I'm baaaaaccccckkkkk!

Hello InfoSec world! I just wanted to let everyone know I will begin blogging again!

The Long Journey Back!
The first thing I want to blog about is a shout out to Johnny Long and his family. It looks like the Long's have come home after, what was it, 7 years in Uganda. Welcome home and I look forward to helping you here in the states. My family trip to Uganda and Kenya last year serves as a high point in my life. You were truly doing God's work and I am proud to say I could help!
Want more info, click here > http://www.hackersforcharity.org/

Derby! Derby! Derby!
I have been selected to speak at DerbyCon 6.0 "Recharge!" My talk this year is entitled "Hacking for Homeschoolers: STEM Projects for under $20." I am tentatively scheduled for Saturday at 3PM. Please drop in for a little bit of a Maker Faire, some cool toys, and learnin'.
Want more info on DerbyCon, click here https://www.derbycon.com/

P.S. Are you a person of faith? Do you have questions? Do you want to slow down and fellowship with fellow Christians during a hectic weekend conference? Don't forget about CrossCon at Derbycon!

PCI Community Meeting
I will be attending the 2016 North American PCI CM this September. The week of DerbyCon by the way. (Prayers needed now please). If you want me to ask any specific PCI questions, feel free to ask your question below or contact me directly by one of the means highlighted on the right frame.

The Main Event
Last month I went with several men from Immanuel Baptist Church to The Main Event in Nashville, TN. This was a blast! Not only did I get to fellowship with some of the men of my church, I got to meet and talk with men from all over America. There were guest speakers such as Tim Tebow, Nick Vujicic, TC Stallings, and Jonathan Evans. I particularly likes the speech by Jimmy Sites. He is a Christian adventurer/hunter/outdoorsman whose show, Spiritual Outdoor Adventures, can be seen online, on DirecTv channel 604, or on Dish channel 393.

Finally,
Vietnam! and Japan!
My family is in the midst of planning a trip to Japan and Vietnam for October. We will be gone of r2 weeks. The purpose of this trip is to allow my son Isaac to see the country of his birth and be a Christian witness to the world. This will not be a mission trip like last year's Uganda and Kenya trip. I will use this forum to blog about our travels. You can expect some security advice as well (after all, this is a Security Blog).

Bye for now!

The Ohio InfoSec Forum Anniversary Meeting

   The OISF is a small but passionate group of individuals that hosts an annual meeting at the Miami Valley Research Park in Dayton, Ohio. This is my second time going and, once again, I had fun. The size of the audience was relatively small and the level of presenters was rock star!
   This years line up included Ben Ten (@Ben0xA), Dave Kennedy (@HackingDave), Adrian Crenshaw (@irongeek_adc), Phil Grimes (@grap3_ap3), Dino Tsibouris and Mehmet Munur. You have to agree that is an excellent lineup!
   The price of this meeting is a whopping $10 entry fee and includes bagels and coffee for breakfast as well as pizza, drinks, and Oreo cookies for lunch. I highly recommend that you attend this meeting next year. If you are from the Dayton area, I recommend you stop bye on the 2nd Thursday of each month for their monthly meeting. More information can be found on their website. If you are on Twitter, their handle is @oisf. They are worth following.

    ***As always, thanks to Adrian for recording the talks. You rock! Check out the videos at irongeek.com.***

InfoSec Triple Crown 2014: It is Official

It appears that the InfoSec Triple Crown is on for another year.

Con	Location	Dates*	Website	Twitter
DerbyCon	Louisville, KY	26-28 September	https://www.derbycon.com	@DerbyCon
SkyDogCon	Nashville, TN	24-26 October	http://www.skydogcon.com	@SkyDogCon
Hack3rCon	Charleston, WV	14-16 November	http://hack3rcon.org	@hack3rcon

*Dates do not include any training that may be offered. Check websites periodically for this information.

See you there!

August: The Month of the Geek!

I am officially declaring the month of August as "The Month of the Geek!" Why? What other month has a series of conferences the likes of Black Hat, BSides Las Vegas, PasswordCon, and DEFCON within the first two weeks? Not only that, they are all co-located within 3 miles of each other! What?!?!

