SAN FRANCISCO – Security B-Sides isn't just for big conference rejects any more. This little-conference-that-could has grown up and become a force on the information security speaking scene. Its latest incarnation springs up Monday, a day ahead of the official start of RSA Conference 2011, around the corner from the giant Moscone Center, home to the security industry's biggest annual event.
With security conferences, you can be a minor celebrity in your local area, with B-Sides, you have a venue to express the knowledge you have.
B-Sides San Francisco is a two-day, two-track event featuring presentations from some of the biggest names in the security vendor, analyst and research community, such as Metasploit creator HD Moore, Alex Hutton, Ivan Restic, Caleb Sima and Richard Bejtlich. While it continues to grow and attract big names, B-Sides is still true to its initial charter as an alternative conference, one that provides a framework for more regionalized, smaller events in the U.S. and Canada, and soon in London.
"The original tagline for B-Sides was that it was doing to conferences what the Internet did to TV and radio, and that is, expanding its confines," said one of the co-founders, Mike Dahn. "We had been thinking about that for a while, why not try it."
B-Sides emerged in the summer of 2009, initially as a forum for speakers whose submitted talks for the Black Hat Briefings were rejected. B-Sides Las Vegas was the first event, and thanks to a lot of word-of-mouth marketing and buzz about the intimacy of the venues and quality of the speaker cast, similar events sprung up. Soon there were B-Sides in San Francisco, Austin, Texas, Boston, Atlanta, Kansas City and Ottawa. New York will soon host two B-Sides events, Dahn said, as will London this April alongside Infosecurity Europe. Dahn is not alone in organizing B-Sides; Jack Daniel, community development manager at Astaro AG, and Chris Nickerson, founder of Lares Consulting, share the workload and are instrumental advisors in getting smaller B-Sides' off the ground.
"We worked off a framework similar to BarCamps (user-generated conferences) where a Wiki page was developed and people shared ideas on how to make this happen," Dahn said. "It's been such a positive because a lot of people pitched in and asked 'How can I make this happen locally?' We don't want it to be seen as all conference rejects. That was genesis, but name is B-Sides. Far more events occur independently than alongside a major event."
In the beginning, Dahn, Daniel and Nickerson helped local organizers put on their events by getting on the phone with interested parties and instructing them on how to get sponsors, venues and food. However, this became unmanageable for the trio, Dahn said. They, in turn, created an organizer's forum where past and current organizers were providing feedback to potential new event creators. Buzz from B-Sides has made marketing easy, though some help from professionals MC Petermann of Barracuda Networks and Michelle Schafer of Merritt Group hasn't hurt.
"I've seen this model work well; we're hoping to have a large number of events," Dahn said. "Once we got to 10, 12 events, we started to leverage people to solve big problems and post things they learned on the wiki. The end goal is whatever the community continues to create. We're doing it locally, sharing information, connecting and educating others. I view B-Sides as a tool and people are creating this tool."
B-Sides definitely has a personality; from its offbeat venues in Las Vegas and San Francisco (Zeum, 221 Fourth Street), to a Duck Boat tour of Austin, Texas, the conferences are popular and space fills up quickly.
"With security conferences, you can be a minor celebrity in your local area, with B-Sides, you have a venue to express the knowledge you have," Dahn said. "It's nice from that perspective. I like the idea of giving more people a voice."
Dave Shackleford, a consultant and SANS Institute instructor, is presenting one session and sitting on a panel at B-Sides San Francisco. His "A Brief History of Hacking" presentation will be a highlight of Day 2. Shackleford, an Atlanta resident, said his talk is a timeline of hacking history that includes a few jabs at Hollywood's takes on hacking in film.
"It's a way to get audience participation," Shackleford said. "I do a 30-second synopsis of the plot and then give a score of 1 to 10 for the realism of the movie hack's attack elements. Can it be sort of real, or is a total stretch? Does it capture the hacker ethos really well? The audience can agree with me via applause, or disagree and boo. Everyone loves to boo the speaker!"
Shackleford is also part of a panel on the modern threat landscape with Moore, Hutton, Sima, Will Gragido of HP, Josh Corman of the 451 Group and Marc Eisenbarth of TippingPoint.
"The goal is to get a lot of interesting characters togeter with opinions and throw them out to the crowd," Shackleford said. "I do a lot of pen-testing; I bring that perspective versus HD who is building the stuff I use and Alex who analyzes the aftermath."
Dahn, meanwhile, hopes B-Sides continues to provide greater opportunities for community networking and information sharing in as many locations as possible.
"The language we use is important. All of the people who come to our events are participants, not attendees. All of them are participating, even if they're just asking questions," Dahn said. "It's not just about the talks, it's about the communal meeting of people."