On this second day of BSidesSF, things were more familiar: figuring out which track was where, what to expect in terms of flow, etc… The acoustics seemed to improve a bit, the crowd was a little thinner – it is Monday, after all… But still lots of interesting people and sessions.
Because of other commitments, I had to leave right around lunch, so only had three sessions to attend. 😦
Still, on to the sessions:
- In what was, in my opinion, the BEST session at BSidesSF, Tony Martin-Vegue (@tdmv) did a phenomenal job of delivering an informative, clear and entertaining session on the [mis]use of Statistics in information security scenarios. He presented good points about how things such as surveys (always a favorite of vendors…) and charts can be fraught with peril if taken at face value. He discussed the issue of ‘semi attached figures’, when one data point is not proof of another, but are presented together to confuse the subject. Finally, he hinted at other biases and discussed recommended practices (assume good intentions, but be skeptical!) and links to good books on the subject. I’d be remiss if I didn’t mention that not only were the supporting slides hilarious, but his flow of demonstrating some concepts was amazing: his deconstruction of 3D pie charts, or the powerful visual of how misleading a line graph can be. If you watch only one session, make it this one!
- An interesting concept in statistics is “reversion to the mean”: after an extreme measurement, the next one may be closer to the average. It applied here: after a great session, the next one kind of missed the mark. Originally entitled Ground Zero and meant to discuss trends in banking malware (or so I read), it turned out to be a high-level description of some data that was available from a sensor network, followed by a description of how companies already have “interesting” data lying around and should share it. Jonathan Curtis made a good attempt at engaging the audience and I praise him for having answered quite a few questions, but ultimately the content was not there.
- My last session was on Phishing, delivered by Kevin Bottomley (@k3v_b0t). He presented an overview of key points about phishing – usage, how it looks, how it flows, how it can be created, … – then demonstrated some of these ideas on a demo system/account. It was impressive to watch how quickly a campaign can be created and launched. Also, it may sound simple but I really liked how he ‘lifted the curtain’ just a tiny bit on how advanced phishing detection leverages Machine Learning algorithms such as Natural Language Processing. If anything, I think it’d be really cool to explore that angle further. Sidenote: during his talk, Kevin had to deal with “demo gremlins” (some things didn’t work as expected), but he handled things really well…
And that was that… I left OpenDNS soon after: there was a draw for some prizes (t-shirts, books, and some electronics) but the odds were not in my favour.
I’m extremely thankful to the organizers, the sponsors (OpenDNS in particular for hosting the event), the presenters and the audience. I truly hope I can make BSidesSF a regular stop in my calendar if I keep coming back to RSA.