Recently I attended InfoSec Nashville and BSides Augusta.

InfoSec Nashville 2023

Despite calling Nashville home since 2016, I only recently attended my first ISSA InfoSec Nashville conference. My expectations were exceeded by the event, especially with the opening keynote delivered by Robert Herjavec from "Shark Tank." While I'm not a regular viewer of the show and was initially unfamiliar with Robert, his speech was captivating. As the owner of a security company, his journey from a war-torn country to Canada, and eventually to starring in a hit U.S. TV show, is nothing short of inspirational. He shared intriguing insights into the future of security, particularly the idea of eliminating tier 1, a concept I'm still mulling over since there will always be a need for an initial level of defense.

Unlike at most conferences, I attended several talks at this one. Besides the opening, I was present for the afternoon keynote and a few other sessions before delivering my own at the day's end. The afternoon keynote resonated with me deeply, advocating for the hiring of entry-level professionals. The industry's skewed focus on seeking senior-level experts, as evidenced by LinkedIn job postings and the concerning average security professional age of 35, signals an unsustainable top-heavy structure.

However, hiring at the entry level isn't a panacea. Management must prepare a structured plan for these newcomers. I've seen many organizations lack this foresight, opting for senior professionals in the hope of minimizing their need for involvement. That doesn’t mean all entry level people are the answer. Maintaining a balance is crucial since many young professionals seek mentorship, a dynamic hard to foster in an environment composed solely of entry-level individuals.

The sessions I attended were enlightening, one on vulnerability management at a healthcare company stood out. Having developed a similar program for a mid-sized business, it was fascinating to compare approaches and scales, particularly seeing a dedicated team in action as opposed to one juggling multiple responsibilities.

The conference was overall a rewarding experience. It provided opportunities to connect with a diverse group of professionals and rekindle ties with acquaintances around Nashville.

BSides Augusta

As alluded to earlier, my conference strategy usually involves a "HallwayCon" approach, prioritizing networking and learning through impromptu conversations. This tactic led me to attend just one planned talk, aside from my own, at BSides Augusta. This event is a highlight on my annual calendar, coinciding nicely with a family visit to Columbia, SC, after the proceedings. What sets it apart is not just its impressive scale—with pre-pandemic registrations hitting 1,200 and around 800 attendees this year—but its distinct blue team focus, a nod to Augusta, GA's status as home to the Army's Cyber Command.

At a past ISSA meetup, I was taken aback when I was told attendees included members from the NSA, CIA, and Cyber Command —a moment that made me suddenly conscious of the powered on phone in my pocket.

I was extremely satisfied with the reception of my talk, now available on YouTube. My final presentation of this presentation will be at misecCON next month, where I'll have a full hour—a luxury compared to the concise 20-25 minutes at Augusta. While, like any presenter, I appreciate more time, I also value the challenge of a shorter format. It compels me to condense my speech to only the most crucial points, and enhance the chance of my talk being accepted.

The conference was, as expected, impeccably organized, and I cherished the catch-ups and new connections made. I’m eagerly anticipating next year's gathering!

Edited with the help of ChatGPT

This blog post first appear on Exploring Information Security

I’ve gotten my last letter back on a submitted CFP. I will be speaking three more times this year before looking ahead to 2024. Here are the conferences I will be at for the rest of the year. The topic I’ll be speaking on is API security. I’ll put the abstract below.

Infosec Nashville 2023 - September 26-27 - First time for me. I’m excited to go to a local event.

BSides Augusta - October 7 - I’ve been going to this conference since 2014. This is one of my favorite yearly events to attend. Yes, it’s a bit out there but it’s one of the biggest BSides in the world. For those curious Army Cyber Command is located in the area. It’s a very blue team focused conference.

MISECCON - November 17 - MISEC is one of the most talented local user groups in the country. This is a rebirth of Detroit Convergence and BSides conferences post pandemic. This is another one of my favorite conferences.

Title: The Security Hitchhiker's Guide to API Security

Abstract: API security is so hot right now! Organizations don’t fully understand APIs, how to find them, and secure them. This can feel scary. Don’t Panic. Grab your towel and join me on a meme adventure to explore the API galaxy. We’ll cover the history of APIs. Why people now suddenly care about them and why they’re such a hot topic. We’ll go over some ways to identify APIs within an environment. We’ll cover how API security is different and how to start securing them. We’ll review the API security tooling landscape. Finally, we’ll review resources to get your towel wrapped around API security and answer the ultimate API questions.

This blog post first appear on Exploring Information Security