Category: Security

Categories
Conferences Security Tampa Bay What I’m Up To

BSides St. Pete IT Security Conference: Saturday, September 16!

This year’s edition of BSides St. Pete — the second BSides event to be held therehappens this Saturday, September 16 at St. Pete College, Seminole Campus, and you can still buy one of the 98 remaining (at the time of writing) “no swag” tickets if you register now! They’re a mere $20.

Want a “feel” for what a BSides event is like? Check out my writeup of BSides Tampa from April!

BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content. In 2009, when the Black Hat conference in Las Vegas received way more presentation submissions than they could take on, the rejected presenters (who still had very could presentations; there just wasn’t enough capacity for them) banded together and made their own “b-side” conference that ran in parallel with Black Hat. From that event came BSides.

BSides conferences are community events, and unlike a lot of tech conferences, they’re inexpensive. As I wrote earlier, the remaining “no swag” tickets — which unfortunately don’t come with swag but still get you in the door — sell for a mere $20.

BSides Tampa took place back in April, and it was a great event — you can check out my writeup to get a feel for it.

BSides St. Pete is just one of the events in the Tampa Bay tech scene’s September to Remember!

I’ve already got my ticket for BSides St. Pete, and if you’re interested in diving deeper into security, you should too!

Register for BSides St. Pete 2023 here!

Categories
Artificial Intelligence Current Events Meetups Programming Security Tampa Bay

Tampa Bay’s tech scene is having a September to Remember!

September starts this week, and each week in this new month has its own big Tampa Bay tech event, with new opportunities to learn, network, make friends, and take part in “The Other Bay Area’s” tech scene!

These events, which are covered in more detail below, are:

EventQuick summaryWhen and where
SocialCode x TampaAn evening of AI (3 short talks and a panel discussion) and networking in a swanky Hyde Park venue.Thursday, Sept. 7
Hyde House
BSides St. PeteDeep cybersecurity knowledge will abound, with a full Friday of training sessions and a full Saturday devoted to a Black Hat-style conference.Friday/Saturday Sept. 15 – 16
St. Petersburg College’s Seminole Campus
DevOpsDays Tampa BayA full-day conference dedicated to DevOps (“Dev” as in “software development,” “Ops” and in “IT operations”) in Tampa’s best conference venue.Thursday, September 21
Armature Works
Navigating Your Tech JourneyAn evening of tech career guidance (keynote and panel discussion) and networking at Tampa Bay’s premier tech gathering space.Tuesday, September 26
Embarc Collective

SocialCode x Tampa (Thursday, September 7)

The SocialCode is the name for events that tech recruiter Oscar Technology hold worldwide, and they’re holding one in Tampa on Thursday, September 7th!

The event:The SocialCode x Tampa
TL;DR:An evening of AI (3 short talks and a panel discussion) and networking in a swanky Hyde Park venue.
Recommended if you’re:• Interested in AI (that’s the speaker and panel topic)
• Looking for tech work (because it’s sponsored and run by a tech recruiting company)
• Looking for a fancier event (it’s in Hyde Park)
When:Thursday, September 7, 2023
5:30 – 8:00 p.m.
Where:Hyde House Public Studio
1646 W Snow Avenue, Tampa FL
How much:Free!
Where to register:The SocialCode x Tampa’s Eventbrite page

This event, The SocialCode x Tampa, will focus on AI and feature these speakers:

  • Craig Bosco, Data Scientist at Gale Healthcare, who’ll talk about how predictive analytics can play a part in healthcare staffing, the role of AI in automation and operational excellence, and how different types of AI can be used to augment the skills of a limited workforce.
  • James Gress, Generative AI Director at Accenture, who’ll talk about how various organizations are harnessing the power of generative AI to drive innovation in their products and enhance operational efficiency, and how we can use multiple technologies across the entire software delivery lifecycle.
  • Yours Truly, Joey deVilla, Senior Developer Advocate at Okta, who’ll talk about two different approaches to human/AI synergy — “centaur” (human head/non-human body) and “minotaur” (non-human head/human body) — and how to get on the right side of this equation.

This event is free to attend — register here!

