On Wednesday I will be getting in mid-morning so I’m just going to head over in the afternoon around 1:00 or so. Unfortunately, this means I can’t take part in some of the interesting morning talks. Regardless, starting at 1:00 I will probably hit the Collegiate Cyber Defense Competition talk by Chris Lytle and Leigh Hollowell. The presentation looks to focus on lessons learned from these competitions and how they can be used as a learning tool. I am thinking of starting an internal competition similar to this within my company. That combined with its focus as a learning tool really makes this talk a worthwhile talk for me. Next up will probably be “The Dark side of Twitter, Measuring and Analyzing Malicious Activity on Twitter” from Paul Judge and David Maynor. If you don’t know it by now, I’m sort of addicted to this whole Twitter thing [there I said it] therefore I really want to learn more about its potential downsides. Their talk will summarize malicious activity on Twitter based on two years of data and 20 million user accounts. Finally since I’ll be giving the first of three career/community-related talks, I plan to stay for Joseph Sokoly’s “Infosec Young and Restless” and then see what the Infosec Mentoring Panel has to offer. Joseph will look at improving our community image and the panel will touch on getting the most out of mentor/mentee relationships. [I'm counting this as one talk ... even I have a hard time following my own rules.]

Thursday will be a bit more difficult as I’ll have a full day of talks to choose from as well as the start of some Defcon activities. I will probably start the morning out with “Social Network Special Ops: Extending Data Visualization Tools for Faster Pwnage” from Chris Summer. Visualization has always been a fascination of mine (especially for showing pretty pictures to management). That combined with information that can be extracted from social networking data and its associated connections looks to be quite an interesting way of gaining invaluable insight about an organization or person. I’m usually in favor of best practices however I do understand it has its pros and cons. For that reason I plan to check out “The Road to Hell is Paved with Best Practices” from Frank Breedijk and Ian Southam to get some of the cons. It seems it will be a fairly balanced presentation though that will answer the question “Will best practices make use more secure?” Finally, I will probably head over to see Zach Lanier’s “It Melts In Your Hand: An Overview of Security (Failures) In Mobile Applications.” Mobile is big and will only get bigger in the future. The presentation will touch on security not only from a device perspective but how these devices are connected.

Well those are some quick recommendations for BSidesLasVegas. Be sure to check out the BSidesLasVegas Talks page for more details on these presentations as well as other talks that you may be interested in. Are there any “hidden gems” I missed? Let us know in the comments below…

And if anyone wants to meetup, just mention @grecs on Twitter or find the guy with a gray Breezewood shirt on Wednesday. And like I mentioned above I’ll be giving at talk on this day as well at 4:00 titled “Infosec Communities for Career Success: Understanding, Participating, and Cooking One Up” so you can also catch me after that. There are tons of people I’ve met through Twitter and mailing lists and would enjoy finally meeting a few of you in person. See ya!

“I want 2 win 3 @taosecurity recommended books from @grecs. #infosecclassics http://bit.ly/cUiA4K”

Well … after around 40 tweets (and a few negative ones as well ), I headed over to Random.org and had it select a number between 1 and 40. The site came back with 5 so I chose the 5th person who tweeted or retweeted the magic phrase.

And the winner is … @bvPredator!

According to his Twitter profile Mark describes himself as a “Geek, Hacker, IT Support Specialist, Hardware Guru, Infosec noob!” I really like seeing that “infosec noob” part as I feel he’ll get a lot out of the books.

Congrats to Mark and thanks to everyone that entered. (Mark: Please DM me @grecs to arrange delivery.) See ya!

Anyway, here are your meetups for this week.

