Live from Vegas! Hacker Summer Camp is this Week!

3 cons. 4 talks. No sleep. Lol. Well I did get some finally. It has been a whirlwind and I love it. Every glorious second!

BSidesLV has been the best yet. 3rd year for me. Volunteered as speaker liaison, which I love because I give talks. It’s about helping them feel more confident, ready to step up and own that moment. I also had the early bird shift in the lobby as greeter. Since I am a morning person, 6:00 a,m Vegas time was fine with me. Besides, you can’t beat watching the sun come up over the desert hills.

I was a mentor to a terrific speaker. BSides has the Proving Grounds track to encourage and enable folks to give talks. It’s how I got started, and I will forever be grateful.  And mentoring is mutually rewarding. I’ll do a separate post on it because I think it’s so vital.  My mentee, Karolyn Bachelor, gave a great talk on how to ask the right questions for the right answers. Way to go! I’ll post links.  And my other mentee from home, Nitha Suresh, gave her first talk at Proving Grounds as well. I am thrilled for both of them!


And I had fun again this year, giving my talk in the Underground Track, picking up where I left off last year on How to Rob a Bank. This year was “Banking on Insecurity”, because the hits just keep on coming. The room was packed and my opening line went something like “Holy sh*t!” lol! We had lots of interactions and laughs about some very serious and even controversial topics in the realm of finsec and cyber security. Honestly, it was better than I could have wished for!

Now, I have two full days ahead of the little con that could. The Diana Initiative is about encouraging, empowering and supporting women in InfoSec and Tech. It rose from the ashes of what was TiaraCon, of which we will say no more.  This event comes from the heart, and what I will say is that we were so moved by the belief in what we were doing by the attendees from last year. Failure was not an option. There were people counting on us to deliver and we have made it happen. Oh my god this community and their support is amazing. Truly. I am grateful beyond words for the generosity shown.  And as being part of this extraordinary team, who pulled together, gave up sleep, work, life to make this happen – I am so blessed. Resilience. Strength. Determination. We are gonna change some lives, make a difference and have a great time doing it. The Diana Initiative – this Con is on!

BSidesTO: Bringing IT Home

In my first year of security cons, and sharing them with the world, it means a lot to pen this tribute to BSidesTO, the one in my hometown. Hitting its stride in its third year, tickets sold out in advance, there was an excellent roster of speakers, and I was thrilled to be selected.

Let me start with kudos and congratulations to the small but powerful organizing team who put together a terrific event and made themselves readily available.  The venue was packed with an appreciative audience of over 160 security folk who engaged each of the speakers in lively question and answer sessions following their talks.  And yes, there was such a thing as a free lunch, which was served up with smiles by the BSidesTO team. They even arranged a movie to end the session, for those not already engaged in the post-con convos. If anything went awry, it wasn’t evident.


Given that our space was full to bursting, and that Toronto is Canada’s largest city, and one of the largest cities in North America, I think it’s time we had a major hacker con, along the lines of ShmooCon, GrrCon, or DerbyCon. Because it isn’t a corporate event, BSides has that potential, and has established itself as a much-loved, homegrown series of security cons that started in the US and have been spreading because of the community they build and the innovation and exploration they encourage.  It’s where the security community shares their hacks to learn, to improve, and to make the world a safer place. I really look forward to participating again next year, and to getting involved.


Unfortunately, that isn’t always how hacking is perceived. This past year brought us the short-sighted Wassenaar agreement, which would penalize those who hack to protect, and several governments working to ban encryption. But someone has to scrutinize the ever-growing devices added to the Internet of Things; to dissect the code that builds the websites we are all accessing. Decision makers need us to give them regular reminders that hackers watch over all the connections we make, and that they serve as our early warning security system.

Which is why having a local BSides really matters – it fosters the free exchange of ideas and supports this community in their varied approaches to security. Because as the impact of breaches continues to increase, and average users discover the extent of their vulnerability online, the world needs to know that hackers are here – for good.

My First “Con”: Alice in Security Wonderland


This month I did something that is a rite of passage for anyone in InfoSec:  I attended my first “Con”, Circle City in Indianapolis, a Security Convention that is about the community and largely attended by … hackers.

Let’s clear up a big misconception. The hackers I know are definitely not this stereotype found ad nauseum.  Yes, there are hackers who choose to attack our systems, steal data, and threaten our security.  But there’s a whole other group out there who are also hackers, and in the constructive definition of the term.  They “hack” to understand and improve the code and technology we use everyday;  they test networks and programs, finding weaknesses and vulnerable points we need to defend from the attackers. Highly skilled and naturally curious, they understand our systems better than we understand ourselves.  They know what can go wrong because they know how it can be broken, and that prevention is the best fix.

Cons offer a major venue to present new research and discoveries, and to discuss theories about a fascinating range of topics that impact Information Security.  There are a variety, in different flavours, with varying appeal. And they happen throughout the year. Every year in  August, Las Vegas hosts DEF CON, a massive hacker event, alongside the more corporate Blackhat, and BSidesLV, from the popular local BSides series encouraging novice through expert.   We have some in Canada, but the cost of admission and travel are big factors for attendance.  When I asked what first Con should be, Circle City was the resounding choice.  Smaller, new (this was its second year and very successful), it would be well-attended by people I knew, and feature a diverse mix of classes and talks.

To say this was an incredible learning opportunity would be an understatement. There was a constant exchange of information happening on and offline.  I felt like I was back in university- in a very good way- as we worked together in small groups to resolve a given problem and then present to the class.  And there I was, sitting and working with some of the smartest, most interesting people I have ever met, who made me feel welcome and invited my contributions.  It was truly a privilege.

The best connections however, aren’t plugged into the network, but those made within the network of attendees.  This is a community.  There is an open camaraderie as folks who spend most of the year connecting online enjoy this opportunity to connect face to face. Attendees wear t-shirts from the past cons they’ve attended.  Badges on lanyards denote speakers, participants, staff, and trainers.  Tattoos are a walking montage of art and personal expression. Some describe themselves as introverts, but at these Cons they are among friends, accepted and welcomed.  And then there are the parties, when hackers come out to play and the fun lasts all night long.  A series of artful DJs delivered a wicked sound and light show as a wish-list of arcade games beckoned and we talked until we lost our voices. Yes, Alice, welcome to InfoSec!

Closing ceremonies may be worth missing at some conventions, but I’m glad I stayed to take it all in.  It was all good fun watching prizes bestowed on heartily enthusiastic winners.  Raffle tickets were sold in handfuls to keen attendees, for a range of prizes including an extraordinary quilt made by one of the members, the intricate pattern actually an encrypted message. Recognition and thanks were sincerely given to those who had given so much.  And then there was moment that brought many of us to tears, as a fellow hacker fighting cancer was welcomed on stage, and the story about bringing him to the Con was told.  This really is a community.

I’m so glad I fell down this rabbit hole to InfoSec. I started following paths on Twitter, which is an incredible repository of access points for up to the minute security developments, detailed research, knowledgeable blog posts, and of course, people with whom to connect. Now my kids regulate my screen time and tweets. Had you told me a couple years ago that I’d sit in on a talk about digital forensics and devour every word of it, I would have called you crazy.  Instead, you can call me Alice, because InfoSec has become my Wonderland of learning and discovery. Welcome to my excellent InfoSec adventure.  I can’t wait for what comes next – in Vegas!