BSides St. Pete 2023 (Friday/Saturday Sept 15 – 16)

BSides is the name of a series of cybersecurity conferences that grew from the “overflow presentation” at Black Hat and are now their own thing! The St. Pete edition happens on the weekend of September 15th and 16th, with the training sessions on the 15th and the conference proper on the 16th!

The event:BSides St. Pete
TL;DR:Deep cybersecurity knowledge will abound, with a full Friday of training sessions and a full Saturday devoted to a Black Hat-style conference.
Recommended if you’re:• Interested in cybersecurity and infosec (that’s what this conference is all about)
• Looking for cybersecurity and infosec work (there’ll be lots of people from security companies there, and some of them will be recruiting)
• “Homesick” for Black Hat and/or DEFCON or didn’t get to go this year
• On a budget and want to get the most hardcore conference bang for your buck
When:• Training sessions on Friday, September 15,
10:00 a.m. – 3:00 p.m.
• Conference day on Saturday, September 16,
8:30 a.m. – 4:00 p.m.
Where:St. Petersburg College – Seminole Campus
9200 113th Street N, Seminole FL
How much:• Friday training sessions: $1 (really!)
• Regular admission: $25
• College/university student admission: $15
• Middle/high school student admission: $10
• Elementary school student admission: $1
Where to register:BSides St. Pete’s registration page

If you want a taste of what BSides is like, check out my article, Scenes from BSides Tampa X 2023, which I attended this spring. BSides St. Pete will continue the tradition of sharing deep cybersecurity/infosec knowledge, but on the St. Pete side of the Bay this time!

The Friday training sessions will be:

  • Blue Team Workshop – Network Attacks, with Laura Mayeux from Vectra AI
  • Introduction to Hands-On Purple Teaming, with Bryson Bort & Chris Peacock from SCYTHE
  • Splunk Boss of the SOC, with Will Robus from Outpost Security

The Saturday conference sessions will be:

  • Between Two Palms: A Session on Burnout, with Elvira Reyes and Chris Machowski
  • Complexity is the Enemy: How to start doing Cyber Risk Management with Dan Holland
  • How I Learned to Stop Worrying and Build a Modern Detection & Response Program, with Allyn Scott
  • Exploring Threat Actor Strategies on Exploitation of Emerging TLDs, with Pat Gelin
  • Integrating Cybersecurity into Organizational Culture and Portfolio Management, with Carlos Rodriguez
  • How to Build a Cybersecurity Journey, with Ivan Marchany
  • Getting into Cybersecurity, with Stacey Oneal
  • A Urinal Story: Human Behavior & Security, with Daniel Lopez
  • Navigating New Cybersecurity Regulations: Charting a Course for Success, with Terri Khalil
  • Everything I Needed to Know About Practical Cybersecurity, I Learned from my Mom, with Michael Magyar
  • Creating your Security & Compliance Audit Framework, with Michael Brown
  • Building a Comprehensive Framework for AI Systems Security: Methodology and Grading, with Wilson Bautista
  • IAM Security and So Can You: An Intro to Identity Access Management and How to Beat It to a Pulp, with “Uncle Raydar”
  • Adversarial Prompting: Exploiting Large Language Models, with Sam Decker
  • Enhancing Chrome Extension Security: Fortifying Your Browser Experience, with Aishwarya Ramesh & Nagarajan Samuel Ogunlade
  • Cyber Supply Chain Risk Management and Evolving Governance, with Joshua Weathers
  • How to Wage War and Bypass Congress: a Primer on Gray Zone Warfare, with Jon “Cochise” Buzin
  • Getting MAAD-AF to Attack Microsoft 365 & Azure AD, with Arpan Sarkar
  • The Boring Parts of AI: Risks and Governance of Large Language Models, with Dan Fernandez

This event charges admission, but it’s pretty cheap — register here!

DevOpsDays Tampa Bay 2023 (Thursday, September 21)

Devops is underrated, which is a terrible shame, because software and systems don’t happen without it! Luckily for us techies in Tampa Bay, we have a conference on devops, and it’s happening on Thursday, September 21!

The event:DevOpsDays Tampa Bay
TL;DR:A full-day conference dedicated to DevOps (“Dev” as in “software development,” “Ops” and in “IT operations”) in Tampa’s best conference venue.
Recommended if you’re:• Interested in devops, CI/CD, and setting up, operating, and maintaining all the things that make software development and delivery possible (that’s what this conference is all about)
• Looking for devops work (there’ll be lots of people working in devops there, and some of them will be recruiting)
• Curious as to how software and systems get built and deployed beyond the planning and coding phases
When:Thursday, September 21, 2023
8:00 a.m. – 5:00 p.m.
Where:Armature Works
1910 N Ola Avenue, Tampa FL
How much:• Before September 1: $100
• After September 1: $150
Where to register:DevOpsDays Tampa Bay’s Eventbrite page

The conference sessions will be:

  • How do we talk to each other?, with Nora Jones
  • Realigning DevOps: Customers and Learning First, with Kishore Jalleda
  • The Startup DevOps Playbook – Making It A Success From Day One, with Aman Sharma
  • Building Resilience: A Journey of Crafting and Validating Our Disaster Recovery Plan, with Yedidya Schwartz
  • The Power of DevOps in the Real World, with Randy Pagels
  • Simplifying Cloud Native Chaos Engineering: A Deep Dive into Chaos Mesh, with Soumyadip Chowdhury
  • Best Practices for Securing CI/CD Pipelines, with Lizz Parody
  • The OpenTelemetry Hero’s Journey: Working with Open Source Observability, with Josh Lee
  • Open spaces

Admission is $150, but if you register before September 1, you can save $50 and pay only $100 — register here!

Hot on the heels of their successful “Breaking into Tech” panel back in late July, Tampa Bay Techies are holding a great follow-up meetup where the topic will be about bridging the opportunity gap in the Tampa Bay technology industry.

The event:Navigating Your Tech Journey
TL;DR:An evening of tech career guidance (keynote and panel discussion) and networking at Tampa Bay’s premier tech gathering space.
Recommended if you’re:• Wondering what the next move in your tech career should be (that’s the main topic of this meetup)
• Looking for tech work (there’ll be lots of people working in tech there, and some of them will be recruiting)
• New to the Tampa Bay tech scene or haven’t been to a Tampa Bay tech event in a while
When:Tuesday, September 26, 2023
5:30 – 9:00 p.m.
Where:Embarc Collective
802 E Whiting Street, Tampa FL
How much:Free!
Where to register:Navigating Your Tech Journey’s Meetup page

This event will feature Candace Williams, who will share her inspiring journey into the world of technology. From her early days to becoming Associate Director, Cybersecurity at Raytheon and starting Cyb(H)er Ally, Candace’s story is a testament to what’s possible in the tech industry.

Following Candace’s keynote address, there will be a panel of accomplished industry professionals ready to answer your burning questions. Guided by the audience’s inquiries, this discussion will focus on the invaluable lessons they learned when starting their tech careers and finding their own unique paths in the industry.

This event is free to attend — register here!

Categories
Programming Security

Steve Waldman on building an authenticated service in Scala with tapir and JWT

If you’re into Scala, you’ll want to check out local developer Steve Waldman’s new article, Building an authenticated web service in Scala with tapir and JWT.

I had the good fortune to meet Steve at the Tampa Java User Group’s meetup in May, where he gave us a tour of Scala-CLI as a tool for running Scala and Java code, as well as an opportunity to get our hands on Haoyi Li’s book, Hands-On Scala Programming.

Last week, he attended my presentation at the Tampa Java User Group meetup, Build and secure an API (and a job offer!) with Spring Boot and Kotlin, and he Scala-fied it as Building an authenticated web service in Scala with tapir and JWT.

Check it out!

Categories
Conferences Security The Street Finds Its Own Uses For Things

A handy hack for not getting your drinks “spiked” at Def Con

The 2023 Def Con is well under way! You might want to use this trick to make it harder to spike your drinks. This isn’t to say that everyone at Def Con is trying to surreptitiously drug other people’s drinks, but there is a certain transgressive element there, and as any security expert will tell you: you can never really be too careful.

