Thanks for helping make BSides Denver 2010 a success. Please join us on the 2013 event page!
Event details (#BSidesDEN)
When: Friday, June 18, 2010, 9AM to 12AM (talks begin at 10AM)
Where: 238 Santa Fe Dr, Denver, CO (Arts District)
Cost: Free- Donations Appreciated
RSVP: In participants section below
Download flier here
Day of event agenda
Event pics can be found here.
*** Ustream available here: http://www.ustream.tv/channel/bsidesbay
The theme of this Bsides event is Mile High Security, where participants are encouraged to discuss potential future directions of infosec over the next 2-5 years.
BSides Denver will have two tracks (with availability for additional, ad-hoc talks that come up during the event). One track will feature traditional-style presentations; the second track (and additional tracks if needed) will be lightning/open style, wherein talks will be announced in the morning and scheduled on-the-spot.
Invite your friends by posting this on Twitter: "#BSidesDEN June 18, 2010: Mile High Security!
Schedule of Events
Friday - June 18, 2010 |
Presenter |
9:00 AM - 10:00 AM |
Unconference registration/ Coffee |
10:00 AM- 11:00 AM
|
Name: Erin Jacobs @SecBarbie Title: Compliance Crystal Ball – Future trends in risk-based security framework Abstract: More often than not organizations structure their internal security framework based almost exclusively upon regulatory and business compliance drivers. Through the discussions and drivers that are occurring in the security community as well as the cross-pollination into the business community, security compliance framework is changing direction. This talk will guide the audience though a history of regulatory compliance focusing on SAS70’s, ISO 2700x, PCI-DSS, HIPAA, SOX, and GLBA. Through this historic analysis, we will extract the known trends and forecast where the future is taking the security compliance landscape.
|
11:00 AM - 12:00 PM
|
Name: Tim Skorick Title: Browser Extension Malware Abstract: In an age in which the PC exists almost exclusively for web use whether at work or at home, malware authors no longer have to puzzle how to trojan a computer: the browser offers fewer impediments, has an API that publishes every object they could possible want to hook, and contains the user's entire work and play experience. Add to that varying failures in client-side or enterprise-level controls and you have the perfect breeding ground for a growing species of malware. |
12:00 PM - 1:00 PM
|
Name: Daniel J. Molina, @DJMolina Title: Top 10 Ways IT is Enabling Cybercrime Abstract: Today's IT departments, unbeknownst to themselves, are empowering cybercrime by their own actions. Daniel Molina presents The Top 10 Things that your IT department is doing, that enables cybercrime in your own company.
|
1:00 PM
2:00 PM
|
Name: Davi Ottenheimer, @daviottenheimer Title: Cloudy with a chance of security Abstract: Virtualized computing continues to evolve and bring both pros and cons (pun not intended) to information security. Everything from access controls to logs and forensics is being forced to adapt as IT resources are migrated from physical to virtual. This presentation gives a comparative analysis of the physical and virtual environments to identify key differentiators and risks. It then proposes several new approaches to meet the challenge of security and compliance for virtual systems, especially in clouds. |
2:00 PM - 3:00 PM |
Name: Peter Schawacker @alchemyps Title: Peter Schawacker- Agile Security, SOC and how Mortman/Hutton ruined my summer vacation Abstract: This talk is about organizing unmanageable people to accomplish impossible tasks. In it I talk about why traditional project management approaches almost always fail, especially when it comes to security. There's been some discussion of Agile software development, but not so much about its application to other domains. I've been using Agile to build and security operations centers and manage teams of analysts. Think of this as a how-to for effective cat herding, security requirements analysis and managing by not managing. |
3:00 PM - 4:00 PM |
Name: Steve Pordon Title: Defeating High Security Locks: An Overview Abstract: Intermediate-level overview of how high security locks work, and how to defeat them. Assumes basic lockpicking knowledge and concepts (shear line, tension, etc.), but will include a 2-minute refresher for those who need it. Emphasis will mainly be on high security pin-tumbler locks--ASSA Twin, Medeco Biaxial, Schlage Primus, and similar sidebar locks--with some discussion of disc locks (Abus, Abloy). |
4:00 PM - 5:00 PM |
Name: David Willson Title: When Does Electronic Espionage Become an 'Act of War' and What Options Do Nations Have to Defend Their Networks? Abstract: This presentation will be a combination of my two articles published in the ISSA Journal last August 2009 and this June 2010. I will discuss current cyber threats, how nations have reacted to them, or not, the types of threats, where the line might be drawn between electronic espionage/cyber crime and “acts of war,” the significant challenges nations face, and potential solutions. I will also discuss some more practical security solutions for business to reach beyond their networks to create a greater security posture. |
5:00 PM - 6:00 PM |
Panel Discussion: Infosec- Looking Towards the Future |
6:00 PM - 7:00 PM |
Name: Jamey Heary
Title: Sneak Peek at PCI 2.0 Changes
Abstract: Learn about how PCI works behind the scenes, PCI Proposed Changes for October, PCI Virtualization SIG Update, PCI and Cloud Services, New Guidance on Audio Recordings.
|
7:00 PM - 8:00 PM |
TBD |
8:30 PM - Midnight |
Whomp Truck DJ Crew
|
- Evening/Party
- Entertainment to be provided by the fabulously awesome Whomp Truck crew!!!