Here is a list of recommendations leading up to, during, and after this whirlwind of learning, hacking, and frivolity.

1. Read blogs/sites about the cons so you can get perspective. I recommend these blogs:

• The OCD Diaries by Bill Brenner (actually, the whole blog rocks)
• The Akamai blog by Bill Brenner (no man crush, just great info)
• The DEFCON Survival Manuel  

Take what these site tell you as a grain of salt. Remember that YOUR con experience is set by YOU.

2. Follow @HackBus on Twitter. HackBus is an event in itself. Watch as a band of merry men, and women, journey from the Bay area through California and on to greatness!

3. Follow @defconparties on Twitter. You going to Vegas on a budget? @defconparties can get you free food, drinks, and entertainment!

4. Go with a purpose and a plan. Try to stick to it. If you suffer from "shiny object syndrome" this week can be exhausting. Even if your plan sucks, it is easier to deviate from a plan than it is to make one up on the fly.

5. Attend the DEFCON Toxic BBQ. During my first DEFCON (17), I met and spoke with Cap'n Crunch. Are you kidding me? Just make sure you bring some meat, sides, drinks, or volunteer to cook.

6. Attend the DEFCON Shoot hosted by @deviantollam. This is a chance to throw some lead down range with like minded individuals. Full auto guns usually make an appearance and there could even be a cannon.

7. Meet and greet. This one was a hard one for me at first but it can be a game changer. DEFCON even has a badge contest that requires human contact. Some of the greatest minds in the world attend. Collaborate!

8. Make sure you attend BSides Las Vegas. What you will find is the same level of talks as Black Hat (better in my opinion) and DEFCON. You can hear talks from the newest vulns discovered to how to properly make an Old Fashioned. No prior signup needed this year. You get your badges at the door.

9. Sign up as a volunteer at one of the conferences. You give back to the community and feel great about yourself. Some of these cons even feed you. (Remember #3 and the budget thing?)

10. Hang out at the Lock Pick Village/ Wireless Village. Heck, a couple of years ago I was hanging out at the Wireless Village when they started a training session for the Technician Class Ham license. I listened to what they had to say, took the test the next day, and got certified. Last year I studied a little, asked some of the Elmers some questions, and passed the General Class test.

11. Stop by and say hello to the staff of Hackers for Charity. They will blow you mind. You will walk away knowing that hackers do great things in the world.

Good luck to all! I hope to see you there! I am easy to spot. I will be the short, overweight guy, with stubble and wearing a tee shirt.

CircleCityCon: A great new con with a big future

   

For those who have read my blog before, you know I have a passion for "local" cons. BSides Nashville, AIDE, Hack3rCon, SkyDogCon, DerbyCon...I like them all. Now there is one more to add to the list. The inaugural CircleCityCon was held this weekend in Indianapolis, IN. I feel honored that they allowed me to volunteer as an IronGeek video jockey and selected my daughter as a speaker. The organizers are familiar faces who I have seen at many other regional cons.
     The format of the con is the familiar setup of speaker halls (2x), high quality training (free), a CTF, lock pick village, and something new to me, a book exchange. The lineup of speakers was top notch and the training, I was told, was professional.
     Of special note was the feel of the con. It reminded me of DerbyCon. I did not witness any drunken stupidity or general d-baggery. I look forward to seeing everyone again next year.

Now...how do I get to GrrCon?

Here is the link to our presentation. (Thanks as usual Adrian!)

BSides Nashville: The wrap-up

Elvis is in the building!

     Yep, that happened. Not only did BSides Nashville have world class speakers, free ribs for lunch, and a healthy turnout of first time con-goers (round 70% said it was their first con), they had this guy! The only negative comment I have about the whole thing is that my work laptop - with my presentation - crashed. This didn't affect me too much since I had my presentation saved in multiple places and only had to recreate about an hour worth of work.

     If you want to watch my presentation, click here. As always, thanks to Adrian for donating his time and energy to recording the talks. Also, thanks to the organizers for allowing me to help Adrian. You should all volunteer at least once at a con. There is no easier way, to give back to the community.
 