Categories
Deals Reading Material Security

Humble Bundle’s deal on cybersecurity and forensics books from CRC Press

Screenshot of Humble Bundle’s “Cybersecurity and Forensics” bundle page

The latest interesting book bundle from Humble Bundle is the Cybersecurity and Forensics Bundle, which gets you 19 cybersecurity and cyberforensics books by CRC Press for a mere $25 — that’s just $1.32 per book!

As I write this, you have 17 days before this deal disappears. If you need books on cybersecurity and forensics, get these now!

Click here to go to Humble Bundle’s Cybersecurity and Forensics bundle page.

Categories
Meetups Security Tampa Bay

CyberX Tampa Bay’s mid-year happy hour tonight

Hey, Tampa Bay cybersecurity professionals — it’s time for another CyberX get-together, and it’s happening tonight at 5:30 p.m. at The Brass Tap on Dale Mabry, just north of Kennedy!

Tonight’s gathering will bring together cybersecurity professionals from all around “The Other Bay Area” for an evening of networking, fun, and collaboration. It’s the perfect opportunity to stay connected with the CyberX community ahead of CyberX’s major conference on October 25th!

Find out more and register here!

Categories
Conferences Security Tampa Bay What I’m Up To

Scenes from BSides Tampa X 2023

Arriving at BSides

Image

Anitra and I took part in this year’s BSides Tampa cybersecurity conference, which also happened to be the tenth anniversary of this event, and it was fantastic! This post contains my photos from the event.

BSides Tampa is sponsored by the Tampa Bay chapter of (ISC)², which is clever and mathematically-correct shorthand for “International Information System Security Certification Consortium”. (ISC)² is a non-profit specializing in training and certifying information security professionals.

BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content. In 2009, when the Black Hat conference in Las Vegas received way more presentation submissions than they could take on, the rejected presenters (who still had very could presentations; there just wasn’t enough capacity for them) banded together and made their own “b-side” conference that ran in parallel with Black Hat. From that event came BSides.

Since I work in the cybersecurity field as a developer advocate for Okta’s Auth0 product, I figured I’d take an active role in BSides and volunteered to be a “runner”. I showed up on Saturday morning, picked up my badge, donned a T-shirt, and got to work helping out wherever I could.

The volunteers help run the event, and they help keep it inexpensive (admission is a mere $45, and workshops are $5 each — a far cry cheaper than most tech conferences). They were everywhere, starting with the registration desk, where they processed an amazing 1,100 attendees:

It takes a big space to hold 1,100 people. Thanks to University of South Florida for providing that space: the Muma College of Business. Here’s the BSides map, showing all the rooms and halls where all its events took place:

The sponsor booths

My first job was to check to see if the sponsors at the booths needed anything, which gave me a chance to take photos of each booth.

The Hackerbox booth was particularly interesting to me. I used to be fairly adept at putting together circuit projects as a teenager, having learned from Forrest Mims’ hand-drawn electronics books from Radio Shack back in the ’80s:

They sell a number of kits that let you build projects that will help you learn electronics and better understand the devices that we use daily.

They had a number of kits for sale, including the “Old School” kit, an old-school VGA PC powered by a couple of Arduino Nano boards running Linux:

The “Biometrics” hackerbox highlights biometric identification: face recognition, fingerprint scanning, and voiceprinting. It’s powered by an ESP32 wifi microcontroller and TensorFlow Lite:

They also had some excellent kits for people wanting to get their feet wet with soldering and basic electronics…

…and some kid-friendly kits for budding hardware hackers:

I then toured around the other booths, bringing them water and whatever else they needed. The booths were…

milcyber.org:

Metnology:

Reliaquest:

ThriveDX:

AWS:

Guidepoint Security:

I know Chris Machowski from The Undercroft, the former name of the Neon Temple security guild. I was a student at the first and only cohort of UC Basline, a cybersecurity training program that The Undercroft offered in the summer of 2020. He was showing his gorgeous graphic design:

I also had a chat with the folks at Corellium, whose service provides mobile developers with virtual ARM devices for testing:

I have a great relationship with Computer Coach, for whom I’ve taught Python and JavaScript courses, and with whom I’ve worked at numerous tech events in the area:

IEEE Computer Society:

Black Hills Information Security:

KnowBe4:

Abacode:

BishopFox:

NorthStar:

Chase Bank:

Insight Assurance:

Pondurance:

Recon Infosec:

The STEM room

I then helped out in the STEM room, where Tampa Hackerspace, Scoutlier, and AMRoC Fab Lab had set up shop and were showing young people what they could do if they got into the world of science, technology, engineering, and math. I was great seeing the young’uns get excited about this stuff.

