Chaordic Mind

I’m up late doing some last minute planning for BSidesBay, a community organized security unconference happening at the HackerDojo in Mountain View, CA on 12/12.  I’m rather excited about meeting new people, old friends, and experiencing the birth of a new event.  This is truly a first for many of us and I hope it’s just as exciting for all in attendance.

Before we begin here are some useful links and references:

• Twitter: @SecurityBSides
• UStream channel
• Hashtag: #BSidesBay

BSidesLasVegas

This will be my first Security B-Sides event, though the second to occur.  The first was BSidesLasVegas that exploded on the scene earlier this year.  Ok, perhaps exploded is a little strong as it was off the main LV strip with a location only disclosed the day of the event.  Still, about 100 people come to this free hacker event which was covered by several media outlets including ZDNet, Dark Reading, Hacker News Network, and many other blogs.

Created in a little under three weeks lead time, a few key people hosted and put on an event that rocked the concept of conferences all together.  Jack Daniel, Chris Nickerson, and Jeff Espinoza worked hard to maintain this train on track during the 2+ days that it ran.

Those in attendance enjoyed a 10,000 sq ft house, pool, free vending machine (hacked of course), awesome presentations, and for once an opportunity to meet and mingle with the presenters and attendees alike.  This event happened in parallel with NeighborCon, a group of hardware hackers lead buy Travis Goodspeed, famous for the GoodFET chip, and Jeff Espinoza.

BSidesBay

A number of things came out of the first event, none the least of which was the desire to spread the unconference love and host more organic, locally grown events.

Allison Miller organized BSidesBay by tasking out roles and responsibilities to others, in true chaordic form.  First the venue, then the food, supplies, presenters, attendees.

• Ally organized and procured the HackerDojo event space and several speakers & will be MC’ing the event
• Trey Ford stepped in with his Big Green Egg to cook the food & moderate a panel
• Quinton Jones leveraged McAfee as a sponsor of the food
• Ryan Russell leveraged BigFix as a sponsor of the office supplies
• Casey Greene of the HackerDojo helped coordinate the event location
• Jennifer Leggio helped organize panelists and media conversation
• 40+ participants joined in for collaborative conversation

All of these events use the PBWorks wiki site that enables community participation.  If you want to attend the event you do not call up an event planner or subscribe to a mailing list, you simply edit the event page add yourself!

BSidesBay has already been written up in ZDNet to promote the conversation of security and risk in open platforms.  This event follows the barcamp style format in which there will be 2-keynote panels in the morning and collaborative, chaordic breakout sessions in the afternoon.

The morning panels will include:

• “OWASP & WASC: Impacts on web application security automation”
  • Robert Auger, Staff Information Security Engineer, PayPal
  • Jeremiah Grossman, CTO, WhiteHat Security
  • Brett Hardin, Manager of SMB, Qualys
  • Trey Ford, Manager of SaaS, McAfee (moderator)
• “Keeping Users Secure on Open Platforms”
  • John Adams, Operations Engineer, Twitter
  • Ryan Seu, Security Engineer/Incident Management, Facebook
  • Jeff Wu, Security Project Manager, Facebook
  • Andy Steingruebl, Manager, Secure Development, PayPal

The afternoon panels will include breakout sessions in the following format:

1. People will check out the session wall creating in the morning and gravitate to the Topic Areas they are most interested in.
2. The Topic Area groups will discuss, illustrate, brainstorm, and debate on the area of interest for an hour.
3. Larger group will reconvene to share highlights from their Topic Area.
4. If <5pm, then go to i. Else, wrap up sessions.

If that was not enough, there will be Rock Band available to attendees after the event at the HackerDojo.  We plan to project the screen on a wall and see who can rock out to the Beetles the best.  Come and sing your heart out!

One of my favorite rules to live by is that “nothing is impossible, the impossible just takes longer.”  This is a short story about how the underdogs leveraged their collective to create something much greater than the sum of their individual parts.  Security B-Sides was born out of a realization that all physical events are bound by two most structured rules, that of space and time.

No we are not talking about physics but the simple fact that regardless of the number of smart people in the world all physical events will only have enough physical room for X number of people across Y amount of time.  For many conferences this means physical walls constraining the number of presenters and attendees across a time period of a few days.  Thus a problem arises:  The scarcity of those limited seats increases in proportion to the interest in them.

The Internet is a natural solution with sites like BrightTALK hosting virtual conferences.  Online you are not limited by space and time with every piece of information now accessible any time of day to (virtually) anyone on the planet.  Don’t get me wrong, I’m a huge advocate of social networking but I equally believe that in the absence of physical networking the online social world is little more than high-speed news flashes.  The ghost of the machine is the physical flesh and bone behind them.

Why Security B-Sides?

Security B-Sides is the first do-it-yourself (DIY), grass-roots, open security conference in the world.  B-Sides does to physical events what the Internet did to TV and radio — it expands the spectrum of conversation and gives voice to those further down the long tail.  These events are by security professionals and for security professionals.  It works like this:

1. Not many people have the experience to organize and host a conference.  In addition most events cost money and lots of it.
2. Oh sure, we could do it all for you but where would the fun be in that?
3. Instead of creating an event, we’ve created the infrastructure, tools, and documents, basically conference-in-a-box.  We are lowering the barrier to entry for anyone to create their own local event.
4. And let’s make it free, open to everyone, and publish all the details about how we did it online.

Yeah, that sounds a whole lot better.  Sounds easy huh?  Only by working together can we make the impossible easy.  Only through collaborative, chaordic design do we find order in chaos.  I greatly appreciate the following quote by Dee Hock, Founder and Chairman Emeritus, Visa Inc.

“It is no failure to fall short of realizing all that we might dream.

The failure is to fall short of dreaming all that we might realize”

Birth of a New Machine

I believe that small unconferences are the natural expansion of all events and have been for quite some time.  After the exclusive FOO Camp (Friends Of O’Reilly) a small collective used PBWorks to launch the Barcamp movement.  These small, 1-day events expand the level of physical interaction.  They are more than stuffy sales pitches but typically driven entirely by the geeks that love them.

It is by volunteers alone that these events occur, as people come together to create a day long shrine to knowledge and innovation.  Most recently ZACon, in South Africa,  launched with a great volume of speakers.  Most of the speakers and attendees helped organize the event in one way or another.  They published video recordings of all the talks along with their presentation materials online for free.

The geeks rise again as BSidesBay launches next Saturday (12/12) at HackerDojo in Mountain View, CA.  This event is a tribute to the DIY culture that exists in Silicon Valley and around the world.  Here’s how it works:

• How do I register? Add yourself to the list.
• How do I suggest topics? Add them to the list.
• What materials will be discussed? Check the list and bring your own ideas to share.
• Can I get a list of attendees? For sure, it’s all open and online.
• Will my friends be there? Only if you bring them or they forget to bring you.

Can events like this really work?  They can and do work very well.  Check it out and let us know what you think.

This is only the first of many Security B-Sides events.  Check out the main page and look follow information via twitter or the mailing list (low volume).