Wednesday, March 16, 2016

Security BSides Orlando 2016 Report

The weekend of March 12-13, the 2016 Security BSides Orlando Conference was held.  As last year, this was done just before SANS Orlando, which moved from April (its long time traditional time) to March.  And like last time, it was held at the University of Central Florida, but in a new building.



This was my third year attending and my second year speaking.  I gave a 2 hour workshop on various security standards, frameworks, and regulations such as NIST CSF, ISO/IEC 27001, HIPAA, PCI-DSS and more.  Sadly, it seem a lot of people didn't understand it was a 2 hour workshop and left halfway thru it.  I recently posted the various resources for the workshop (references, training, certifications) here on the blog.

Attendance was over 400, and I understand they got a lot of students, who got to come for free.  There were 2 tracks of talks, along with some workshops which run longer, tho I think it turned out mine was the only workshop.  In addition, they had a Capture the Flag game going on, a Lockpick Village, and several vendors and orgs in attendance.  So a great event overall.

This year's badges were different, being different colored cassette tapes depending on if you were an attendee, speaker, sponsor, staff, silver or gold.


There was a conference t-shirt and stickers.  Speakers got some extra nice things.  I'll have to take some pics of those and upload them.

Check out their Facebook group for pics.  Not sure when videos of the talks will go live on their YouTube channel, but think very soon.  Sadly, my workshop was not taped.

I look forward to next year's event.  I have some ideas for next time.  I think my topic this year was too broad, so am looking at some more focused ones.  I really hope SANS 2017 will be in April for a couple of reasons.


Sunday, March 13, 2016

Resources for workshop on security standards/frameworks/regulations for information security professionals

At the 2016 Security BSides Orlando conference, I gave a workshop on security standards, frameworks, regulations for information security professionals.  While not an exhaustive survey of such, I focused on the ones that seem the most known, and which I typically see on job descriptions.

Not covered were enterprise architecture models like Zachman or TOGAF.  Left out are other security frameworks like SABSA or things like RESILIAFedRAMP or Cloud Control Matrix, SSAE 16/SOC, Secure DevOps, or Maturity Models for security.

Covered were:
  • CIS CSC
  • NIST CSF (plus FFIEC CAT)
  • ISO/IEC 27001
  • FISMA
  • HIPAA
  • GLBA 
  • SOX (plus COSO)
  • PCI-DSS
  • COBIT 5
  • ITIL

Wednesday, March 9, 2016

HackMiami 2016 Conference

The 2016 HackMiami Conference will be coming up in a few months on May 13-15.  This will be the fourth time for this annual conference.  Been to every one and plan on attending again as I will be speaking (for the second time).

A change for this year is they have a new venue:  Miami Beach Deauville Beach Resort.  I think they had some problems with the prior location.  Hopefully things will be better with this one.

They have announced their keynote speakers, and John McAfee is returning as an announced speaker.  (last year he was a surprise keynote speaker).  This year's general theme is a return to the start of the hacker/cracker culture.  They are still taking proposals, so don't yet know what will be the speakers and tracks.  There will again be the lockpick village and "capture the flag" event as before, and training on the first day.

If you are in Florida, check out this conference.  It's a lot of fun.



Monday, March 7, 2016

Security BSides Orlando & Tampa 2016

Well, here we are in 2016.

This year I am working on speaking at several upcoming conferences.  Two are coming up this month and next:  BSides Orlando and BSides Tampa.


Security BSides Orlando 2016 will be held the weekend of March 12-13, just before SANS Orlando.  This is the 4th year of the conference, and the conference again returns to the University of Central Florida, but in a different building from last year.

I will be giving a 2 hour workshop on various security standards, frameworks, and regulations such as NIST CSF, ISO/IEC 27001, HIPAA, PCI-DSS and more.  I will be posting here a list of the recommended sources of info, training, etc for this presentation.



Security BSides Tampa 2016 will be held on Saturday, April 16 at Stetson College of Law – Tampa Campus.  This is the third year of the conference and my first time attending.  I will be giving a presentation on the NIST Cybersecurity Framework on its second year of existence.  I have something special in regards to this presentation which I will review later.

I took forward to both conference.  If you have never been to a BSides Conference, check to see if there is one coming up in your general area.  Just in Florida we have 3, tho I'd love to see one start here in South Florida.

As I learn about the other conferences I have submitted proposals to, I'll post them here.