Here are the things I messed up in my presentation that I want to call out:  
1. Totally butchered the meaning of Confidentiality. I got caught up in the moment.
2. I didn't come up with the tag line on the sticker.
3. The "small cons that don't mean anything" line was the result of my sending a CFP to a large, well known conference. They responded by my query by saying that line.
4. The $80 I spent for the RachelPi was raised by Emily.
5. Not EVERY presentation in the military has a Sun Tzu quote. Just the ones given by the rear echelon people.
6. I do know what a "belt and suspenders" DMZ is, I just haven't seen one in a while.
7. My buddy that calls people "business units" is from Spain so he doesn't have a mastery of English.

Thanks for your time and I hope to see you at Circle City Con in Indianapolis.

BSides Nashville: There is an app for that!

Looks like the founders of BSides Nashville have kicked it up a notch (again!). Today in the Twitterverse I noticed they were pushing an app that enables con-goers to carry their program on their cellphone. Check out the tweet:

After downloading the Eventjoy app I was able to see maps of the con, the speaker list, speaker bios, sponsor information, and notifications (as well as other things). The coolest thing about the app was the ability to build "My Agenda" from the "Schedule" menu with a simple click.

The app rocks and BSides Nashville should be commended on having the foresight to use it.

Which begs the question, why aren't more cons using these kind of tools to enhance the con experience?

B-Sides Nashville: Another excellent con (I'm sure)

     Another installment of B-Sides with a touch of Southern charm. From what I understand it came in as reason #26 in a recent top 25 reasons to visit Nashville. From all the chatter, it appears to be a reunion of sorts for the many of the people that attended SkyDogCon last year.
 
     This is the first con I have ever submitted a CFP to where I didn't get selected. Am I bitter. Heck NO! Not when you see a lineup of presenters like Jack Daniel, Paul Coggin, Rafal Los, Jason Street, and others. This first year con is STACKED! Add to this lineup a Metasploit class (only $300) by Georgia Weidman and you have what promises to be a great couple of days.

     If you can make it on May 17th, feel free to stop by and say "Hi." I have decided to volunteer for the video crew. If you have never met me, I will be the handsome but portly fellow behind one of the cameras.

     Feel free to check out their website http://www.bsidesnash.org/ It is one of the best B-Sides websites I have ever seen. Perhaps a bit of foreshadowing?

P.S. This blog was meant to post in April but didn't due to operator error. I decided to leave it intact but add an update. I was asked to present! Woo hoo! Make sure you come to my presentation: Sun Tzu was a punk! Confucius was an InfoSec rockstar!

AIDE 2014: Emily steps up her game!

     Are you going to be in the Huntington, WV area next week? If so, stop by the Appalachian Institute of Digital Evidence annual conference. What you will get is a week long training and presentation conference that only costs $60. This will be my 3rd time to attend and I am proud to say, my 2nd time selected to speak. This time I will be sharing the stage with my daughter Emily. We will be giving a first hand account of building and deploying a RachelPi educational computer to Kenya. In addition to this, we will give an update of our return trip.

     Check out the AIDE website at www.appyide.org What you will find is an organization dedicated to forensics, e-discovery, and Information Security.

     I hope to see you all there!

SkyDogCon 2013: Southern charm meets hackers/makers, then gets owned!

   
     I wrapped up my year of cons with the 2013 SkyDogCon. After attending last year for the first time, the decision to attend this year was a no brainer. This is perhaps the most unique collection of mini-events wrapped up into a con there is. Highlights include the typical: quality speakers, lock pick area, hardware hacking village, etc. In addition, there is a healthy smattering of the unique: a rocking electronic badge (includes a hardware hacking challenge), paid breakfast on Sunday morning, a Pirates vs. Ninjas Ball, a ham radio license exam, lego challenge, and others.

     I will begin the blog with a review of the Hotel Preston. This hotel is the model of "southern hospitality" with a twist of the unique, bordering eclectic . From the decor to the staff, this hotel sets itself apart. Think of a scaled down version of The Artisan Boutique Hotel in Las Vegas (former home of BSides Las Vegas) but not as dark. The artwork and decor is an experience in itself, the food is appropriately priced, and the rooms are clean and modern. My one complaint from last year was the speed of food delivery from the kitchen. This was remedied this year. No complaints from me.

