Tag Archives: Presenting

Speaking Schedule page

Posted on 2013-02-24 | Leave a comment

I took an idea from my buddy Scott Thomas and now have a page listing my upcoming speaking engagements. At the moment, it’s a bit light, but I have sent quite a few other CFP responses for events that haven’t closed yet. And I expect that work-related stuff will fill it up quickly as well. Some of those will be private but I’ll at least try to list the city in case anybody wants to get together for a drink or something.

→ Leave a comment

Posted in Meta

Tagged ,

Go home HackMiami you are drunk

Posted on 2013-01-14 | 5 Comments

IMPORTANT UPDATE 2

The official response:

Track Updates

Recently the HackMiami 2013 Hackers Conference received several complaints from individuals within the information security community regarding the chosen titles of the speaking tracks, NewF%27s and OldF%27s.

These complaints indicated that HackMiami may risk alienating the support of a key demographic within the information security community.

We have discussed the issue at length, and decided that we did indeed plan the track titles in haste, without considering the inclusion or opinions of a very vocal minority. As such, have decided to make some changes.

In addition to the NewF%27s and OldF%27s tracks, we will be creating a new third track that tailors specifically to the audience that was offended by the original oversight, and the track will be called MoralF%27s

The MoralF%27s track will feature talks about hacktivism, digital civil liberties, ethics, legal issues, and free speech.

We hope that this correction satisfies our critics, and we invite them to submit CFPs for this track at:

http://www.hackmiami.com/cfp

Regards,

The HackMiami Conference Team

IMPORTANT UPDATE

Thank you for doing the right thing.

Recently, a colleague from a side project contacted me to ask me to submit a talk on the project to HackMiami. Like everybody else in the Western Hemisphere, I immediately thought “sweet, boondoggle!” Even if my employer (who has nothing to do with this post) wouldn’t pay for the trip, I figured I would pay my own way, because, hey! Miami!

Then I read the CFP and… well.

Just in case they change things later, here are the names and descriptions of their tracks:

Track 1 – NewF#gs – A novice track will be available for new hackers who are learning the ropes. If you have a presentation that you believe would be beneficial to the community and will give n00bs a starting point to advance their skillsets, then this is the track for you. Total presentation time is 50 minutes.

Track 2 – OldF#gs – An advanced track for the old school greybeards looking to show off their latest projects and research. If you have any hot research, code drops, vulnerability disclosures, or advanced attack methodologies that you want to present on, then this is the track for you. Total presentation time is 50 minutes.

Now, I recognize the 4chan meme. There is a place in the world for 4chan memes, and that place is 4chan, not a hacker conference with people of all backgrounds. Without really touching the LGBT issues here (which I acknowledge but lie well outside the scope of this blog), the level of unprofessionalism here would stun a rhinoceros. As my buddy and co-worker Kevin asked, what ideas did this beat out? What was worse than this? Did your first draft have “fresh hos” and “used up hos” for the track names and you rejected that for being disrespectful to women? “We need to be more inclusive, guys.”

And hey, if you think any of us want our names and professional reputations hooked up with those terms, you have lost your ever-lovin’ mind.

In sections of the infosec community, we’re having all these discussions about misogyny, privilege, and anti-harassment policies. And then HackMiami decides to name their tracks after childish homophobic little memes from the seedy underbelly of the Internet. Not cool, dudes. Welcome to my list of “conferences I won’t attend because the organizers are scumbags who annoy the crap out of me”.

→ 5 Comments

Posted in Conferences

Tagged , , ,

NAISG DFW talk: Evolution of an IRT

Posted on 2012-03-31 | Leave a comment

Last Tuesday, I gave a talk at the DFW chapter of NAISG on “Evolution of an IRT”. Apparently I disappointed the organizers, as my talk didn’t actually have anything to do with Ice Road Truckers.

Caught in a fleeting "hands-in-my-pockets" moment by Joseph Sokoly

Note that I presented how I would build an IRT now, not necessarily how I did it last time. I’d do some things the same, but over the last 2.5 years I’ve learned a lot that would change how I’d do it in the future.

While the slides are available, they don’t really work outside of the context of a live presentation: mostly funny Internet pictures to illustrate a point and keep the audience slightly entertained. The outline will make much more sense, I hope. Really, I work from this first, and then riff on it based on what seems to get a reaction and elicit questions, which I happily accept throughout the talk. I don’t think we have a recording, but perhaps I’ll get someone to record a future version of the talk or even do a web-focused one.

