Some say #BSidesSF needs to grow up. Here's what I say

I heard some discontent this morning about the state of Security B-Sides. Yes, I have an opinion. But it might not be what you would expect.

As I got comfortable at BSidesSF this morning, I was approached by one of my infosec friends, Tom Stamulis. Hot under the collar, he suggested I write about the politics of BSidesSF -- specifically what he sees as the need for event organizers to grow up and stop trying to compete with RSA Conference.

He wasn't happy for a number of reasons. First, the venue for B-Sides this year, The DNA Lounge at 375 Eleventh St., is in what some would consider a scary neighborhood. Second, the dark, dingy club is no place to be having a serious discussion about security. A cleaner, brighter place closer to the Moscone Center -- where RSA is held -- would have been more suitable, he said, adding: "They need to grow up."

There are a few things I agree with:

--The neighborhood is not the nicest to walk through.

--The lighting in the club did make for some difficulty. I had trouble seeing people clearly as they approached me.

--The place was dingy. I had to put a notebook under my laptop because the tables were so sticky.

That's where the agreement ends.

Though the neighborhood was rough, it should not eliminate the club as a venue. People who walked didn't like it, but in any city during any conference you end up going through such neighborhoods. Look at the RSA Conference evening events. I've been covering this event almost continuously since 2005 and I can't remember Microsoft ever having a party in a neighborhood that didn't make me a little nervous. No big deal though: I took a cab, just as I did this morning to BSides. Every city has it's nice areas and not-so-nice areas. When planning events, you can't always get what you want.

As for the point about BSides needing to grow up, I think Tom is expecting too much too soon.

I respect his point that for our industry to be taken seriously, it has to grow up and start planning events in ways that don't revolve around things like which venue has a bar. I also respect his view that BSides should stop trying so hard to be counter-culture.

But to be honest, one of the things I like about BSides is that it doesn't play by the rules. I've always loved the hit-or-miss nature of the venues. Sometimes it's a great location like the Children's Center next to Moscone, other times it's a scrappier place. BSides Las Vegas was in a small hotel with black walls and weird art all over the place, but it was fun.

What's wrong with security practitioners having a little fun? Security is serious business. Don't we all deal with the threats and attacks better if we're able to have a little fun once in awhile?

The daily life of an infosec practitioner is often a blur of conference rooms and losing arguments with CEOs who don't always understand why certain resources are necessary to mount an adequate defense. Sometimes, the only way you deal with it sanely is to meet periodically in weird places to discuss the business challenges with like-minded practitioners. To fight well together, we must be able to have fun together. It's all part of the bonding that forges powerful defenders.

That may sound syrupy, but it's what I believe.

Tom is right that infosec is serious business and we have to evolve. But evolution is a slow thing, and that's not so terrible. The fact that BSides was born in the first place was a sign that people are willing to take bold steps to shake up the status quo and keep the discussion lively.

I even like the fact that some venues are filthy because it takes us out of our comfort zones. Maybe that's the Revere, Mass., kid in me talking, but so be it.

I've enjoyed RSA much more since BSides popped up. I like that I can go from the straight corporate environs to the more anything-goes environs.

There's a balance about the whole thing that works, and I personally walk away smarter for it.

Copyright © 2013 IDG Communications, Inc.

8 pitfalls that undermine security program success