Tuesday (7/20)

• ISSA DC Meetup – “State of the Hack: M-Trends- The Advanced Persistent Threat” by Robert Lee of Mandiant at Government Printing Office (732 North Capitol Street Washington, DC 20401; Room A138) from 6:30 to 9:30 PM (more info)

Wednesday (7/21)

• CapSecDC Meetup – A very special “Not in Vegas” edition of CapSecDC at Stetson’s Famous Bar & Grill (1610 U Street NW Washington, DC 20009) from 6:00 to 9:00 PM (more info)

Thursday (7/22)

• InfraGard NCMA Meetup – “The Communication Infrastructure and Organization of Transnational Cyber Criminal Syndicates” at E*TRADE FINANCIAL Corporation (671 North Glebe Road Arlington, VA 22203) from 11:30 AM to 1:30 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

Code Version 2.0: “Code Version 2.0 (CV2) is a compelling and insightful book. Author Lawrence Lessig is a very deep thinker who presents arguments in a complete and methodical manner. I accept his thesis that “cyberspace” has abandoned its tradition as an ungovernable, anonymous playground and risks becoming the most regulated and “regulable” “place” in which one could spend any time. …” (full review) (TaoSecurity Rating: 4 of 5 stars)

Although Richard seemed to like this book and found it very “compelling and insightful” I found it quite a bore. Now I do only have Version 1.0 so maybe it’s been spiced up over the past several years. About the only time I look at this book is when I can’t sleep. Within about 5 minutes I’m out. I’m not saying it’s bad … but it’s probably just a little too theological for my taste. (Grecs Rating: 1 of 5 stars)

Crypto: “Steven Levy’s ‘Crypto’ is a fascinating look at part of the story of modern cryptography, at least from the point of view of key non-government cryptographers. The author clearly conducted plenty of research into the lives of certain individuals, such as Whit Diffie and Marty Hellmen, the RSA trio, and other entrepreneurs. …” (full review) (TaoSecurity Rating: 4 of 5 stars)

I really enjoyed this book and agree wholeheartedly with Richard on this one. I would almost give it five stars over Richard’s four. This is one of the few books from my early 2000s infosec classes that I actually couldn’t put down. It was very interesting to see the basis on which most of today’s crypto is based. (Grecs Rating: 5 of 5 stars)

The Cuckoo’s Egg: “Cliff Stoll’s ‘The Cuckoo’s Egg’ (TCE) is the best real-life digital incident detection and response book ever written. I know something about this topic; I’ve written books on the subject and have taught thousands of students since 2000. I’ve done detection and IR since 1998, starting in the military, then as a consultant and defense contractor, and now as director of IR for a Fortune 5 company. …” (full review) (TaoSecurity Rating: 5 of 5 stars)

Totally agree again with Richard on this one … another story I couldn’t put down. One of the more fascinating aspects of this book is seeing how attackers are using the same basic concepts today as they did over 30 years ago. (Grecs Rating: 5 of 5 stars)

Well … that is it for the books I’ll be passing along. To enter to win these three slightly used books, all you need to do is tweet the following:

“I want 2 win 3 @taosecurity recommended books from @grecs. #infosecclassics http://bit.ly/cUiA4K”

The contest will run for two days through today and Tuesday. At that time I will randomly pick someone and contact them to arrange delivery.

We hope you had a superb 4^th of July; we have a quiet week in terms of meetups this week. It seems like the place to be is at the SANS Digital Forensics Awards Night where there will be prize giveaways. Anyway, here are your meetups for this week.

Thursday (7/15)

• ISSA NoVA Meetup – “Cyber Corp Update” by Mischel Kwon of EMC Corporation, Patrick J. Kelly of The George Washington University, Steven Hernandez of the Department of Health and Human Services, and Justin Hoeckle of HLR Security Group, LLC at Avaya Government Solutions (12730 Fair Lakes Circle Fairfax, VA 22033) from 5:30 to 8:30 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

Anyway, as of Sunday night here are the conferences we’ve confirmed.

