Opening Remarks, Rumblings, Ruminations, and Rants

you guys are probably aware or maybe not the states of California and New York have signed it laws or executive orders to basically enforce that people stay home right so they're trying to try and not try to slow the spread so that our hospitals and other medical facilities aren't overwhelmed as people get sick so so here we see the tweet from the governor of New York and a picture of the governor in California and you know New York saying they're gonna enforce this right they're basically they're gonna find anybody who comes outside of their home unless you know they're in the pharmaceutical or grocery or or other you know needed industry right now so that kind of reminded me of that

classic movie Judge Dredd you know just kind of a futuristic type Society so you know what's the future going to be like it's gonna be like a dude's Tokyo type Mad Max scenario I mean probably not right but I mean it is gonna be you know at least for the near term it's gonna be a lot more isolated right and really right now I don't think you know anybody knows how long this is gonna last so so there's some predictions out there on it but you know it could be longer or shorter than what people are thinking right now right so right now social distancing I'm sure you've all heard about that in the media right you know

what does that really mean you know it because it means like virtual meetings like this and remote work that all starts to become the new norm right instead of you being that weird person who works remote at a company where everybody else is at the corporate headquarters now nobody's gonna come nobody's coming to the whole corporate headquarters because because it's spread right so and I you know and so I just feel like companies maybe if you work in the tech industry you know remote work was very commonplace for your company or your industry but you know there's a lot of other in just we're I mean they maybe didn't even have vcn solutions or other ways of doing

secure remote access until recently right so you know there's a lot of you know industries have been around a lot longer that that are gonna have to adopt to this type of model at least for the near term right so so and instead of just some employees being remote it's pretty much everyone's remote right I mean I've personally been on so many conference calls this last week and because schools are closed pretty much across the nation you know it's just the norm like everyone's kids are jumping up in the background and waving and and you know when you're in like pretty serious business calls right so it's just you know something I think you know will

probably you know we'll get used to more and you know families will try to you know adopt to the scenario more so yeah so yeah no I agree man I I I definitely you know like more space like I have like the price of bubble right I don't like people come in too close to me I'm not really like a huge hugger if some of you know me or see me at conferences before yeah so you know it's not it's not too bad for me but you know for most people I think this is pretty pretty inconvenient for them at this point all right so how does this whole like scenario apply to cybersecurity right like we

talk all day about the current state you know I mean I'm just kind of telling you what I've seen in the news and what I've researched every day I look on my phone for articles about you know c19 and how it's affecting Society just cuz more I want to like see where the trends are going and it seems like speculations are pretty wide right between like people saying oh this just gonna blow over in a couple weeks to other people saying like just gonna be like a year-and-a-half thing right so so it'll be interesting but regardless I mean for the now where people can't even go to work I mean they're gonna need some way to securely

do remote work right so you know that could be something as simple as like you know VPNs deployed it their work with their machines still running so they can you know hit the VPN and then our DP with their boxes or to something much more right so so I think you know this this type services are definitely going to go up right and so security around remote access and whatnot like as security cyber security professionals or people were interested in industry in general you know we're gonna have to you know put more scrutiny here not that not that there hasn't been a lot screwy here in the past right because you know if you hadn't remote access you wanted to make

sure it's secure because generally you know you have this nice hard shell on the outside of your corporation and you're protecting networks and the way to get through that is the VPN but then once you get through there you have that nice delicious inside it's like like at an M&M right art hard candy outside with like delicious soft chocolate on the inside so if an attacker can get a foothold on the inside a lot of times they could just move on unrestricted across a bit right I don't know how many environments that I've personally contested where I've seen basically a flat network design right where all systems workstations production everything are just all inside the

corporate network and obviously that's not recommended but you know companies that are startups or really focus on growth or haven't really had an IT background or cybersecurity background you know maybe they just had the friends start their IT systems and it really didn't design it from the ground up the way they should have so so you know what's gonna happen right if people aren't coming into office is that means they're not inside that heart perimeter right but you know they've still got data and they still got to do work right and you know businesses are gonna fight to stay alive right businesses don't want to they don't wanna go out of business I mean people have sunk a lot

of time and money into into these entities and they want them to continue to thrive right so they're just gonna get we're done any way they can and I think that's gonna be a lot more of work occurring on like not corporate-owned devices or a lot more work occurring just on whatever you can get your hands on right which means you know there's gonna be more and more breaches outside of this perimeter and if we don't come up with a good way to get visibility to those endpoints or protections around like bring-your-own-device and other tech policies you know that's going to be a huge problem and it will be interesting to see how this plays out

