Hey, Tampa Bay cybersecurity professionals — it’s time for another CyberX get-together, and it’s happening tonight at 5:30 p.m. at The Brass Tap on Dale Mabry, just north of Kennedy!
Tonight’s gathering will bring together cybersecurity professionals from all around “The Other Bay Area” for an evening of networking, fun, and collaboration. It’s the perfect opportunity to stay connected with the CyberX community ahead of CyberX’s major conference on October 25th!
Anitra and I took part in this year’s BSides Tampa cybersecurity conference, which also happened to be the tenth anniversary of this event, and it was fantastic! This post contains my photos from the event.
BSides Tampa is sponsored by the Tampa Bay chapter of (ISC)², which is clever and mathematically-correct shorthand for “International Information System Security Certification Consortium”. (ISC)² is a non-profit specializing in training and certifying information security professionals.
BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content. In 2009, when the Black Hat conference in Las Vegas received way more presentation submissions than they could take on, the rejected presenters (who still had very could presentations; there just wasn’t enough capacity for them) banded together and made their own “b-side” conference that ran in parallel with Black Hat. From that event came BSides.
Since I work in the cybersecurity field as a developer advocate for Okta’s Auth0 product, I figured I’d take an active role in BSides and volunteered to be a “runner”. I showed up on Saturday morning, picked up my badge, donned a T-shirt, and got to work helping out wherever I could.
The volunteers help run the event, and they help keep it inexpensive (admission is a mere $45, and workshops are $5 each — a far cry cheaper than most tech conferences). They were everywhere, starting with the registration desk, where they processed an amazing 1,100 attendees:
It takes a big space to hold 1,100 people. Thanks to University of South Florida for providing that space: the Muma College of Business. Here’s the BSides map, showing all the rooms and halls where all its events took place:
My first job was to check to see if the sponsors at the booths needed anything, which gave me a chance to take photos of each booth.
The Hackerbox booth was particularly interesting to me. I used to be fairly adept at putting together circuit projects as a teenager, having learned from Forrest Mims’ hand-drawn electronics books from Radio Shack back in the ’80s:
They sell a number of kits that let you build projects that will help you learn electronics and better understand the devices that we use daily.
They had a number of kits for sale, including the “Old School” kit, an old-school VGA PC powered by a couple of Arduino Nano boards running Linux:
The “Biometrics” hackerbox highlights biometric identification: face recognition, fingerprint scanning, and voiceprinting. It’s powered by an ESP32 wifi microcontroller and TensorFlow Lite:
They also had some excellent kits for people wanting to get their feet wet with soldering and basic electronics…
…and some kid-friendly kits for budding hardware hackers:
I then toured around the other booths, bringing them water and whatever else they needed. The booths were…
I know Chris Machowski from The Undercroft, the former name of the Neon Temple security guild. I was a student at the first and only cohort of UC Basline, a cybersecurity training program that The Undercroft offered in the summer of 2020. He was showing his gorgeous graphic design:
I also had a chat with the folks at Corellium, whose service provides mobile developers with virtual ARM devices for testing:
I have a great relationship with Computer Coach, for whom I’ve taught Python and JavaScript courses, and with whom I’ve worked at numerous tech events in the area:
Black Hills Information Security:
I then helped out in the STEM room, where Tampa Hackerspace, Scoutlier, and AMRoC Fab Lab had set up shop and were showing young people what they could do if they got into the world of science, technology, engineering, and math. I was great seeing the young’uns get excited about this stuff.
While in the STEM room, I had the chance to take pictures of some spare signs, all of which bore Chris Machowski’s excellent design for the BSides Tampa logo:
I got assigned to keep watch over a couple of sessions, including Mike Felch’s presentation, Hacking AWS: Welcome to the Jungle. It covered a number of intriguing techniques for gaining access to AWS instances.
Interestingly enough, ChatGPT turns out to be an excellent tool for doing AWS recon…
…and Mike has an interesting project, CloudGPT, which harnesses ChatGPT to analyze AWS policies for vulnerabilities. We’re getting closer and closer to the world of William Gibson’s “Sprawl” novels, with AI-assisted “ICEbreakers…”
Mike has a lot in his bag of AWS tricks:
Mike has posted his slides for Welcome to the Jungle on SlideShare.
I took a couple more photos during a quick break for lunch between sessions.
Once again, I was assigned to keep an eye on the “big room,” where Ken Westin gave his presentation, Down the Rabbit Hole, where he talked about helping law enforcement with technology and OSINT techniques.
He emphasized an important fact: Every contact leaves a trace. This is a principle formulated by Edmond Locard (1877 – 1966), who is considered the pioneer of forensic science. It says that the perpetrator of a crime generally does two things:
While this principle was made for the physical world, it’s applicable in the digital world.
Even with over a decade of cameras in GPS-equipped phones, many people forget that smartphone photos have EXIF data embedded in them, which has been many a crinimal’s undoing.
