Recap
Last week, I had the opportunity to attend BSides RDU in Raleigh, North Carolina. This sold-out security conference took place on NC State’s campus. My goal for this event was to focus on relationship-building and making local connections in the area—a shift from my usual approach at larger events like Defcon.
When I attended Defcon, I made a detailed schedule of all the sessions I wanted to attend before flying to Vegas. However, I quickly realized just how massive that event was, and my plan eventually fell apart. Although I still enjoyed myself, I learned that these events are what you make of them. The best advice I can give is to let things flow naturally and be willing to adjust your itinerary if you can’t get into your favorite hacker’s session.
One of the things I appreciate about BSides and smaller conferences is the intimate size and local focus. You’re more likely to attend every session you’re interested in. However, don’t underestimate the power of networking and meeting like-minded individuals in your region. I had the chance to reconnect with previous customers I’ve helped deploy cybersecurity solutions that have significantly protected their companies.
A friend and former coworker joined me at the event, and we both enjoyed a variety of sessions—especially those that combined technical and motivational content. We spent most of our time talking with vendors, registering for local technology groups, and catching up on work projects.
Here are some of the sessions I attended:
Pivoting Your Way to Growth by Jessica Butel
Takeaways: I always appreciate career stories from seasoned veterans in the security field, and this talk was no exception. Jessica’s insights were applicable to professionals at various stages of their careers. She emphasized that opportunities arise for those who actively seek them, and that discomfort is a sign of growth.
Non-human Identity Attack Surface: A Live Hacking Demo and Defense Strategies by Michael Silva
Takeaways: This technical session underscored the importance of protecting non-human identity credentials and how they’re utilized. It’s highly relevant in today’s security landscape, where many credentials exist for machine-to-machine communication. These credentials often go overlooked because they aren’t tied to a human user.
Too Many Hackers! by Austin Allshouse
Takeaways: With my growing interest in security research, I found Austin’s session particularly engaging. He shared how he built and manages his organization’s security research practice, creating a well-oiled machine that prioritizes human interaction and collaboration.
Adapting to Active Directory Security Enhancements by Eric Kuehn
Takeaways: Eric discussed recent changes to Active Directory that have reduced the effectiveness of older tools like Mimikatz. He also suggested updates to penetration testing methodologies to adapt to these new security enhancements.
What We Got Wrong in Today’s Vulnerability Management by Erkang Zheng
Takeaways: Erkang stressed that vulnerabilities or CVEs without context are ineffective. It’s crucial to classify them correctly and accurately assess their exploitability. This is where EPSS (Exploit Prediction Scoring System) comes into play, along with context from other points in the network.
This was a goal I set back in 2021. During the height of the pandemic, I vowed to attend more local events once the world opened back up. Attending this event is another step toward fulfilling that commitment.
Thanks for reading!!