July

• SANS What Works in Forensics & Incident Response Summit (Fairmont Washington DC; 07-08 to 07-09)
• Cybersecurity Symposium (Hilton Washington; 07-08)
• PCybersecurity & Innovation in the Information Economy Symposium (Ronald Reagan Building & International Trade Center; 07-27)

August

• EVT/WOTE Workshop (Wardman Park Marriott Hotel; 08-09 to 08-10)
• CSET Workshop (Wardman Park Marriott Hotel; 08-09)
• WOOT Workshop (Wardman Park Marriott Hotel; 08-09)
• CollSec Workshop (Wardman Park Marriott Hotel; 08-10)
• HealthSec Workshop ((Wardman Park Marriott Hotel; 08-10)
• HotSec Workshop (Wardman Park Marriott Hotel; 08-10)
• Metricon Conference (Wardman Park Marriott Hotel; 08-10)
• USENIX Security Symposium (Wardman Park Marriott Hotel; 08-11 to 08-13)
• SANS WhatWorks in Virtualization & Cloud Computing Summit (Fairmont Washington DC; 08-19 to 08-20)

September

• NoVA Hackers Association Metasploit Workshop (ICF International; 09-18)
• Software Assurance Forum (NIST; 09-21 to 10-01)
• IT Security Automation Conference (Baltimore Convention Center; 09-21 to 09-30)

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the conferences listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

We hope you had a superb 4^th of July; we have a quiet week in terms of meetups this week. It seems like the place to be is at the SANS Digital Forensics Awards Night where there will be prize giveaways. Anyway, here are your meetups for this week.

Thursday (7/8)

• Digital Forensics Awards Night - Vendor Panel, an Awards Ceremony Reception, the SANS Forensic Challenge Winners Presentation, and the Live Forensic 4Cast Awards Ceremony at the Fairmont Washington DC (2401 M Street, NW Washington, DC 20037) from 4:20 to 8:30 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

Anyway, here are your meetups for this week.

Tuesday (6/29)

• InfraGard NCMA Meetup – “Critical Infrastructure Resiliency” by Greg Fowler of the FBI and Matthew Wombacher of the DHS at Springfield Hilton (6650 Loisdale Rd  Springfield, VA 22150) from 6:00 to 8:30 PM (more info)

Wednesday (6/30)

• CapSecDC Meetup – Normal Meeting at Stetson’s Famous Bar & Gril (1610 U St NW Washington DC 20009) from 6:00 to 9:00 PM (more info)

Friday (7/02)

• 2600 Baltimore Meetup – Normal Meeting at Barnes & Noble (Inner Harbor) (601 E. Pratt Street Baltimore, MD 21202) from 5:00 to 10:00 PM (more info)
• 2600 Arlington Meetup – Normal Meeting at Champps Pentagon Row (1201 S. Joyce Street Arlington, VA 22202) from 7:00 to 10:00 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

Anyway, here are your meetups for this week.

Wednesday (6/23)

• ISSA Baltimore Meetup – “XML Firewalls” by Adam Vincent of Level 7 at Cobham Analytic Solutions (7110 Samuel Morse Dr, Columbia, MD) from 5:30 to 7:30 PM (more info)

Thursday (6/24)

• Charmsec Meetup – Normal Meeting at Slainte (1700 Thames St Baltimore, Maryland 21231) from 7:00 to 10:00 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.

Anyway, here are your meetups for this week.

Tuesday (6/15)

• ISSA DC Meetup – “Securing the Health IT Ecosystem” by Dr. Deborah Lafky of the Department of Health and Human Services at Iron Bow Technologies (9500 Arena Drive Largo, MD 20774; Suite 300) from 6:30 to 9:30 PM (more info)

Thursday (6/17)

• ISSA NoVA Meetup – “Emerging Cyber Threats and Web 2.0″ by Devon Bryan of the Internal Revenue Service at Oracle Corporation (1910 Oracle Way Reston, VA 20190) from 5:30 to 8:30 PM (more info)

Remember that HacDC and Baltimore Node are two local hacker spaces that also hold several standard activities each week … so check them out for more fun stuff to do.

And be sure to subscribe to our RSS feed or follow us on Twitter at @novainfosec and @grecs to be alerted about any last-minute events or to receive updates on the meetups listed above. Finally, check out our Calendar for a complete list of infosec events in and around NoVA, DC, and MD.