(By the way, if you’re curious about reading and erasing EXIF data from photos, I’ve written a couple of articles on the topic. There’s a Python version and a JavaScript version.)
I rather like this pun on “the quantifed self:” The quanitifed self-pwn. In all the self-measurement involved in the activities that are part of the quanitifed self, there’s the possibility of unintentionally providing the collected data to unwanted parties:
Another slide I liked: The Hierarchy of Data Bleed, a play on Maslow’s Hierarchy of Needs:
And then, another quick break. I decided to enjoy some “outside time,” where I got to take in some fresh air, play the accordion (video to come), and catch up with friends:
The next session over which I kept watch was How to be a Whistleblower: Exfiltrating Sensitive Materials Safely, an intriguing topic.
Once again, Locard’s principle reared its head: Every contact leaves a trace:
Bawls were one of the sponsors of BSides. I didn’t even know that this energy drink was still around!
A good portion of my job as runner was to move boxes of the stuff from storage into the ice chests scattered about the site. “Gotta move more warm Bawls,” I quipped.
There was a raffle at the closing session, and while some people had already gone home, the remainder still managed to pack the big room. That’s when it was announced that BSides has 1,100 attendees out of 1,400 registrants. Nicely done!
It’s not a true tech event without an afterparty, and BSides did not disappoint. AWS sponsored the shindig, which took place at the nearby World of Beer, and it gave me a chance to catch up with more people.
BSides Tampa was an amazing event, and I hope to up my involvement in next year’s edition. Maybe I should talk to Okta about sponsoring it…
Thanks to the BSides volunteer Krewe and their leader, Elvira Reyes, for letting me join in the fun! I hope to see you — and be among your number — next year!
This year’s edition of BSides Tampa, Tampa Bay’s community-led IT security conference, happens Saturday, April 1 at USF’s Muma College of Business. This will be a special one, as it’s BSides Tampa’s 10th anniversary!
BSides Tampa is sponsored by the Tampa Bay chapter of (ISC)², which is clever and mathematically-correct shorthand for “International Information System Security Certification Consortium”. (ISC)² is a non-profit specializing in training and certifying information security professionals.
BSides gets it name from “b-side,” the alternate side of a vinyl or cassette single, where the a-side has the primary content and the b-side is the bonus or additional content. In 2009, when the Black Hat conference in Las Vegas received way more presentation submissions than they could take on, the rejected presenters (who still had very could presentations; there just wasn’t enough capacity for them) banded together and made their own “b-side” conference that ran in parallel with Black Hat. From that event came BSides.
BSides conferences are community events, and unlike a lot of tech conferences, they’re inexpensive. BSides Tampa 2023 costs $45 to attend, and its supplementary workshops are $5 each.
I plan on attending, and if you’re interested in diving deeper into security, you should too!
The topic: Cybersecurity.
The event: CyberX Tampa, an evening conference with some pretty interesting speakers and topics, and a chance to catch up with some local techies and security nerds.
The place: TheIncLab in Ybor City, in the place where The Undercroft — the guild where I took a pretty intense cybersecurity course during the pandemic — used to be.
The cost: Free as in beer. $0. Just register on their Eventbrite page.
The agenda:
| Time | Event |
| 5:30 p.m. – 6:00 p.m. | Networking |
| 6:00 p.m. – 6:15 p.m. | Special honoree: Courtney H. Jackson, founder and CEO of Paragon Cyber Solutions and Global 2022 Cybersecurity Woman Entrepreneur of the Year |
| 6:15 p.m. – 6:45 p.m. | Breakout sessions DE&I in Cyber Panel with: • Moderator: Suzanne Ricci | Chief Success Officer @ Computer Coach • Courtney H. Jackson | Founder & CEO @ Paragon Cyber Solutions • Samantha Ramos | Information Security Risk Manager @ Nextech Systems • Hugh Percy | Mgr, Cyber Security Threat Analysis & Operations @ Moffitt Blackhat Tactics You Should Know • Charlton Trezevant | Senior Application Security Consultant @ GuidePoint Security • Robert Lubin | Security Operations Center Director@ Abacode |
| 6:45 p.m. to 7:00 p.m. | Networking |
| 7:00 p.m. – 7:45 p.m. | Panel Discussion: State of Cybersecurity in Florida • Moderator: Larry Whiteside | CISO @ RegScale • Jason Allen | CTO @ Digital Hands • Kari Schori | CIO @ Office of the Public Defender 6th Judicial Circuit • Rolando Torres | Co-Founder & COO @ Abacode |
| 7:45 p.m. | Thank you’s and good night |
What you’ll get out of it: Well, that depends on what you put into it. But trust me, there are opportunities and a lot of potential there, and I can tell you that half of winning is just showing up.
I’ll see you there!
CyberX Tampa 2022 takes place next Tuesday, October 25, from 5:30 p.m. to 8:00 p.m. at TheIncLab in Ybor City, and I’ll be there! It’ll be an evening of all things cybersecurity-related with some of Tampa Bay’s largest companies, CISOs, and tech leaders!
