ShmooCon 2012 is this weekend. Boohoo

The boohoo is because I can’t be at ShmooCon this year. Too many schedule conflicts. Nevertheless, I am a big fan of this event and hope a lot of you will be there.

Some thoughts:

Many CSOs view ShmooCon as an event of small importance. You don’t see the suits and ties that are on display at RSA. In fact, to those who haven’t attended, this conference is just a place where twenty-something hackers come to get drunk and throw TVs out hotel windows. Another crazy Black Hat/Defcon-caliber conference, more than one high-level security exec has told me in the past.

As with any security event, things can get rough around the edges. But a lot of important talks happen there that have implications up and down the IT security food chain. It’s also important to note that a lot of the young ruffians who come here are the very people who find the security holes so they can be fixed. They also build a lot of the technology CSOs lobby their upper management to invest in.

We can’t live in silos doing our individual jobs and pretend the rest of the company doesn’t exist. In the battle to secure cyberspace, we’re all in this together. ShmooCon is a great place to rip down the silos.

For those who are attending, here’s a peek at some of the scheduled talks:

Bring it On- 

Destroying Evidence before it’s Evidence – Hanni Fakhoury

Encryption, Passwords and Data Security: the Latest on the Law and Best Practices – Marcia Hofmann and Jerome Radcliffe

Inside the OODA Loop – towards an aggressive defense – Sandy Clark, Matt Blaze, David Nelson-Fisher, and Matthew Elmore

Corrupting the Youth – Jordan Wiens

AVM Inception: How we can use AVM instrumenting in a beneficial way – Jeong Wook Oh

OPFOR Works Both Ways: How Offense and Defense Must Train Each Other – Tim Maletic and Chris Pogue

The Science of Insecurity – Meredith Patterson and Sergey Bratus

Soft Markers in Attack Attribution – char sample

SNSCat — What you don’t know about sometimes hurts the most – Dan G, Solomon S, and Scott G

0wn the con – The Shmoo Group

Build It –

Android Mind Reading: Memory Acquisition and Analysis with DMD and Volatility – Joe Sylve

Malware Visualization in 3D – Danny Quist

Whack-a-Mobile: Getting a handle on mobile testing with MobiSec Live Environment – Tony DeLaGrange and Kevin Johnson

Malware as Art: Building and Animating Malware Network Graphs – Chris Larsen, Tim van der Horst and Jon Dinerstein

TTL of a Penetration – Branson Matheson

A New Model for Enterprise Defense – Toby Kohlenberg

37mm Aerial Surveillance: “Romance between a Camera and a Flare Launcher” – Joshua Marpet and Vlad Gostom

New Cool Crypto – Ben Agre

Defending the King of Denmark with a BLADE – JP Dunning

Break It – 

And That’s How I Didn’t Lose an Eye: Emergency Data Destruction – “Skunkworks” “Leets”

All Your Codes Belong To Me! – Keith Howell

A Blackhat’s Tool Chest: How we tear into that little green man – Mathew Rowley

Credit Card Fraud: The Contactless Generation – Chris Paget

Java backdoors and Cross Framework Abuse – Nicholas Berthaume

Inside Apple’s MDM Black Box – David Schuetz

Intro to Near Field Communication (NFC) Mobile Security – Corey Benninger and Max Sobell

Raising The White Flag – Curt Shaffer and Chris Cuevas 

Looking into the Eye of the Meter – Don Weber

Attacking Proximity Card Access Systems – Brad Antoniewicz

OTM – 

Training security nerds, faster, better, stronger – Xeno Kovah

Sacrificial Computing for Land and Sky – Brendan O’Connor

Cyber Fast Track – Mudge Zatko

Lessons of the Kobayashi Maru: Cheating is Fundamental – James Caroland and Greg Conti

Building Measurement and Signature Intelligence (MASINT) capabilities on a hacker’s budget: Tracking and fingerprinting RF devices for fun and profit – Brad Bowers

A Fistful of Fire Hoses – Putting out Fires Without Crossing Streams – Steve Werby

Closing Plenary –

Doing Infosec Right – James Arlen and Dave Marcus