 ****Note: If you are feeling lonely, ring the front desk and ask for a fish. Yes, you read that correctly. If you ask for one, the hotel will loan you a fish tank, complete with scenery and a fish. Then you won't feel weird since you can talk to something instead of yourself.****

   The second thing I will talk about is the relentless promotion of the con by its Core Team and Staff. I first learned of SkyDogCon from SkyDog himself, at DerbyCon. Yep you read that correctly. SkyDog was staff at DerbyCon in Louisville and was printing up gimmick badges from popular movies. The one from last year was a mock credit card with the "Triple Crown" challenge on the back. This was a call for all card carriers to attend not just SkyDogCon but DerbyCon and Hack3rCon (a.k.a. the trifecta of regional cons). I later discovered that SkyDog (who is also a Goon at DEFCON) was going to give out special promotional badges at DEFCON to anyone willing to promote the con. Sign me up! This level of detail for promoting his con, and the sister cons of the area, highlights his commitment to the industry as a whole! This year he and Mad Mex spent over 6 hours, during the party, printing up badges for anyone who wanted one.

     Third, we have the awesome lineup of speakers. There were 2 speaker tracks (Friday-Sunday) with 20 minute Lightening Talks (Thursday night). I was fortunate enough to be selected for both a Lightening Talk and a main track. The Lightening Talks format was a set of 20 slides that autoforward every 30 seconds. This was a challenge that forced me to work on my presentation skills. My Lightening Talk was entitled Defense-in-Depth: Fists, knife, gun and will be posted on my blog when they are uploaded. Unfortunately, with 2 main talks going on simultaneously, and the other speaker in my time slot being Deviant Ollam, I had a sparse audience. (Thanks to the 7 people who listened to my presentation NSA Wiretaps are Legal and Other Annoying Facts.) My favorite presentation of the weekend was Evan Booth's. He presented a very serious topic with wit, charm, and grace. Then he showed videos of himself totally destroying fruit. You have to see it. It will make your day as well as scare the heck out of you.

     Finally comes the piéce de résistance (i know, the accent mark on the first e is going the wrong way, but I can't make it work on my Mac).  SkyDogCon is known for its electronic badges. This year's badge does not disappoint. This badge, which has some hardware issues, is utilizing only about 5% of the functionality it was designed for. That 5% however will blow you away! It's simple design, coupled with the Parallax Propeller chipset, and brilliantly written code is a n00b hardware hacker's dream.

****Note: SkyDog announced that he will repair the badge himself if you bring it to one of the future cons he will be at. Anyone up for a quick trip to Atlanta for Outerz0ne? I'll drive if you pick up the room!****

Schematics and badge hacking tips will be posted on the website shortly.


     So, if you feel that you want to know more, visit the website. Don't forget to sign up for the mailing list and follow them on Twitter.

Website: www.skydogcon.com
Twitter: @skydogcon

I hope you enjoyed this blog entry and I hope to see you next year.

P.S. If you sign up for a ticket early, you get "Early Bird" status and this results in upgrades to your badge!

Hack3rCon^4: Eye of the Storm

     What do you get when you mix Information Security, prepping, and technology with mountains, makers, and moonshine? Hack3rCon! I was fortunate enough to both attend and speak/teach at Hak3rCon^4 this year. This is my second time to attend Hack3rCon and I was not disappointed. For the meager price of $75 the attendee will be privy to cutting edge tools, "A" list presenters, and fellowship.