Sponsorships
Planners and Volunteers (Actively looking!!)
- Joe Bonnell (@jobobreck) - Organizer
- Peter Schawacker (@alchemyps) - Organizer
- Arun Gerra - Volunteer
- Kevin Burns - Volunteer
- Brian Keenan- Volunteer
- Jonas Pettersson- Volunteer
- David Matslofva- Volunteer
- John Hoopes - Volunteer
- Art Prince - Volunteer
Volunteers please plan on arriving on site at 8:15 for event debrief & coordination.
Participants:
If you are planning on attending, please add your name to the table below so we can get an accurate count for food/bevs.
First Name
|
Last Name |
Twitter/Email |
Friday |
Joe
|
Bonnell
|
@jobobreck |
Y |
Peter |
Schawacker |
@alchemyps |
Y |
Jonas
|
Pettersson
|
|
Y
|
David
|
Matslofva
|
|
Y
|
Arun |
Gerra |
|
Y |
Chris |
Morgan |
@tmcalain |
Y |
Alex |
T |
|
Y
|
Steve
|
Pordon (+1)
|
bsidesneutronstarorg (you know where the @ and . go)
|
Y
|
Greg
|
Martin (+1)
|
@gregcmartin
|
Y
|
Jamey
|
Heary
|
jheary @ appledreams.com
|
Y
|
Kevin
|
Burns
|
@soleblaze
|
Y
|
Dave
|
Herrald
|
@daveherrald
|
Y
|
Christopher |
Bischoff |
@cjbischoff/christopherjbischoff at gmail.com |
Y |
John
|
Hoopes (+3)
|
bsides at olympus.dyns.cx
|
Y
|
Dan
|
Howerton
|
@metacortex |
Y
|
Chris |
Triolo
|
|
Y
|
Erin |
Jacobs
|
@Secbarbie |
Y
|
Daniel
|
Molina
|
@DJMolina
|
Y
|
Tim
|
Skorick
|
|
Y
|
Joshua |
Gimer |
@jgimer |
Y |
Rachid
|
Chaoua
|
|
Y
|
Andy
|
Zmolek
|
@zmolek
|
Y
|
Davi
|
Ottenheimer
|
@daviottenheimer
|
Y
|
Brian
|
Keenan
|
|
Y
|
Anton
|
Rager
|
screw facetwitbook, [email protected] |
Y
|
Patrick |
Orz |
@shftleft |
Y |
Bill
|
Lemieux
|
gomez-at-owlhouse (put it here) org
|
Y
|
Matt
|
Yoder
|
@acr0nym
|
Y
|
Robb
|
Reck
|
@robbreck
|
Y
|
Travis
|
Good
|
what is twitter? I dont use a mac
|
Y
|
Chris
|
Jenkins
|
|
Y
|
Luke |
McOmie |
|
Y
|
Jm
|
Rallo
|
|
Y
|
Nick
|
Arnott
|
|
Y
|
Nick
|
Essner
|
|
Y
|
Mary
|
Karnes
|
@markar
|
Y
|
John
|
Jackson
|
johnj (U+0040) tno.org
|
Y
|
Todd |
Garrison |
|
Y |
John |
Marthe |
|
Y |
Jose
|
Santos
|
|
Y
|
Sean |
Clark
|
@SClark_Colorado
|
Y |
Carl
|
Nimbus
|
|
Y
|
Ryan
|
Jones
|
|
Y
|
David |
Willson |
[email protected] |
Y |
PJ
|
Torney |
|
Y
|
Isabella |
Skarbo |
|
Y |
Brandon
|
E
|
@hackinghebron
|
Y
|
Brian
|
Martin
|
@attritionorg / jericho[at]attrition.org
|
Y
|
Pete |
Rasmussen |
|
Y
|
Dave
|
G
|
@davesan
|
Y
|
Sergio
|
Laureano
|
|
Y
|
Fernando
|
Padilla
|
|
Y
|
Mat |
|
@wuntee |
Y |
Art
|
|
metabit at gmail
|
Y
|
Delchi
|
|
|
Y
|
J.D.
|
Falk
|
@jdfalk
|
Y
|
Cindy
|
Wallace
|
|
Y
|
Aaron |
Nichols |
@anichols |
Y |
Thomas
|
Falkowski
|
|
Y
|
Matt
|
Toth
|
|
Y
|
Greg |
Evans |
@LIGATT |
Y |
|
|
|
|
|
|
|
|
|
|
|
|
Task List
Obtain chairs/tables
Procure food, beer
Line up entertainment <--WHOMP TRUCK!! Wh00t!
Streaming equipment <-- Huge thanks to PJ Torney for steppin up!
Tech
Wifi- Courtesy of Jamey Heary
Projector, White Boards (Provided by Alchemy Security/venue)
Video recording equipment (Covered by PJ Tourney)
Audio (Provided by Alchemy Security/venue)
Streaming (PJ Tourney/UStream info to be provided prior to the con.)
Non-tech
Breakfast/Coffee- (Provided by SANS Institute)
Dinner (Provided by IOActive)
Beer- (Provided by Kasperksy Lab)
Tables and chairs, soft drinks, incidentals (Provided by Kasperksy Lab)
Entertainment- (Provided by Bandkitty.com)
Parking Info
Parking is limited directly in front of the facility. For those driving there are a number of parking options available north along Santa Fe, Kalamath (1 block west of SF), 1st, 2nd streets, and Inca (one block east of SF). Parking in unauthorized lots may result in being towed.
Public Transit
The closest RTD light rail station is 10th & Osage, an easy 20-minute walk away. You can also take RTD bus route 1 to Galapago & 2nd, then walk three blocks West to Santa Fe.
Local Hotel Info
The TownePlace Suites is approximately 1.2 miles from the con, and offer free shuttle service between the hotel and conference facility and currently listing a rate of $149 for the nights of June 17-18th.
Tags for flickr, delicious, ma.gnolia, technorati etc.
The hash tag to use is #BSidesDEN as in (http://bit.ly/BSidesDenver).
Comments (17)
Jerry said
at 7:57 am on Apr 26, 2010
Is there an offical BSIDESDEN Hotel?
jobo said
at 10:08 pm on Apr 27, 2010
Jerry- we'll look into it.
Steve Pordon said
at 7:07 am on May 10, 2010
I signed up for a talk, but I'm not sure how long a presentation I should prepare for. Is it safe to assume the one-hour blocks shown in the table above are accurate?
jobo said
at 11:19 pm on May 11, 2010
Great question Steve. Plan on a 45 min presentation, with a bit of room for Q&A and between talk breaks.
jobo said
at 11:04 am on May 12, 2010
An in-process lesson learned for future B-Sides event coordinators: While Eventbrite and other social media sites such as LinkedIn have some nice features to announce an event, both have limitations. In the case of Eventbrite the community is unable to see who has registered which is a bummer because some neat BSidesers have signed up that way. LinkedIn provides an easy way to track attendees, but doesn't support limiting the number of attendees (we've only got so much room available so attendance needs to be limited to no more than100 participants). So, until a new medium can be found to meet the objectives of both, we're requesting those that the 20+ folks who have signed up through Eventbrite and Linkedin to kick it old school and use the participants section found within the BSidesDenver page.
For those interested in presenting, we're still looking for speakers who have a passion for sharing innovating ideas about where our industry is headed and what challenges we'll face.
Now that date draws closer, expect to see more frequent info and forthcoming announcements re BSidesDen!
jobo said
at 1:30 pm on May 17, 2010
Big thanks to IOActive for sponsoring BBQ from the Breckenridge Brewery!
jamey heary said
at 10:26 am on May 26, 2010
I'd like to be added to the participants section, but it is not editable.
Can you add me Jamey Heary [email protected] ?
jobo said
at 3:50 pm on May 26, 2010
Folks- at the excellent recommendation of Nickerson, we're moving the event to the day prior, Friday, June 18th.
Jamey- done, and thanks for the offer of wifi gear!
A lot of folks have pinged us about presenting, please use the CFP page to post your abstract as we will be announcing speakers soon!
jobo said
at 8:01 pm on Jun 4, 2010
Big thanks to Kaspersky Lab for stepping up with a sponsorship to support BSides Denver!
Steve Pordon said
at 6:09 am on Jun 8, 2010
Do we know what type of equipment will be available to presenters? And are these going to be videotaped or should I bring my own camera?
jobo said
at 4:35 pm on Jun 11, 2010
Steve, presenters will have access to a projector/mic for the larger room. We're working on video solutions but if you or others can bring something, that'd be great.
Any volunteers for bringing/manning cameras for live streaming, PLEASE STAND UP!!
Steve Pordon said
at 9:05 pm on Jun 11, 2010
Thanks, jobo. I knew there would be a projector, but I was unclear on the type. Is this projector of the type that I can plug my laptop into, or did we get the ghetto overhead/transparency type? :)
jobo said
at 2:58 pm on Jun 12, 2010
Hey Steve, it's a standard DLP projector with both an hdmi and vga interface.
PJ Torney said
at 3:57 pm on Jun 12, 2010
I have video equipment to record the event and the capability to put it up on uStream. Let me know what you need.
Steve Pordon said
at 6:10 pm on Jun 12, 2010
Excellent, thanks.
jobo said
at 12:17 pm on Jun 16, 2010
Big thanks to SANS Institute for picking up coffee/bagels!!
Steve Pordon said
at 5:18 pm on Jun 20, 2010
Thanks for recording, PJ. Will the video be available anywhere? I missed the last two talks.
You don't have permission to comment on this page.