BSides Recap

This past week was Security conference week in the Bay Area, with BSidesSf and RSA.

I was able to attend BSidesSF and wrote up a recap on some of the talks. A conference by the community for the community.

Talks will be posted to their channel.

Here are some of the talks I enjoyed.

SSH Multiverse

• It went over the history of SSH, OpenSSH, and all things related

• SSHamble as an open-source tool for locating vulnerabilities, pre and post-auth attacks, and enumeration

• badkeys.info, a service for checking public keys for known vulnerabilities

Fake Hires, Real Threats: When Background Checks Aren’t Enough

• Went over the ramp up of fake hires stemming from DPRK operations

• A tale from the inside
  

BSidesSf Plays incident Response

• A cool gamified tabletop with the audience going over an incident

• Takeaways from the exercise: Delegate when possible and In the end, when in doubt loop in Counsel.

  

Your Intrusion Detection Still Sucks (And What to Do About It)

• Straight to the point, with no fluff from Jason.

• Actionable steps for taking your Detection program from bad to good

• Log centralization, Analytics on those logs, Automate context wherever you can, Fido2/WebAuthN all the things

Not Every Groundbreaking Idea Needs to Become a Billion-Dollar Startup

• Ross from Venture in Security gave this talk on there being different avenues for success for a Security startup

• VC isn’t endgame for all

Venture in Security

Helping security practitioners, entrepreneurs, investors and executives build the future of cybersecurity

By Ross Haleliuk

---

What I Read This Week

• Can We Stop Documenting Our Detections?

  • As an advocate for good documentation, this is a prime use case for LLMS

  • One approach for LLMs either creating or updating detection documentation

• 4chan is back online, says it’s been ‘starved of money’

  • The site is partly back on after 2 weeks of downtime from hack

• How to survive as a CISO aka 'chief scapegoat officer'

  • An RSA panel where the evergreen topic of CISO firings and protecting oneself is discussed

---

Wrapping Up

A good week (end) for the Security community. I enjoyed the talks and catching up with people.

For more on all the latest news in the Security startup space, check out Darwin’s newsletter at

The Cybersecurity Pulse (TCP)

The insiders’ edge on security innovation, funding, and GTM plays. Be first, not last.

By Darwin Salazar

Hope you enjoyed this brief recap on BSides.

See you in the next one.

---