I'm you know obviously companies could still you know nail putting it to employees but you know if you try to make a decision between buying new laptops and making payroll like obviously you're gonna do payroll and tell people to use their own computers right so so I mean businesses I mean a lot of businesses especially small businesses are gonna be really hurt by the market downturn all right so so you know personally I think zero trust I mean this is this is gonna be the way of the future man I mean a lot of companies have already started implementing this and you know implementations first purchase different companies widely vary right so just saying because you do zero

trusts that name that may be great or it may be useless right depending on your implementation so so I think you know the real thing here is with zero trust as design you're basically you know you're gonna authenticate who the user is that's sitting at the device and then you're also gonna authenticate the device say like hey does this device off good to act like access our corporate resources and you know that could be like you know is this device owned by us or that could be like does this device just like me know requirements like does it have antivirus on it you know has it been patched things like that you know and if you haven't met those

requirements you can't verify who you are or the device doesn't meet the corporate policies then then zero trust just basically says like hey you can't you can't talk to anything in our enterprise right but if you do then the zero trust systems will enable you to talk just to the systems that you're allowed to talk to the systems that are inside your kind of like great right so and then another nice thing about this is you kind of have these central points where you can audit who's accessing what systems from which devices so you know that's a lot a lot better than a flat network for multiple reasons right you know if one workstation gets compromised in a flat

network generally attackers will try and move laterally on to you know other workstations right until they find a workstation that has you know someone doing admin tasks inside the network right in a zero trust network you really only talk to the applications that you're allowed to talk to which means you can't really talk to any other workstations ideally and if you can't talk to other workstations then that makes attackers life a lot a lot more difficult because they have to find a vulnerability and the applications you're talking to and then wait for other losers users to log into those applications and then they have to have a capability then to move downstream from those compromised applications to

other workstations then kind of like move up and down that's a lot more complex right so and a lot a lot of attackers are not trained on that you don't see you know a lot of packing groups or even read teams or pen testers really taking the time or effort to go through that work you know you might see it in limited scenarios but you know that might be something also to watch it's just kind of the way that attackers are going to try and move through the networks more and more in the future right and you could definitely you know get a zero trust type system going low-cost you know by implementing well you get some of the features by

implementing host-based firewalls across your enterprise you know just even something as simple as you know making sure that hosts can't talk to other houses SMB services on like you know pork four four five then that can be quite effective where you have maybe like a cider block that can talk out where the admins reside and and everybody else can't talk to each other because that just makes a lateral movement that much harder on the attacker side so yeah I yeah so I mean zero trust is a big thing it was really I I think pioneered at Google they have a big write-up on it and now there's several vendors that have taken it in come on come on it eyes come out of

hiset so to make it easier to implement at your organization I you know I don't have a specific vendor recommendation but I definitely think you know as more people turn to remote work and just honestly this is something that we should we should have been doing a long time ago to make the inside of the M&M a lot a lot harder right so in addition right you know if you're not really going to the office anymore you're probably not gonna really care if your servers you're at the office right so I feel like and this has already come a trend you know there's gonna be more and more focus on cloud security the border that used to exist

because people are going into office spaces and you could have site-to-site begins between offices and all that stuff you know that's that's really gonna diminish even more now that people more people are doing remote work and whatnot make sure you can force everyone to VPN into the corporate land and things like that but it seems far more effective to have your systems built around a cloud security model I mean there's some pros the cloud security model one of them that I like is things are a lot more audible like there's an API you can call to find out what where how many servers you have right or you know how many files you have an s3

buckets and things like that things that are typically quite hard to figure out and a traditional data center model where people install devices and data centers they're supposed to be tracked in some type of asset tracking system and everyone who's in this industry and does it long enough knows for the most part of those asset tracking systems are pretty inaccurate right so you know people try and create like a master CMDB of their their assets and their enterprise but I feel like that's still executed very very poorly you know one of the downsides of cloud accounts is just if there's cloud accounts sitting out there that you don't know about obviously you don't know about them you

can't monitor them Canandaigua auditing and logging all that and another another downfall of cloud is a lot of people think like I'm gonna push all my resources to cloud so I don't got to worry about that that's that's Microsoft's problem or that's Amazon's problem and in reality the bulk of the security work still sits sits on your shoulders right so the way that you configure the policies and roles and permissions and your cloud prior providers is mission-critical I mean I don't know if you guys have looked for you know cloud storage breaches on on a Google search or like s3 storage bucket breaches but feels like every month there's like a major breach right like like Time Warner Cable