→ Leave a comment

Posted in Conferences

Tagged , , ,

BSidesDFW 2011

Posted on 2011-11-08 | Leave a comment

Awkward hug with @kylemaxwell #BSidesDFW on TwitpicThis past weekend, we had the local BSides DFW conference. Overall, I’d classify it as a great success, but I also want to analyze a few bits here.

The Good

Microsoft provided a really nice facility at their Dallas Technology Center. We had lots of room, good wireless signal, friendly staff (even including the security guards). I’ve criticized Microsoft heavily for years due to their technology and business practices, so I have to note that they did this very well.

Some of the talks had some first-rate stuff. Andrew Case had a particularly outstanding talk on data exfiltration. I can’t wait to see the slides and maybe mess around with Registry Decoder as well. I certainly intend to submit a talk next year, now that I have a feel for what the conference covers and the sort of audience that shows up. We also had a lock pick village and lots of presence from the EFF as well as a table from Hackers For Charity.

I should note that any security conference with kegs and kegs of beer, drink tickets, and homemade barbecue knows its audience. Being sort of a wimp, I didn’t stay for the after party but I heard it was great. And of course I loved seeing some of my friends, or in some cases meeting them in person for the first time. The volunteers and coordinators did a first-rate job, without question.

The Bad

Really, there wasn’t much. Some of the speakers lacked presentation skills, but I think that many of them simply had never done this before. And as much as I loved the facility, shuttling between the first and fourth floors lacked a bit of convenience.

But those are the largest things I could mention about the conference itself, which I think speaks volumes for how well it actually went.

The Ugly

First, I’ll note that what I say below should not reflect in any way on BSides or the hard-working coordinators who did a great job organizing this conference for no compensation other than grinning faces and a few awkward hugs.

In 2011, and for a very long time before now, overtly sexist presentations have no place whatsoever at a technical conference. One of the speakers gave a presentation in an informal style, which fits BSides perfectly. This isn’t a government-sponsored academic conference on national defense in the cyber domain or something. It’s a community-organized thing that sprouts from the grass roots.

So throwing out a bunch of slides that demean women and treat them as sexualized objects doesn’t work. I’m not a prude, and there’s a place for unsophisticated locker-room humor. This wasn’t it. As one example out of many from the same talk, a deck that includes images like one of panties on a woman’s crotch with the words “ALL YOU CAN EAT” printed on them would get most of us fired from our day jobs, and rightfully so. Showing same-sex affection for titillation and digitally altered images of (clothed) breasts does nothing but demean women and the speaker, though in different ways.

All of this detracted from what would otherwise have been a really good presentation with some interesting things to say. I hope the speaker reconsiders his actions, and I don’t plan to attend his talks in the future. This is not the sort of thing that we want to encourage in any way.

→ Leave a comment

Posted in Conferences

Tagged , , , , , , , , ,

Saying something worthwhile

Posted on 2011-06-21 | 1 Comment

A recent article at Hacker News on understanding the “obvious” got me thinking.

I’ve established a professional goal to start presenting and speaking more often. I’ve done so on a very limited basis in the past, though I have significant public speaking experience in non-professional fields (ministry). The times I’ve done it, when others have offered me up or otherwise somehow coerced me into speaking, have gone fairly well. Not that I’m doing MLK-style oratory on the intricacies of information security, but everyone, including me, seemed to enjoy the experience.

However, whenever I see a CFP or similar for a conference or professional group that I think has some relevance to my work, I get cold feet and rarely submit my name or a topic. This doesn’t have anything to do with the general concept of getting up in front of an audience and talking. It has to do with questioning whether I have anything worthwhile to say.

To clarify: I don’t work in research. I don’t work on really bleeding-edge stuff. But I do work with technologies that I’d characterize as a little bit ahead of the curve, and my team has had some fairly successful implementations. Past investigations have led to some interesting and even colorful case histories. And when I get together for conversations with my peers at other firms, virtually or in meatspace, I find that we actually do work on some cool stuff (or at least don’t struggle to the degree that some others might). Malware detection and response, SIEM usage, incident response procedures, digital forensics… kinda sexy, at least a little.

'Some times I believe I can fly' by R'eyesThe problem comes when I see that CFP and I think that the cool stuff I work on must seem blindingly obvious. I mean, we’ve worked it out, so surely everybody else has as well, right? This flies totally in the face of actual experience and evidence, but it happens all the same. Inevitably, I remember the time Slashdot turned down an article I wanted to submit on a tech layoff in 1999 or so because it ‘sounded like everyone else’s story’. (They weren’t wrong.)

So I don’t quite know how to go beyond just dipping my toes in the water and jump in without slipping and hitting my head on a rock. Do any of my friends and colleagues have suggestions?

→ 1 Comment

Posted in Conferences

Tagged , , , ,