Money controversy could make B-Sides into something better

Tweets are flying over a securityerrata article Brian Martin wrote about the "dark side" of Security B-Sides. Martin singles out Mike Dahn, one of the founders, as the Darth Vader in this tale.

Martin writes:

Tragically, it has recently come to public attention that some things about the organization are not as positive as the rest. One of the founders, Mike Dahn, seems to have repeatedly lied about the conferences and organization for what appears to be his own gain, as you will see in this article. Dahn does not seem to embrace the idea of openness like he claims, tarnishing the image of the community built B-Sides. Until Dahn does what has been requested of him for two years by another founding member, be more open about finances and organization, the information below paints a grim picture of Dahn's behavior. This alleged unethical activity and deception is not acceptable by any standards, especially in an industry that preaches (and sells) integrity.

I found this surprising, because I've always had positive dealings with Dahn. In fact, I had dinner with him and others just last week. I also have a lot of respect for Martin and everyone else at Attrition.org. They can be brutal in their criticism of others, but when you read anything they do, it's clear they've done their homework.

And so this so-called B-Sides dark side isn't something we can wave off as nothing. Martin puts a lot of financial detail in his article, and the more I look at it the harder it is not to conclude that the books are off.

But to me, this isn't about Mike Dahn. It's about a movement that got too big too quickly, and how it can emerge from this better than before.

My first experience with B-Sides was in San Francisco in 2010. Held in a cramped loft several blocks from the RSA conference, it had a laid back, underground feel I fell for immediately. I loved how talks were delivered free of the filter you run into at events like RSA.

I wrote about it here as an anti-conference, a chance for people to discuss security without all the commercial hooey.

This past BsidesSF was also a winner in terms of content. But I noticed a couple things this time that I didn't remember seeing the year before:

1. The line of people trying to get in was well out the door.

2. There was intense vendor interest in the event. PR people were suddenly flooding my inbox with requests to meet their clients not at RSA, but at B-Sides.

I wasn't taken aback by the explosion of interest. B-Sides was the result of a deep hunger infosec pros were feeling for something different. Naturally people would storm the gates trying to get in.

But I couldn't help but wonder if it was time to scrap Bsides and start a Csides or something. It's never much fun when something becomes mainstream.

I also wondered how the organizers would be able to keep up with the quick explosion of interest, and all the money that comes with such a phenomena.

According to Martin's article, they didn't keep up very well.

Was there deliberate mismanagement of funds by a few people looking to enrich themselves? I have no idea. Like my friend Alan Shimel says in his post on the matter, I don’t consider myself a B-Sides insider and have only attended a few events.

But knowing several of the B-Sides organizers, I find it hard to believe anything deliberate or malicious was part of the equation.

I do think this is an important wake-up call for the B-Sides organizers. Like it or not, this thing has gotten too big to run without some changes. There are hazards. But there are also opportunities.

I'll steal one more line from Shimel's post, because I think he says it as well as any of us can:

"I hope as a result of this B-Sides will come out of it bigger and better than ever with a wider, deeper management team."

Let's withhold final judgement and hear what Dahn has to say.

--Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a

Related:

Copyright © 2011 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline