Security Speaks: Breaking Through at BSides

Last summer, we celebrated BSides as a growing and well respected institution in the field of information security. Each BSides event emphasizes interaction between speakers and topics, a focus which makes for a uniquely collaborative atmosphere among security professionals.In this type of setting, each event’s organizers are more than happy to work with lesser known researchers and help them present on topics about which they are passionate. Such speaking engagements may help researchers find their “voice” in infosec, an awakening which can spark a long speaking career that in time comes to encompass Black Hat, DEF CON, and some of the other bigger names in the security conference circuit.We at The State of Security are honored to know seven security experts who in part found their voice at BSides. Here are their stories.Cheryl Biswas | InfoSec I.T. Coordinator at JIG Technologies

cheryl biswas

My first BSides was at the Hacker Summer Camp: BSides Las Vegas. Encouraged by my friends, I chucked self-doubt aside and sent in a last-minute submission to BSidesLV. The event’s organizers offered eager newbies like me the chance to speak and to be mentored through their fantastic Proving Ground track.As it turned out, my first submission became my first talk. I remember receiving the acceptance email on a Friday night and falling off the sofa when I read, ‘Yes.’ What an exciting evening! To my surprise, my BSides experience got even better from there.After accepting my talk, the event’s organizers paired me with an experienced mentor who has since grown to become a good friend and resource. He freely shared his time and insights with me in the weeks leading up to the event. Together, we had a lot of fun crafting a talk that was better than I could have ever hoped for. All I needed was confidence, which he helped me grow through several rehearsals of my presentation.Then the conference arrived. I’ll always remember the absolute thrill of being at that podium with my slides displayed on the screen behind me. I actually had the opportunity to share something I cared very much about with people I respected!It’s true what they say: you never forget your first.Hudson Harris | Chief Privacy Officer at a software design companyhudson harris

hudson harris

The very first BSides event where I spoke was in San Francisco. I had given talks at events for other industries before then, but I had never done so at a conference dedicated to security and privacy. The event started as many often do. Busy rooms, too many good talks, and too little time. But I will always remember BSides San Francisco.As I was getting up on stage to talk, the emcee made the announcement that the doughnut truck was outside. Predictably, the room largely emptied, but to the credit of BSides and the integrity of those who attended the event, it immediately filled back up with people interested in what I had to say. Many of them ultimately asked me pointed questions about my presentation afterwards, as well.Looking back on my speaking career thus far, I can definitively say that the BSides event was one of the best when it came to collaborative engagement. Throughout my talk and after it, people asked questions that were thoughtful and drove towards privacy, an issue that is near and dear to me. Even to this day, I still communicate with people I met at that conference, and I’m happy to say that continue to cultivate those relationships.Zoë Rose | Cyber Security Analystzoe rose

zoe rose

Last year, I had the privilege to speak at BSides Winnipeg, the first formal conference where I presented on a personal project. (Usually, I do more mentorship conferences.)As I was presenting my personal project, it was a bit intimidating! However, the event’s friendly atmosphere and range of skilled professionals helped me along each step of the speaking process.One thing that helped me during the CFP (call for papers) was the fact that I only needed to submit an abstract on what I believed I was going to present, not a finalized project. After being accepted, I was asked to update the abstract.During the conference itself, I was also pleased by the number of people who attended my talk. I had approximately 100 audience members, which felt like a good-sized audience. Not too large that I was terrified, but still big enough that I had the opportunity to answer a variety of questions.The benefit of speaking at a conference that many people might not immediately realize is that if your talk is recorded, you can then direct others to your work later on. As a result, you can use the exposure you received at a conference to build an online presence, which I myself leveraged to make connections and find mentors around the world. Being a mentor myself, I always recommend professionals build a ‘personal brand.’ Your brand is how you are perceived publicly before any you have the chance to make any introductions. As this can help or hinder your career, it is very important that you develop the image you want to portray early on.After speaking at BSides Winnipeg, I feel only more motivated to pursue additional projects. I cannot wait to speak at the next conference!Craig Young | Computer Security Researcher at Tripwire VERTCraigYoung


