I was able to attend BSides Las Vegas a couple weeks ago. It was the second year that I’ve gone to the con. Last year, though, I competed in the Pros v. Joes capture-the-flag (CTF) event. While I’m glad I did the CTF (shout-out to the rest of the Labrynth Guardians, 2015 Champions), that meant that I wasn’t able to go to any of the talks or really spend any time doing anything other than the contest. This year, I wanted to still be involved in something at BSides, but I didn’t want to have my entire two days take up with it, so I decided to volunteer. That also meant I wouldn’t have to stand in line to get my badge, which was an added bonus.
In order to qualify for the volunteer badge, there was a minimum of (I think) 8 hours that you had to volunteer, so that basically meant three normal shifts throughout the con. By the time I saw a tweet asking for volunteers and decided to sign up, a lot of areas were filled up, a few areas had one or two slots left, and then the Room Host position was pretty much unfilled. I liked the idea of being a room host, because I do like to do large-group presentations, but since I had never been to a talk at BSidesLV I didn’t want to try to be a room host without seeing how the actual talks went. Instead, I worked at the information booth for one shift, rode the BSides Bus for one shift, and worked the silent auction for my third shift.
The info booth was ridiculously easy to do. One of the BSides Staff (Jason, I think) had created a three-page FAQ for the volunteers at the info booth, and that combined with the questions we did get made the shift pretty easy. There were a few questions about where things were, a few questions about T-shirts, and a lot of sitting around and talking to the other people working in that same area. The bus was also relatively easy. Once I had a couple tweets copied and ready to go, it was just a matter of tweeting out when we got to a stop and when we were leaving a stop, and saying where we were going next. The auction, though, was a bit more hectic. It would have been just as easy as the other shifts, but I was working the final shift. They had told us that we took PayPal and cash, so that’s what the volunteers had told bidders throughout the two days. Then, when we got to the end of the auction, nobody knew how to take the PayPal payments, or how we were organizing the close out, or how people would receive non-tangible items like tickets to other cons. I started telling people that if they had cash to pay for a tangible item, then I could take it, and started collecting money and making a pile of bid sheets that had been paid for, so there could be some kind of accounting, and just had the cash in my hand. I never did count how much cash I collected, but I probably had $1-2 thousand. Eventually, somebody put the BSides PayPal address in the volunteers’ Slack channel, so I closed out a few PayPal items, including the highest-priced item: an NSA challenge coin which went for $1500, and which the winning bidder said he partly bid so much for the irony of the NSA coin going to support the EFF.
I also learned a couple things about volunteering at BSides. One of the perks of volunteering is that you get a free meal at the con, but you only get that if your shift is starting immediately after the meal time. So, I got breakfast one day, but I wasn’t able to get lunch either day because my shift both days was from 4pm-7pm. Since my trip this year was out-of-pocket, that was disappointing. Also, I didn’t fly into Las Vegas until late Monday evening. If I had taken an earlier flight, then I could have volunteered for setup on Monday, which would have let me take care of several of my hours. Then I would have had more time on Tuesday and Wednesday to watch talks and participate in the other activities. I think that may be what I’ll do next year. Either that, or get some of my hours from being a Room Host.
I was able to see a couple talks, though. I saw one talk in the Underground track. It was an interesting talk on Active Incident Response and REDACTED. (I had written this on the plane with no Internet, and I had written a couple sentences here which were a high-level overview and my recollection of what was in the BSides program guide, but when I was checking the online BSides schedule for the names of the presenters, it said that the description was withheld by request of the presenters (or more likely their lawyers). It was a good talk, though.
On the second day, I was able to go to the I Am The Cavalry track for about 1.5 sessions. I wish I would have been able to be there for more of their sessions, as it was also very interesting. It was more of a discussion than a presentation, and my main takeaway from that was the need to get involved. The hacker and security communities need to engage with lawmakers if there is to be any hope that our laws and regulations are going to be effective and not make our security situation worse.
I hope to see you all next year, when I heard BSides is taking over the entire Tuscan hotel.
Workentin's Cybersecurity Blog 