Signs

While in the STEM room, I had the chance to take pictures of some spare signs, all of which bore Chris Machowski’s excellent design for the BSides Tampa logo:

Hacking AWS: Welcome to the Jungle

I got assigned to keep watch over a couple of sessions, including Mike Felch’s presentation, Hacking AWS: Welcome to the Jungle. It covered a number of intriguing techniques for gaining access to AWS instances.

Interestingly enough, ChatGPT turns out to be an excellent tool for doing AWS recon…

…and Mike has an interesting project, CloudGPT, which harnesses ChatGPT to analyze AWS policies for vulnerabilities. We’re getting closer and closer to the world of William Gibson’s “Sprawl” novels, with AI-assisted “ICEbreakers…”

Mike has a lot in his bag of AWS tricks:

Mike has posted his slides for Welcome to the Jungle on SlideShare.

Quick break

I took a couple more photos during a quick break for lunch between sessions.

Down the Rabbit Hole

Once again, I was assigned to keep an eye on the “big room,” where Ken Westin gave his presentation, Down the Rabbit Hole, where he talked about helping law enforcement with technology and OSINT techniques.

He emphasized an important fact: Every contact leaves a trace. This is a principle formulated by Edmond Locard (1877 – 1966), who is considered the pioneer of forensic science. It says that the perpetrator of a crime generally does two things:

  • They bring something to the crime scene, and
  • They also leave with something from the crime scene.

While this principle was made for the physical world, it’s applicable in the digital world.

Even with over a decade of cameras in GPS-equipped phones, many people forget that smartphone photos have EXIF data embedded in them, which has been many a crinimal’s undoing.

(By the way, if you’re curious about reading and erasing EXIF data from photos, I’ve written a couple of articles on the topic. There’s a Python version and a JavaScript version.)

I rather like this pun on “the quantifed self:” The quanitifed self-pwn. In all the self-measurement involved in the activities that are part of the quanitifed self, there’s the possibility of unintentionally providing the collected data to unwanted parties:

Another slide I liked: The Hierarchy of Data Bleed, a play on Maslow’s Hierarchy of Needs:

Another quick break

And then, another quick break. I decided to enjoy some “outside time,” where I got to take in some fresh air, play the accordion (video to come), and catch up with friends:

How to be a Whistleblower: Exfiltrating Sensitive Materials Safely

The next session over which I kept watch was How to be a Whistleblower: Exfiltrating Sensitive Materials Safely, an intriguing topic.

Once again, Locard’s principle reared its head: Every contact leaves a trace:

Bawls break

Bawls were one of the sponsors of BSides. I didn’t even know that this energy drink was still around!

A good portion of my job as runner was to move boxes of the stuff from storage into the ice chests scattered about the site. “Gotta move more warm Bawls,” I quipped.

Closing

There was a raffle at the closing session, and while some people had already gone home, the remainder still managed to pack the big room. That’s when it was announced that BSides has 1,100 attendees out of 1,400 registrants. Nicely done!

Afterparty

It’s not a true tech event without an afterparty, and BSides did not disappoint. AWS sponsored the shindig, which took place at the nearby World of Beer, and it gave me a chance to catch up with more people.

BSides Tampa was an amazing event, and I hope to up my involvement in next year’s edition. Maybe I should talk to Okta about sponsoring it…

Thank you, BSides Tampa Krewe!

Thanks to the BSides volunteer Krewe and their leader, Elvira Reyes, for letting me join in the fun! I hope to see you — and be among your number — next year!