Posts tagged “work”.

Another SOURCE Boston in the books

SOURCE Boston 2009 wrapped up last Friday. Once again, the SOURCE Advisory board did a bang-up job picking talks: Normally, during a conference there are “collisions” in which there are two talks I want to see that run concurrently. SOURCE had this, but it seemed that it happened almost every single talk. I was desperately switching my attention between the talk I was currently at and my twitter stream watching people live-tweet the other tracks. I constantly felt I was missing something great. SOURCE also improved the one complaint I had about SOURCE Boston 2009, lack of the ability to get to the venue via the MBTA. This year’s venue, the Seaport Hotel was easily accessible from the Silver line and the new digs were great.

My talk went as well as I could have hoped. Despite some minor issues with regards to what I could and couldn’t talk about and thus the presentation being much shorter then I wanted it to be, I felt I fielded all the questions cleanly and ones that I could not answer I made sure I got business cards so that I could follow up. For those of you interested in downloading my slide deck it is available here:

  • Massachusetts Data Breach Laws, Regulations, and Responsibilities (PPT, 828K)
  • Massachusetts Data Breach Laws, Regulations, and Responsibilities (PDF, 286K)

Some highlights of the conference:

  • David Mortman‘s delicious bread, which he handed out if you asked questions during his talk. I got a slice because I was able to answer a question.
  • Marcus Ranum‘s keynote. Despite being a presentation of “The industry is beyond repair, and here’s why…” gloom and doom, I was able to at least grab some good points out of it that will enable me to fight the good fight. He also made a great metaphor: “3D dancing pigs” meaning something which management wants and will try to implement despite any warnings.
  • James Atkinson‘s counter-surveillance talk. Last year he did telephones and this year he did automobiles. Crazy stuff.
  • L0phtCrack 6 information session. I can’t wait.

And these are just the ones I can remember off the top of my head.

SOURCE is a great conference and if I had the time and money, I’d seriously consider going to SOURCE Barcelona in September. If you have the chance in 2010, I would highly recommend attending.

I’m speaking at SOURCE Boston 2009

SOURCE Boston officially let the cat out of the bag yesterday by posting their schedule, so I can now say what I’ve known for since about mid-December: I’m doing a talk on the SOURCE business track entitled Massachusetts Data Breach Laws, Regulations, and Responsibilities.

I’m excited to be a part of SOURCE. I attended last year and it was an excellent conference. A great mix of  secruity geeks and business types and everything just seemed to click. Not as “free-for-all-ish” as DEFCON or HOPE, not as stuffy as a business conference. This year, it’s shaping up to be even better: They moved the conference to a better location, and the schedule is even more impressive then last year. If you’re a security geek, you should definitely look into attending. It is worth every penny.

Of course there is an off chance that someone might make a grand entrance a touch early. I think everyone is hoping that doesn’t happen.

SOURCE Boston here I come

As previously mentioned, I’ll be going to SOURCE Boston tommorow. I’ll be attempting to the conference on my somewhat shiny and new Twitter Feed. Per haps I may even, *gulp* “live blog” (Ugh. I feel dirty for saying that).

Truth be told, I’m not 100% sure what to expect. Most of my previous “security” conferences have been either DEFCON or HOPE, which I assume will be slightly more “low brow” then SOURCE. For example, I’m not expecting SOURCE to have A room full of hammocks you can crash on. But, from what I can gather, and from what the schedule says, it will be a pretty good time. It looks like it’s going to be a good mix of business types and security geeks, and it’s approaching the idea with the right attitude (Pub crawl anyone?). Another plus, any conference where I don’t expect the conference attendees to smell like week-old BO == Win. (Hooray!)

I’ll be staying mostly on the Security Technology track, with possibly heading over to the Application Security track if something over there catches my interest. I’ll be attending the pre-conference gathering tonight, along with the reception tomorrow night and the pub crawl on Thursday. If anyone of the four of you who read this want to meet up, IM, text, tweet, comment, or poke me at the conference.


One of the cool things about the new job, is that they are very pro-conference. Even better, they have a budget for conferences that cost money! Source Boston sounds really cool. While it may not be as cool as DEFCON or ShmooCon, it definitely has that “hacker-ish” feel to it. Of course, any conference with a pub crawl associated with it definitely gets the thumbs up from me.