     This year's con began on Friday with a community driven class on the installation and use of the new Kali Linux BackTrack load. This class introduced the novice to the tool. The relaxed setting and knowledge of the instructor set the tone for the weekend. Students learned that installing and setting up Kali is easier than earlier versions and is not as frustrating for noobies. Friday ended with an @HackerFamilyDinner at a local steakhouse.
     Saturday began with Dave Kennedy as the keynote. As always, Dave captivated the audience with his simple way of communicating the holes in security "best practice." After all, just because the masses are doing it, doesn't mean that it is best. He wrapped his presentation by performing a quick demo of his new tool [working title: Pentesting Framework]. This was promptly followed by a series of outstanding presentations that ran until 5PM. After a short break for dinner, 304 Geeks treated everyone to a gun safety class (something you never see at a conference).
   The conference wrapped up on Sunday with another lineup of great talks, the wrap-up of the CTF, and several raffle drawings. People said their goodbyes and, as usual, teams were formed to tackle some hard infosec problems.
    My thoughts of this conference are all positive. The small size, usually around 100 people, coupled with the low price for a ticket and the caliber of the presentations makes this one of my favorite cons. I look forward to attending next year.

As always, videos for this con can be found at irongeek.com. Thanks Adrian!

I would also like to thank the rocking sponsors for making this con possible. This is the first time I have thanked sponsors on my blog. This should tell you something about the level of support.

Hack3rCon^4: Handgun Safety Course

     For those of you that attended my handgun safety course, and are wanting to file for your license in West Virginia or Virginia, you will be required to present a copy of my NRA Instructor credentials in addition to the affidavit. Please go here to download my credentials. NRA Card 

Hack3rCon^4: Notes and slide deck "NSA wiretaps are legal and other annoying facts"

I have had several people request my slide deck from Hack3rCon^4. Because of bandwidth and email issues, I have uploaded it and my notes here. Dropbox

The video of my presentation can be found on IronGeek's site.

Have fun and don't forget to speak with your elected officials often!

*****Note: I got a couple of things wrong in my presentation.
1) The coauthor of the 2nd Amendment that I was referring to is George Mason. Some really good quotes on the 2nd Amendment can be found here and here. Before discussing what the founders "intended," read what they actually said!
2) I eluded to the 17th Amendment as a joke but got the timeframe wrong. The 17th amendment forced States to hold direct elections for Senators in 1913. Prior to this, some States still allowed  Senators to be appointed by those State's governors. This intent of the 17th Amendment was to stop the corruption of Senators at the State level. This worked! However, Senators are now corrupted at the national level.

What are you doing in May? I'm going to another BSides!

     BSides is one of the greatest ideas I have seen in a while. Its stated goal is to be a "community-driven framework for building events for and by information security community members." That leads me to the next BSides I will be attending. On May 17, 2014, the Ezell Center at Lipscomb University will play host to BSides Nashville.
     Looking at the list of organizers/volunteers, I can tell you this should be a quality event. This coupled with the location and the keynote speaker already slated to present is money baby!
     I had the opportunity to hear Brett Wahlin, the CISO of HP, speak (you still haven't accepted my invite on LinkedIn by the way). He came to the University of Kentucky HealthCare and helped to educate our IT staff on the importance of protecting the confidentiality, integrity, and availability of our strategic asset, data, without resorting to FUD. This is something very few people can accomplish. FUD usually creeps into the conversation in some way.
     Looks like I will need to start a new research project so I can have something new for the CFP (happening now by the way). See you there!

Make sure you check out the websites and follow them on Twitter for updates.
BSides Nashville website: http://www.bsidesnash.org
Security BSides website: http://www.securitybsides.com/w/page/67993467/BSidesNash2014

Twitter handle: @bsidesnash
Twitter tag: #BsidesNash

As always, feel free to comment.

   

Louisville Metro InfoSec Conference

     A small conference, in a big city. This year I attended the Louisville Metro InfoSec Conference. This is my third time to attend and will not be my last. The quality of presentations is always great and the small number of attendees give the con an intimate feel. This year, the highlights for me were the second keynote speech by David Kennedy (Burn it Down! Rebuilding and Information Security Program), the presentation by Adrian Crenshaw (Information Security in University Campus and Open Environments), and the lock pick area run by Kyle Stone.
     What can I say about Dave's speech. As usual, it was very entertaining. Start with a gut check, add a liberal dose of humor, and end with 5 key steps that will help any organization improve their business. Yes, I did say, improve your business. After all, no one wants to start a business to meet compliance. They want to make money. Watch Dave's presentation for more information.
     Adrian had a very interesting presentation. He helped the audience understand how an average college co-ed could wreak havoc on the open networks at universities. After all, most university administrators actually believe that creativity is stifled if you even attempt to secure your environment. He also highlighted the means by which IT and InfoSec can counter these "hackers." The presentation is heavy with links to tools but I recommend it since the tools are worth it.
     Finally, the lock pick village was the break I needed from the typical con burnout. There are few things better than picking up a couple of small pieces of metal and opening those wafer locks!
   