Here’s the agenda:
| Time | Event |
| 5:30 p.m. – 6:00 p.m. | Networking |
| 6:00 p.m. – 6:15 p.m. | Special honoree: Courtney H. Jackson, founder and CEO of Paragon Cyber Solutions and Global 2022 Cybersecurity Woman Entrepreneur of the Year |
| 6:15 p.m. – 6:45 p.m. | Breakout sessions DE&I in Cyber Panel with: • Moderator: Suzanne Ricci | Chief Success Officer @ Computer Coach • Courtney H. Jackson | Founder & CEO @ Paragon Cyber Solutions • Samantha Ramos | Information Security Risk Manager @ Nextech Systems • Hugh Percy | Mgr, Cyber Security Threat Analysis & Operations @ Moffitt Blackhat Tactics You Should Know • Charlton Trezevant | Senior Application Security Consultant @ GuidePoint Security • Robert Lubin | Security Operations Center Director@ Abacode |
| 6:45 p.m. to 7:00 p.m. | Networking |
| 7:00 p.m. – 7:45 p.m. | Panel Discussion: State of Cybersecurity in Florida • Moderator: Larry Whiteside | CISO @ RegScale • Jason Allen | CTO @ Digital Hands • Kari Schori | CIO @ Office of the Public Defender 6th Judicial Circuit • Rolando Torres | Co-Founder & COO @ Abacode |
| 7:45 p.m. | Thank you’s and good night |
This event is FREE to attend — simply register on the event site!
Are you free next Tuesday, October 18th from 9:00 a.m. to noon, for an event you can attend either in person or online? If so, perhaps you might want to catch my talk at the upcoming InfraGard Tampa Bay Members Alliance meeting. It’s titled The Secret History of Login!
Here’s the description:
If you’re reading this, the chances are very good that you’ve logged into a system or resumed a session where you logged in earlier. It’s a common enough occurrence that most of us don’t think about it unless we’re in a hurry or if we can’t remember our username/password combination.
Logging in is new enough that there are still many people alive who knew the world before usernames and passwords, yet old enough that it’s developed some problems that will take time and effort to solve. This talk will tell the strange story of how login grew from a last-minute hack to become part of our daily experience. Along the way, you’ll get an overview of some of the ways it’s been implemented, the popular software movement it inspired, how it inspired both a software movement and a whole new category of crime, and some best guesses about its future.
First of all, they’re affiliated with the FBI! As their About page states:
Our mission is to mitigate criminal and terrorist threats, risks and losses for the purpose of protecting our region’s critical infrastructure and the American people. Founded in 2004, the Tampa Bay chapter has established itself as a leader nationwide, setting the highest standards for programs, training and education. For the last decade, we have proudly contributed to the safety and security of Tampa Bay via an all-threats, all-hazards approach. At the national level, the InfraGard National Members Alliance was founded in 1996 and now comprises over 80 regional chapters, each linked to an FBI Field Office.
InfraGard’s success can be attributed to the unprecedented communication, collaboration and coordination it has forged at the epicenter of America’s most critical resources. Our membership is comprised of individuals that represent private businesses; local, state and federal law enforcement agencies; academic institutions; first responders and more.
All members are vetted by the FBI and pass comprehensive background checks prior to being accepted to InfraGard. The trust inherent in those who have successfully passed these checks is unmatched in any other public-private partnership in the country, making InfraGard a unique and highly successful solution to engaging the private sector in the protection of our nation’s critical infrastructure.
There’s a lot going on at this meeting — in fact, I’m not the only speaker at this one! Here’s the agenda:
| Time | Item |
| 9:00 a.m. | Welcome and speaker/topic introductions by Ebony Vaz |
| 9:05 a.m. | Opening remarks by Michael Ritchie, President |
| 9:15 a.m. | Speaker 1: Kate Whitaker, Director of Cyber Outreach, Cyber Florida |
| 10:00 a.m. | Break |
| 10:15 a.m. | Speaker 2: Joey deVilla, Senior Developer Advocate, Okta — The Secret History of Login |
| 11:00 a.m. | Break |
| 11:15 a.m. | Speaker 3: Billy Sasser, Supervisory Protective Security Advisor (SPSA) CISA Region 4 — CISA’s Physical and Cyber Security Resources |
| 12:00 p.m. | Closing remarks by Michael Ritchie, President |
They’re streaming this event, so you have the option of attending online if you can’t make it to the in-person event. Here are the registration details:
October is Cybersecurity Awareness Month, and we’re celebrating both the month and Tampa Bay’s cybersecurity professionals at Shuffle in Tampa Heights tonight from 5 to 7 p.m.!
The folks at Computer Coach Training Center (for whom I just finished teaching a Python course) helped put this event together, and it’s your chance to meet people from Cyber Florida as well as other local people in cybersecurity (hint: I work for the Auth0 arm of Okta, which just so happens to be in that industry).
Want to join in? Register on the event’s Meetup page, and I’ll see you there!