• Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact

Reflections on InfoSec Nashville 2023 and BSides Augusta

October 18, 2023

Recently I attended InfoSec Nashville and BSides Augusta.

InfoSec Nashville 2023

Despite calling Nashville home since 2016, I only recently attended my first ISSA InfoSec Nashville conference. My expectations were exceeded by the event, especially with the opening keynote delivered by Robert Herjavec from "Shark Tank." While I'm not a regular viewer of the show and was initially unfamiliar with Robert, his speech was captivating. As the owner of a security company, his journey from a war-torn country to Canada, and eventually to starring in a hit U.S. TV show, is nothing short of inspirational. He shared intriguing insights into the future of security, particularly the idea of eliminating tier 1, a concept I'm still mulling over since there will always be a need for an initial level of defense.

Unlike at most conferences, I attended several talks at this one. Besides the opening, I was present for the afternoon keynote and a few other sessions before delivering my own at the day's end. The afternoon keynote resonated with me deeply, advocating for the hiring of entry-level professionals. The industry's skewed focus on seeking senior-level experts, as evidenced by LinkedIn job postings and the concerning average security professional age of 35, signals an unsustainable top-heavy structure.

However, hiring at the entry level isn't a panacea. Management must prepare a structured plan for these newcomers. I've seen many organizations lack this foresight, opting for senior professionals in the hope of minimizing their need for involvement. That doesn’t mean all entry level people are the answer. Maintaining a balance is crucial since many young professionals seek mentorship, a dynamic hard to foster in an environment composed solely of entry-level individuals.

The sessions I attended were enlightening, one on vulnerability management at a healthcare company stood out. Having developed a similar program for a mid-sized business, it was fascinating to compare approaches and scales, particularly seeing a dedicated team in action as opposed to one juggling multiple responsibilities.

The conference was overall a rewarding experience. It provided opportunities to connect with a diverse group of professionals and rekindle ties with acquaintances around Nashville.

BSides Augusta

As alluded to earlier, my conference strategy usually involves a "HallwayCon" approach, prioritizing networking and learning through impromptu conversations. This tactic led me to attend just one planned talk, aside from my own, at BSides Augusta. This event is a highlight on my annual calendar, coinciding nicely with a family visit to Columbia, SC, after the proceedings. What sets it apart is not just its impressive scale—with pre-pandemic registrations hitting 1,200 and around 800 attendees this year—but its distinct blue team focus, a nod to Augusta, GA's status as home to the Army's Cyber Command.

At a past ISSA meetup, I was taken aback when I was told attendees included members from the NSA, CIA, and Cyber Command —a moment that made me suddenly conscious of the powered on phone in my pocket.

I was extremely satisfied with the reception of my talk, now available on YouTube. My final presentation of this presentation will be at misecCON next month, where I'll have a full hour—a luxury compared to the concise 20-25 minutes at Augusta. While, like any presenter, I appreciate more time, I also value the challenge of a shorter format. It compels me to condense my speech to only the most crucial points, and enhance the chance of my talk being accepted.

The conference was, as expected, impeccably organized, and I cherished the catch-ups and new connections made. I’m eagerly anticipating next year's gathering!

Edited with the help of ChatGPT

This blog post first appear on Exploring Information Security

In Experiences Tags security conferences, BSides Augusta, Infosec Nashville
Comment

Speaking Engagements Fall 2023

August 11, 2023

I’ve gotten my last letter back on a submitted CFP. I will be speaking three more times this year before looking ahead to 2024. Here are the conferences I will be at for the rest of the year. The topic I’ll be speaking on is API security. I’ll put the abstract below.

Infosec Nashville 2023 - September 26-27 - First time for me. I’m excited to go to a local event.

BSides Augusta - October 7 - I’ve been going to this conference since 2014. This is one of my favorite yearly events to attend. Yes, it’s a bit out there but it’s one of the biggest BSides in the world. For those curious Army Cyber Command is located in the area. It’s a very blue team focused conference.

MISECCON - November 17 - MISEC is one of the most talented local user groups in the country. This is a rebirth of Detroit Convergence and BSides conferences post pandemic. This is another one of my favorite conferences.

Title: The Security Hitchhiker's Guide to API Security

Abstract: API security is so hot right now! Organizations don’t fully understand APIs, how to find them, and secure them. This can feel scary. Don’t Panic. Grab your towel and join me on a meme adventure to explore the API galaxy. We’ll cover the history of APIs. Why people now suddenly care about them and why they’re such a hot topic. We’ll go over some ways to identify APIs within an environment. We’ll cover how API security is different and how to start securing them. We’ll review the API security tooling landscape. Finally, we’ll review resources to get your towel wrapped around API security and answer the ultimate API questions.