As always, the videos can be found on www.irongeek.com.

DerbyCon 3.0 is over, CPEs logged, It's a wrap!

   
     I have just logged my CPEs so it must be over. Another DerbyCon has come and gone. Friends were reunited for a flash and life will be returning to normal soon. I always write something about the cons I attend and this is no different. Well, maybe it is a little different.
     You see, this year's DerbyCon was completely different for me. After helping Adrian Crenshaw (Irongeek) with video at BSides Las Vegas, I offered my services again. This time, my reasons were less selfish. (After all, I was late to the game for BSides and couldn't get a ticket unless I volunteered). This time, my purpose was to give back. The crew of DerbyCon have each helped me in some way or another in the past 3 years so I felt the call. They are not aware of how they have helped so here it is:

1. DerbyCon has put me in touch with a new crop of people who have similar experiences in IT/Security burnout.
2. I have been able to talk to industry leaders and determine my future Information Security roadmap/career.
3. The quality of my work has increased due to me having a core of colleagues that I can bounce ideas off of.
4. I just enjoy talking to people again...

I tried not to bore you guys with a recap of the briefings I sat through. After all, you can just check those out at the irongeek.com website. Thanks for taking time to read my blog and, as always, feel free to comment.

And again, thanks for putting on a great "family" style conference. See you next year (I'll be the guy in the Staff t-shirt and the hip toy).

DerbyCon 3.0 - All in the Family

Welcome to DerbyCon 3.0 – “All in The Family”.

     It is that time of the year again. Every September (for the past 3 years anyway) InfoSec professionals, hackers, and the 3l33t descend on Louisville, KY for a week of technical training, presentations, and more importantly hallway con. I am looking forward to catching up with friends and making new ones. If you are going, feel free to hit me up. You can contact me on Twitter at @cowboysfaninky or email at bwmgwm1@gmail.com. I can't wait to see you there!  

Hack3rCon^4 - Eye of the Storm

Drum roll please!!!

I have been selected to present at Hack3rCon^4. This will be my second time presenting at what is one of my favorite cons. What is the topic you ask?

NSA wiretaps are legal and other annoying facts

I debated whether I wanted to display my outline here but, to be honest, my presentation grows with every day of research.

As usual, I will write a blog post about the con and will provide a link to the video provided by IronGeek.

DEFCON Shoot (Two days I never should have missed)

   

To sum it up...♫ I did a bad bad thing ♫ You see, while volunteering at BSides Las Vegas, I decided not to go the DEFCON shoot. After all, I didn't have a car, I didn't know anyone, and I was having a good time at the Tuscany. Now that I am home and the con craze is over, I realized I should have gone anyway. Here are the top 10 reasons why:

(Drum roll please!)

1. What better way is there to exercise your 2nd Amendment rights than to throw some lead down range!
2. Having no car is not an excuse! The DEFCON Forums include a shoot thread where details of the carpool are discussed.
3. The BSides staff had a shuttle bus that ran to the Rio multiple times a day.
4. Registration for the shoot is easy.
5. The price is right. $20 at the door. Cheaper if you register early and get one of the discounts.
6. You get to spend time with some really great people. Deviant Ollam (of DEFCON17 "Packing & Friendly Skies" fame) for one.
7. A bad day on the range is still a great day!
8. The smell of gunpowder is exhilarating!
9. Transfer of knowledge. I have been shooting for 30+ years and am still learning.
10. The chance to shoot guns that you haven't shot before. I have access to quite an extensive collection but there are still guns haven't shot. Friendly shooters will let you shoot their guns.

(Crash of the cymbals!)

