How to Run a BSides: Reflections on Ottawa

Overall Thoughts

This event was hands-down the best BSides I've attended. The vibe and energy were great, there was lots of conversation and back-n-forth discussion. The peanut gallery was very active during presentations, and the Hallwaycon track (not that there was a hallway) was excellent. In part because of the nature of the venue (a restaurant/bar scene), we had no option but to sit together with or near people we wouldn't know, which inevitably led to lots of good conversation.

And the venue... oh, what a fun place! It was "just a restaurant/bar"... sure... (there were 2 bars, actually)... and it wasn't huge... but it fit us very well, the service was great, the food was great, and the libations were handy and very useful for further lubricating discussions! It'll be very hard, I think, to completely recreate this atmosphere, but I hope they're able to get close next year! :)

Preso Content

Yes, the venue and atmosphere and attitudes of attendees made the event a great success, but the content was also a major part of that success. In fact, without the great content there would likely have been less conversation and debate, which in turn would have stomped on Hallwaycon, among other things. Three cheers and a cookie for the planners and their ability to pick great talks! Here are some of my favs:

* Reprisal of Andrew's "D-List" talk - Andrew Hay delivered his "Life on the D-List" talk, a reprisal from previous BSides events. As always, it was entertaining and hit on some interesting attributes of the psyches of members of the self-described "elite." Incidentally, if you're a fan of the D-List, please join the parody Facebook page! :)

* Kellman's talk "Myths, Mistakes and Outright Lies (when it comes to your computer security)" - Kellman Meghu, Security Engineering Manager for Check Point Canada (@kellman) gave an entertaining talk about some of the lies we tell ourselves about security.

* Speed Debates Panel - Jack Daniel headed-up a speed debates panel that included 3 Yanks and one Canadian. How that happened is anybody's guess. Afterwards we realized that it could easily have been 4 Yanks (ha!). At any rate, this was a fun panel for stirring the pot a bit and getting conversation going a bit more.

* Fuzzing Cows - Karim Nathoo & Mike Sues really know their stuff! They talked about fuzzing at a level that I've never seen before, which was awesome. They walked through several demos of fuzzing activities, which caused some eyes to bulge and brains to explode as people realized just how powerful this testing technique can be.

* Nmap Scripting Engine - Speaking of smart dudes, Ron Bowes (Tenable) is amazing! He talked about making use of the Nmap scripting engine, and then actually wrote demo code on the fly (he'd tested the code before, but he still ended up writing it live). As they say in Boston: wicked smaht!

* "Does Canada need a CERT?" - Adrien de Beaupré led a lively discussion about whether or not Canada needs its own CERT. Should it be reliant on others, like the US? If they were to stand-up a CERT, should it be government-run, or should it be independent like Brian Honan's Irish Reporting and Information Security Service (IRISS), which is Ireland's first CERT. Special attendees dropped in just for this discussion, which led to a great back-n-forth conversation about what the objective of a CERT would/should be, whether one is needed, whether they're even particularly relevant today, and so on.