This blog post first appear on Exploring Information Security

In Experiences Tags conference, BSides Augusta, Infosec Nashville, MiSec
Comment

BSides Augusta gallery and pictures

September 21, 2015

Media

The gallery for BSides Augusta can be found in my Photography section.

dsc_1449.jpg
BSides Augusta 2015

BSides Augusta, Georgia, September 12, 2015.

My Blue Team Starter Kit talk is available on YouTube.

Impressions

This was my second year attending BSides Augusta. As I've mentioned several times, this is one of the best run security conferences out there. You can tell pretty quickly that the organizers put a lot of effort and time into ensuring everything runs smoothly. This year was no different. I heard Mark Baggett tell one persont hat there were some minor hiccups in the morning. I didn't notice them. The only thing I could tell was that they overlooked the registration line. They had lines divided up into last name, but it was apparent entering the building.

Aside from that, everything else ran smooth for the conference. Speaking of attendance, the number reached 500 this year. That's up from 300 last year, which makes Augusta one of the bigger BSides events. The event is expected to grow even more as the Army continues to grow its cyber command at Fort Gordon.

I didn't get to sit in a lot of talks, but there seemed to be a pretty strong malware theme this year. Joel Esler's "2015 - It's Not Over Yet" and Wes Widner's "Lessons Learned from Analyzing Terabytes of Malware" are two such talks that stood out to me as I hoped from track to track taking pictures. But Paul Melson's "Viper Framework for Malware Analysis" and Alex Rymdeko-Harvey's "Malvertizing Like a Pro" are two more talks that deal with malware. I plan to go back through several of the session's at BSides Augusta after the baseball season is over.

If you live in the South East, I highly recommend BSides Augusta. Especially for security professionals working on a blue team. It's rare for a security conference to have two blue team tracks and I don't see that changing in the future. Put the event on your calendar for next year. I promise you won't be disappointed.

This post first appeared on Exploring Information Security.

In Technology, Media, Experiences Tags BSides, BSides Augusta, Videos, Photography
Comment

Catching up update: CircleCityCon, BSides Augusta, and a 360 music video

June 24, 2015

I've got all the pictures processed for CircleCityCon and sent to DrBearSec for him to do with what he will. In total I processed about 360 pictures. I have two GIF ideas left to put together and then I'll be done with my venture. Look for a post about CircleCityCon and a gallery of some of my favorite pictures from that event.

In the mean time, here is InfoSystir AKA Amanda social engineering here way onto the stage at Dick's Last Resort in Indianapolis for a bachelorette dance off.

My talk, "The Blue Team Starter Kit" has been accepted by the CFP committee at BSides Augusta and I will be presenting there September 12, 2015. This will be my first time presenting at a security conference and I'm very excited about it.

Finally, this is just a really cool music video from Mike Shinoda's project, Fort Minor. Check out the website for a controllable 360 view.

This post first appeared on Exploring Information Security.

In Experiences, Media Tags Fort Minor, infosec, media, videos, Bsides, BSides Augusta, CircleCityCon, social engineering
Comment

Latest PoDCASTS

Featured
Jul 29, 2025
[RERELEASE] How to network in information security - part 2
Jul 29, 2025
Jul 29, 2025
Jul 22, 2025
[RERELEASE] How to network in information security - part 1
Jul 22, 2025
Jul 22, 2025
Jul 15, 2025
[RERELEASE] What are BEC attacks?
Jul 15, 2025
Jul 15, 2025
Jul 8, 2025
[RERELEASE] How to crack passwords
Jul 8, 2025
Jul 8, 2025
Jul 2, 2025
[RERELEASE] How to find vulnerabilites
Jul 2, 2025
Jul 2, 2025
Jun 24, 2025
[RERELEASE] What is data driven security?
Jun 24, 2025
Jun 24, 2025
Jun 17, 2025
[RERELEASE] What is a CISSP?
Jun 17, 2025
Jun 17, 2025
Jun 10, 2025
[RERELEASE] From ShowMeCon 2017: Dave Chronister, Johnny Xmas, April Wright, and Ben Brown talk about Security
Jun 10, 2025
Jun 10, 2025
Jun 4, 2025
How to Perform Incident Response and Forensics on Drones with Wayne Burke
Jun 4, 2025
Jun 4, 2025
Jun 3, 2025
That Shouldn't Have Worked: A Red Teamer's Confessions with Corey Overstreet
Jun 3, 2025
Jun 3, 2025

Powered by Squarespace