     To correct my transgressions, I reached out to Deviant and volunteered for the DEFCON22 Shoot. After all, the top reason for me becoming a certified NRA Pistol Instructor and Range Safety Officer was to promote the shooting sports in a positive and safe manner.

     I encourage you head out to the DEFCON forums and the Unofficial DEFCON Shoot Page for more information. I hope to see you next year and remember to shoot safe, shoot accurately, and defend your 2nd Amendment rights!

The BSides that started it all

This year I was fortunate enough to attend Security BSides Las Vegas. Security BSides spawned from the inability of Black Hat USA to include all of the worthy presentations in their lineup in 2009. This shortcoming resulted in one of the best InfoSec conferences in the nation.

     The first thing that I noticed was that the venue changed from the Artisan to the Tuscany Suites and Casino. I liked the unique atmosphere of the Artisan but felt cramped (this from a former Navy submariner). The Tuscany suites were nice and spacious, cheap, and clean. In addition, the hotel staff were friendly.
     Because I arrived the morning before the conference, I decided to take a stroll around the facilities. This is something that I learned in the military. Always know where you need to go, how to get there, and develop a sense of situational awareness. While doing so, I stumbled across the main meeting room for the con. There were many volunteers rushing around putting the finishing touches on the meeting rooms. Because I like to meet new people and felt the need to pitch in, I asked where I could help. Over 2 hours later, after folding what seemed like thousands of t-shirts, I managed to meet many new friends. Exhausted from the days travels, I turned in.

     The morning of July 31st, I woke early and returned to the conference area to check in and badge up. The abilities of the volunteer staff was evident as the line constantly flowed and I got my volunteer badge and complimentary sling bag in no time. In addition, a random staff member handed me a social engineering badge and explained that I was now part of the Social Engineering Capture the Flag. Fun! I quickly found Irongeek since I was volunteering to be one of his video monkeys (he used a different name for me).

   
      What I experienced next was pure joy and

excitement. I was witness to 2 full days of information security, computer hacking, and life enrichment/self help. I only attended 2 presentations out of 16 that I didn't absolutely enjoy. These 2 just weren't to my liking (personally, not professionally). The con staff did an excellent job at selecting presentations/presenters. Every presenter was personable and stayed to ask questions after their talks (something that doesn't always happen at other cons).
     Some of the presentations I attended were:

• Christien Rioux: "The Security Industry - How to Survice Becoming Management" (KEYNOTE)
• Jimmy Shah, David Shaw, and Matt Dewitt: "Discovering Dark Matter: Towards Better Android Malware Heuristics"
• Jay "Rad" Radcliffe: "Mom! I Broke My Insulin Pump...Again!"
• Evan Davidson and Noah Schiffman: "Dungeons & Dragons, Siege Warfare, and Fantasy Defense in Depth"
• Jack Daniel: "The Erudite Inebriate's Guide to Life, Liberty, and the Pursuit of Happiness"
• Nicholas J. Percoco and Joshua Corman: "The Calvary Isn't Coming: Starting the Revolution to FSCK it All!"
• Steve Werby: "Crunching the Top 10,000 Websites' Password Policies and Controls"

     So, I have rambled on as usual. I will now cut to the chase. Here are the takeaways from my BSides Las Vegas 2013 trip:

Pros

1. The new venue (Tuscany) was open and airy with plenty of space
2. There were 6 distinct tracks (double last year): breaking ground, common ground, proving ground, underground, lightning talks, and training ground
3. The staff were approachable, helpful, and cared about their product
4. The volunteers did a great job
5. The price was right - FREE!
6. The talks were informative and high quality (new presenters were assigned mentors)
7. There were free shuttles to the other cons (Black Hat and DEFCON)

Cons

1. I didn't get my free drink coupons upon checkin (remedied quickly when I notified the staff)
2. There are not many budget restaurants within walking distance (the midnight Steak and Egg special in the hotel was only $5.99)

More information on BSides Las Vegas can be found at www.bsideslv.org and www.securitybsides.com.

***BSides Las Vegas presentations (and many others) can be watched for free on the website irongeek.com.