The first BSides I attended was BSides San Francisco 2013. This was also my first time submitting to a CFP. I had uncovered a technique by which Android malware could effectively get around 2-step verification to take control of a victim’s account. Google at the time indicated that this was a design consideration that was needed to maintain legacy support, and I felt strongly that others should be made aware of this attack vector.The CFP included a public vote as part of the selection process, during which I observed that there were many more paper submissions than speaking slots. With that in mind, I was honored when my talk ‘Google-Jacking: A Review of Google 2-Step Authentication’ was selected.After many weeks of preparing slides, practicing my demo, and rehearsing my presentation, I felt ready to present. I was very excited for the opportunity and of course a little nervous about it at the same time. When it was my turn to speak, I was delighted to see that it was standing room only. I went up on stage, connected to the projector, and was horrified to see that my screen was tinted blue! After a few minutes of swapping out cables, changing projector settings, and trying not to swear too loudly, I decided to adapt and get on with it. In the end, the presentation went well, and I even got a few laughs. Although Google had already begun deploying a fix for the vulnerability, I was lucky enough to have a successful live demo.After this great experience at BSidesSF, I was encouraged to continue researching things of interest to me and to submit papers to various conferences. Since then, I have shared my research in four different countries on three continents at 10 different security conferences. But I will still never forget that first time presenting at BSidesSF.Travis Smith | Senior Security Researcher at Tripwiretravis


As a previous attendee of BSides, I can expect high quality talks that both meet my technical expectations demands and that are relevant to my everyday life.When I completed research on my Raspberry PI project, I generated quite a bit of interest from friends and colleagues in the security world, the majority of whom wanted more information on how they could build one of their own. I figured others in the industry would have interest in the technologies as well, so I figured BSides would be the best fit to publicly present on the research I had completed.The CFP (call for papers) process was as simple as providing a description of what my talk would be about. Thankfully, BSides approved of my research and invited me to speak at the San Francisco event in 2016. Unlike other security conferences, BSides was very hands off with preparing for the talk. There were no deadlines for slides, no templates to convert, and no pre-how meetings to discuss logistics of the conference. This allowed me to spend more time enhancing the content I would ultimately deliver to the event’s attendees.The talk itself was a great experience. The attendees were engaged and attentive throughout, and many of them asked a lot of thought-provoking questions afterwards.Gabriel Ryan | Pentester, CTF Player, and Offsec R&Dgabriel ryan

gabriel ryan

I remember one BSides event in particular where in addition to giving a talk on wireless security, I was on the Red Team for the Joes vs. Pros CTF. There were about nine people on my team, all of whom had decades more experience than me. Even so, they were all approachable, enthusiastic to answer questions and demonstrate cool stuff, and genuinely accepting of what I was able to contribute. I learned a lot, and I felt right at home.This kind of dynamic is pretty consistent with what you’ll find at BSides. For a 400+ person event, BSides manages to feel incredibly welcoming. The sense of community is very strong and is felt among first-time attendees all the way up to the event organizers. It feels more like a tribal gathering than a professional conference. These vibes somehow make the massive gathering of people seem much smaller and intimate.richard de vere

richard de vere

Richard De Vere | Principal Consultant for the AntiSocial Engineer Ltd.Since speaking at last year’s Rookie track session, I have used my BSides ‘test run’ experience to hone my message and share it with a number of different audiences.I can only hope that BSides provides the opportunities of which I availed myself last year to newer folk in the industry this year  and continues to be a thriving grass roots event.ConclusionBSides represents the best of security insofar as it encourages collaboration among security professionals among all different types of skill sets.Check out this visual recap of some of the most interesting talks presented recently at BSides San Francisco 2016. A special thanks to SunShine BenBelkacem for lending her talents to create these amazing graphic recordings.

Leave a Reply