• United States



by Senior Editor

Security B-Sides: Rise of the ‘Anti-conference’

Feb 24, 20107 mins
Application SecurityComplianceCybercrime

Next week's RSA 2010 conference will have some nearby competition. Here's the story of Security B-Sides as the conference alternative.

When security professionals flock to San Francisco for next week’s RSA 2010 security conference, they will have access to a set of presentations and events not found on the official RSA agenda.

It’s billed as an anti-conference of sorts; a place where practitioners can go for an alternate, stripped-down view of the industry. Welcome to Security B-Sides.

The B-Sides website says the goal is to expand the spectrum of conversation “beyond the traditional confines of space and time,” giving people the chance to “both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos and interaction from participants.”

The last big event was held in Las Vegas to coincide with last summer’s Black Hat and Defcon conferences. Next week’s event will be held March 2-3 from 10 a.m. to 5 p.m. at the pariSoma Innovation loft at 1436 Howard St. (at 10th), near the Moscone Center, where RSA 2010 will be held. The event is free, though representatives from the Electronic Frontier Foundation will be accepting donations.

Additional B-Sides events will take place in Austin, Texas on March 13, and Boston from April 24-25, the weekend after the popular SourceBoston conference.

Zach Lanier, a Boston-based security practitioner who has played a leading role in the Security Twits community on Twitter, is helping to pull off the Boston event.

“I got involved chiefly because I really dig the ‘uncon’ concept, and because I think it serves an ever-growing need,” Lanier said. “There’s an overwhelming amount of computer security and hacking knowledge to be shared and talked about. Major conferences are, understandably, quite selective in accepting talks, and some of the proposals may not even fit the theme of that particular con.”

Security B-Sides provides an opportunity for folks to give those very talks and maybe even inspire some attendees to hop up and give a talk of their own, he added.

In an effort to better explain the origins of Security B-Sides, asked three active participants to share stories of their involvement and why they think it’s important:

Jack Daniel, a National Information Security Group (NAISG) director; self-described “reluctant CISSP and infosec curmudgeon” and community development manager at Astaro AG

“The idea that became B-Sides began when Black Hat USA 2009 sent out their thanks, but no thanks messages to those whose presentations were not accepted, several lamented their rejection on Twitter and the idea was proposed to provide an alternate venue for talks. The first event came together quickly with a lot of effort from several people; it was a great combination of intelligent presentations and discussions, some which just wouldn’t fit into larger conferences. The relaxed atmosphere was more intellectual frat house than security conference.

“The magic of B-Sides is that the events provide a venue for great talks which otherwise might not get heard, talks which may appeal to a small group of passionate people, and talks which may not fit into a category other conferences want to tackle. Also, due to the smaller size, the presentations are much more of a conversation than a proclamation as many presentations are at large events.”

Erin Jacobs, chief security officer at United Collection Bureau Inc. in Chicago

“I was a part of BSidesLV when conversations about gender in Information Security were ensuing due to a fundraising event I had been coordinating. I was able to put together a panel of women in information security, and B-Sides gave us an opportunity to start the conversation that mainstream conferences are not yet ready to address. B-Sides is a conference by the information security community, for the information security community, these are the topics that we want to discuss and produce further cultivation of.

“I thought it was just soapbox for people whose talks were denied by BlackHat/DefCon. It wasn’t until the event started to take shape and talks were being added that it started to become evident that the content to be presented was unique, and might not have fit anywhere else. Presentations that might not have commanded a room of 300 were captivating to the 50 – 80 people in the room at BSidesLV to listen, learn, and participate in a way that we haven’t seen before. As far as first events go, BSides Las Vegas was held off-site in a house, and it was quite a unique feel just getting to the venue. You truly felt like you were embarking on a journey to something very different. The feeling in the house was that of a college mixer meets networking happy-hour, the people made the event! There was a sense of true passion and dedication to the information security field as well as the loyal, dedicated, and very active community that it has.

“B-Sides San Francisco seems to have a LOT more energy surrounding the event. B-SidesVegas was a successful proof that a barcamp style cultivation of the mainstream conference was possible, BSidesSF is going to elevate the way we look at things with the amazing list of talks. For someone like myself who paid for the full delegate pass to RSA, this is going to be very tormenting to ensure that I get the most out of RSA, and still enjoy all of what B-Sides has to offer. “The question that I look to get answered is, with B-Sides San Francisco being far more organized, and sponsor funded, will they ensure that the format doesn’t outgrow its beginnings as a barcamp-styled un-conference?”

Jennifer Jabbusch, CISO at Carolina Advanced Digital Inc. in North Carolina

“It started when paper submissions for (I think) Black Hat started getting kicked back. Several people I consider to be thought leaders in security and others with highly specialized technical skills were getting turned down for speaking gigs left and right. When I realized several of these security catalysts were being turned away in favor of more corporate general discussions, it bothered me a little. There’s a fine line in our industry between being too CORPORATE and ineffective and being too SPECIFIC and ‘hackerish’. Everyone walks that line daily in writing (as you do) editorial pieces, in deciding what content is the best draw for conferences, and deciding what details to pass up the chain to management.

“I felt like that line was suddenly grossly skewed and content that could be beneficial to a vast audience- content that was relevant, timely and thought-provoking – was getting pushed aside. The people that participate in events like Security B-Sides don’t do it for the notoriety or the money (obviously). They/we do it because we are passionate about a topic, a technology or a though process that we want to share. They do it because they have something meaningful to contribute and because people are interested enough in their message to make the time to listen.

“That’s how Security B-Sides was created. Because a few great people had things to say that the rest of the security community wanted to hear and we did what we had to do to make it happen. (“We” in this case was really Mike Dahn and a handful of folks). It started with a twitter conversation that let to direct messages and an email chain that suddenly turned a good idea into an amazing event!”