference) April 16th-19th

What can I say about Source? One of my personal favorites, with a personal “track record” of a couple of Barcelonas and soon to be a couple of Bostons. Fantastic attendance and audience, great speaker lineup, content that mixes business and technology like a fine cocktail. And this year is even more special, as I am fortunate enough to be able to bring our Red Team Training to Boston. Chris Nickerson and myself have ran this already once in Colombia last year, and the results are still resonating through Cali :-). We got some great feedback from both business as well as technical people who attended the one-day workshop in Cali, and will be bringing an even bigger, even better 2-day training session to Boston.

Expect a hands-on, no-bullshit couple of days. Expect to be able to pick locks (EVERYONE who is in our class will end up picking at least a 4-pin lock), gather intelligence, social engineer, build threat models, understand surveillance and counter-surveillance, and much more. Expect this not to be just a dull “click-click-click” classroom session. Do not expect us to be gentle on you – the people who attack your company won’t be either. Ready to take the plunge and move up from pentesting to the real-thing? Go register: http://www.sourceconference.com/boston/training.asp

And after having “fun” with friends (don’t ask what happens when I get to spend more than 10 mintes with Nickerson…), it will be off to the conference itself. Another rock-star lineup, from Dan Geer to Michelle Klinger, from Ally Miller to Chris Gates and Zack Lanier, and many more that I apologize in advance for missing here. This is the ultimate AppSec-Tech-Business throw-down in the east coast.

Full schedule is here.

So, what about that SecurityZone?

Thanks to Chris John Riley’s post, I was inspired to share my views and experiences from SecurityZone. Some of which I have already shared on the last post on SexyDefence, but there’s so much more to that…

SecurityZone 2011 speakers and organizers

First things first – SecurityZone. Colombia. I know… Sounds weird, especially when considering that this turned to the last stop in the DirtySecurity World Tour 2011. Well, when I was first connected to Ed Rojas who basically masterminded this whole thing (with the help of a small group of his friends/partners) I was skeptical as well. But as it works out in the industry, a quick check and a vouch from a colleague and I was ok.

Then I saw a like-minded person in Ed whom I shared a similar vision about how a conference should be running, and what kind of content should be in it, and I became the de-facto speaker recruiter/bringer…

At that point I was amazed again by the kind of industry we work in, and the kind of relationship I have with my friends in the industry. With a first-time conference, and in a country that isn’t exactly getting a lot of friendly press I approached some of the best people in the industry (whom I just happen to be able to call close friends), and was able to witness some of the best responses ever. From a “sure, I’m in!” to a “sure I’m in! oh, you think this place is safe? whatever, I’m in!” we managed to rally up a wicked lineup.

updated: On our way from the airport to the hotel (we were picked up by Ed personally!), I got the news that two of the speakers couldn’t make it in the last minute. My immediate response to Ed was “no problem, Nickerson and I will fill those slots in for you”. Funny thing is – I didn’t speak with Chris before on this, and as expected when I told him about it I got the expected “sure thing. let’s think which talk would fit best here”. EPIC.

I won’t repeat Chris’ views from the conference as I totally share them, but just to add a few experiences:

The place is safe. Probably safer than some of the metro areas I’ve been to in the US (not to mention some of the shadier places I’ve had a chance to visit). There wasn’t a single incident where we were in any kind of situation where danger was apparent or even a concern. And remember that wer were rolling #DirtySec style (which in most places means at least one encounter with the local law enforcement…).

Cali Police Department - picking their way out of cuffs...
The Cali Police learning from schoolkids how to pick handcuffs

Running a full day red-team workshop with Chris Nickerson was totally awesome (and yes – we plan to take it on the road for 2012). What made it even more over the top were the schoolkids not only doing simultaneous translation, but also learning how to pick locks (and the obligatory twitter I got later that night “@iiamit btw we opened all our doors yesterday with our new tools!”). Furthermore, as the police saw us start the lock-picking session and huddled at the door, we invited them in, and because of the language barrier had the schoolkids teach them how to pick locks, and best of all – handcuffs… Yeah, I know, if there was a doubt on my placement on santa’s naughty list, that definitely put me there 🙂

Being driven around beautiful Cali could not have been better – we saw the highs, lows, mountains, downtown, suburbs, and even some of the touristic sites in the region (sugar plantations, the Casa Paraiso) and looking at other conferences I spoke at this year, probably the best hospitality EVER!

This has definitely been the right closer for the #DirtySec world tour of 2011, and I can only hope that 2012 will include some more SecurityZone content (stay tuned – we are working on some great content…)

See you all at Shmoocon!

Introducing SexyDefence

After a long time of no updates, I’m finally back to a “normal” schedule, but as always – there’s some new project that emerges from just being around extremely smart people and accessibility of alcohol…

So, during an exciting tweeting session at the SecurityZone green room (which is never green BTW), where all of us geeks were relaxing and instead of actually talking to each other (again – we are all in the same room), we were exchanging gestures and an occasional snicker as we “discussed” things on twitter. At one point, the question of “why on earth can’t we make defense as sexy as we managed to make offense?” (in the context of information security of course).

That started what we call “SexyDefence”.Bar Refaeli in soldier uniform

The parties to blame are: James Arlen, Stefan Friedly, Chris Nickerson, David Kennedy, Wim Remes, Dave Marcus, Chris John Riley, Georgia Weidman, and yours truly. We managed (in 30 the 30 minutes we had before we went back to “normal” con business and ran a panel on SexyDefence) to set up a space where this new initiative would be panned out. Here are the main points (just a beginning) of what we consider as the SexyDefence “manifesto” 🙂

0. Rediscover your passion for the job you have instead of whining about the job you don’t have.
1. Wake the fuck up and learn how your company works (for realz – not just the techie stuff)
2. Use everything you have. whatever the “bad” guys use is fair game for u as well. research vulns on attack tools…
3. Intelligence. Gather it. On you, on your threat communities. Now use it. Intelligently.
4. You have more information at your disposal than you think (logs. Lots of them). Figure out a way to use it.
5. Remember that it’s the users (humans) that will screw you up. Make sure your “plans” include dealing with them (not just tech)

Feel free to take a look (and as always contribute – see PTES) here: http://wiki.doinginfosecright.com/index.php?title=Main_Page

Happy hacking!

p.s. – Yes, I figured that a picture of the local model Bar Refaeli in uniform would be better that the one used on James’ blog of RightSaidFred…