The first BSides conference in Philadelphia was a major success.  Hats off to Ryan Knox and his team.  It was well planned and executed.  A real homerun in my book.

For me, this had a different context.  It was my first security conference – ever.  My first BSides – ever.  It was also my first presentation, outside of internal company meetings and conferences – ever.  My impressions and expectations where wildly mismatched.  I’ve come away with a different perspective on the infosec community – what it is and what it will become.

1. Infosec has a Big Tent

On the surface, the community as a whole can be broken down into “red teamers” and “blue teamers.”  As additional layers were revealed to me, it’s far more diverse than that.  Of the presentations I attended, I learned how to hack Outlook, hack humans, ask permission to break things and what APRS is.  The conversations where just as diverse.  I spoke with people with a passion for drones, how writing pen testing reports is an art (spoiler alert: don’t copy and paste) and how rolling  your own crypto is a bad idea.

My impression is that the Infosec community is full of polymaths.  These are people that master or dabble in multiple disciplines /domains.  No one person is the same.  Everyone brings something different to the table.  That’s the beauty of it all. While some topics might be fundamental in nature, (a) if you don’t dabble in that domain, you learn and (b) the individual brings the material to life; differentiates in their space.

2. Community of Sharing

You would think that a bunch of Infosec specialists would be tight lipped.  Nope.  They share — big time. Ask them about their experience in a space — done.  Tools to use — no problem.  Best way to script a pen test with Powershell — let me show you.  Career advice for those staring out — let me see your resume.  Now ask them about what they are currently working on  — no comment.  They seem to be more tight lipped when it comes to clients and employeers. :][

On top of that, the BSidesPhilly team sponsored a non-profit organization.  They were able to raise funds via donation and open auction for Hackers for Charity.  Hackers for Charity improves the living conditions for third world countries via technology like Uganda.

3. We’re Still Young

If information security were a person, we’d be a 12 year old.  Bright eyed and excited, willing to take on the world.  Full of passion to address the coming security challenges.  When I was twelve, I remember hearing some of the world’s best advice , yet never following it.  The unique opportunity is Infosec is a relatively new domain.  There  are still generations of truths to help us out.  Years of advice to call on.  Frameworks laying the foundation of Infosec for years to come.  We just have to listen and learn.  Say the words out loud in our own voices.

This is why Bsides is so important.  It’s a forum for people of all security domains to slap another layer of mortar and bricks onto the foundation.  A place to lend a hand to pull the rest of team up with you.    A place to whisper “old” ideas and scream out the new.

Thanks, BsidesPhilly.

When you have some time, check out my talk on security metrics – Size Doesn’t Matter.