Bsides Boston Recap

Ken Smith and Armand Boudreau, two of our expert Solutions Architects, recently attended the Security BSides Boston event. At K logix, our technical team attends numerous nationwide information security events throughout the year. We pride ourselves on being true thought leaders in this industry and many of our team members are often asked to speak and present at these events. By volunteering at BSides this year, Ken and Armand were able to be part of a truly remarkable event for the security community.

BSides attracts information and cyber security professionals for two days of presentations, collaboration, and learning. Due to the community driven nature of BSides, the individuals who participate are doing so on their own time and are truly interested in the advancement of information security. The positive energy was contagious throughout the NERD center as the halls buzzed with collaborative conversations.

Hot topics at BSides:

• Communication challenges between IT and executive leadership.
• How to translate security issues into business concerns.
• Increasing the investment in information security awareness for IT teams, end users, and executive leadership.
• Information security is reaching critical mass and organizational leadership can no longer maintain the “ignorance is bliss” attitude, especially when there are significant financial repercussions.

Ken and Armand volunteered on Saturday and they have included some highlights from presentations below. They did not attend Friday, which also included an impressive list of presenters and topics. 

Keynote: “Target, Snowden, Heartbleed…Oh my!” by Rob Cheyne

• Now is the time for security professionals to do a better job at communicating with executives about information security
• It’s vital to focus on securing the data, starting at the data, and working outwards

“Run OpenVPN in your Home” by Paul Braren

• It’s important to use a basic OpenVPN gateway server at home in order to protect your internet browsing activities
• Paul spoke about how to configure mobile devices to use the OpenVPN gateway

“TOOOL: Introduction to Lock picking” moderated by Max Turkewitz and Tom Williams

• It’s simple: many locks are much easier to pick than you think
• Various types of picks are readily available
• There is a large locksport community

“Abusing Mobile Games” by Ming Chow

• Almost all mobile devices have at least one game installed
• The tool set to develop games and mobile apps has been put into the hands of the masses, giving almost anyone the ability to develop apps and games.
• This presentation reinforces the need for a strong BYOD strategy. While many apps are able to pass through the app store without any issue, the underlying libraries can serve as a pivot point onto the device when updated.

Demonstration: Lock picking by TOOOL Boston

• This hands-on demonstration allowed attendees to try and test their hands on using various picks to open different locks
• The TOOOL representatives helped attendees learn how each lock worked as well as the tools and techniques necessary to defeat each of them
• This demonstration showed how quickly physical security controls could be defeated, something that is both impressive and worrisome, reinforcing the concept of defense in depth, and not relying on a single control, whether physical or logical, to protect critical assets.

We look forward to attending next year's BSides event!