DGI the army Accenture I mean they all left tons of files and in storage accounts on these cloud providers they were just open to anybody on the internet anybody the internet could have gone and downloaded them there is a project it's called grey hat warfare where he's this guy has actually gone and indexed all the files which he can find in public storage accounts on Amazon so you can search them in real time so it's kind of like a showdown but even more intrusive because you're like searching people's files or file names and then you could go pull the contents right so I don't that's like kind of questionable ethics right I don't know where that lies I mean

definitely when you start accessing someone else's data you don't have authorization tax even if there's no restrictions placed on it I feel like that's legal but I'm not an attorney so don't take legal advice from me so you know it's pretty crazy right but this is a new new right I mean I mean datacenters are pretty expensive to run and you know it makes some sense when you already have the connections and facilities set up but as more and more these office spaces if they go away or you know we move more remote work definitely these cloud services they're just gonna become very standard in our industry all right so you know here's the other thing that I was kind of

thinking when I was like thinking of like hey if like everyone moves some remote work and we stay away from each other all the time which sounds fabulous to me like let's uh you know what our attackers gonna do why were they gonna change how they're gonna come after our infrastructure and you know one thing that I think is going to get even more prevalent I mean this is already popular now attackers but you know it if I'm pushing all my stuff to cloud and I have zero trust you know going after your corporate land and all that it's gonna be hard man I mean it's just gonna be he's not like it's not possible in a

zero trust model but it's just it's a pain so an easier way would be hey if you as a company trust another company because almost every company out there has vendors they need they need something to do their job right and then a lot of those vendors have higher privilege access inside of their environments because they need to be able to talk to their other systems and they need to be able to put orders in or make requests things like that and so you know I think we're gonna see more and more actors target these third-party vendors and even though they don't maybe don't care about those vendors they really want who those vendors provide

services to there's been a lot of reports lately about MSPs like managed service providers being compromised and allegedly by you know nation state governments and then they're using that as an initial access into the MSBs clients right like msps that they're monitoring for either availability or security concerns have an agent and then the third-party MSP provider is able to monitor and fix problems on those endpoints and so the attackers go after the MSP cuz wants to get access to one I'm his feet they can access on altitudes are good environments and maybe they don't care about all those but maybe they care about one or two and so for them that's good value so I'm

just calling this deep phishing right because I trying to come up with a term right and you know this does not like a theoretical right this is this has been done right and it's probably being done right as we speak so for example that the whole target scenario right the way that they got a foothold into target systems is that they went after a basically offender or supplier for target right they fished onto that guys laptop they got his creds and they used his creds des as an initial access point to start talking to target systems directly and then they were able to you know gain access to those systems by chaining together a series of

vulnerabilities which then allowed them to pivot around the network and eventually get to the point of sale terminals where they started stealing credit card numbers all targets locations you know and they they expelled the data and their credit card numbers and all that stuff right so so I mean you know this is not might happen this is is happening and will probably dramatically go up if things continue down the same path so I think you know one thing that we're probably already experiencing right now is as we're sitting at home because we're forced to be home we're just we're gonna start using internet more right I mean if your boss or co-worker isn't sitting right next to you I mean there's a lot

of employees that are gonna just open up Netflix or whatever and start watching stuff from their house while they're working and not saying anything bad about that just saying you know that that's more bandwidth right and you know the more we're forced to be at home the more we're forced to use the Internet to interact with each other and then what we use the Internet yeah the more traffic because across the large tech companies Facebook Google Microsoft AWS I sure they've are invested heavily in these undersea cables right these fiber-optic cables to connect their data centers around the flow so they can provide the best experience to the users on their platforms so I think

you know we're gonna see significant more Internet infrastructure go down in the next few years just due to demand for remote work and bandwidth requirements you know would be interesting to see whether the last mile like the internet providers to us actually step up or not you know but you know these major tech companies they they need these type of services to continue to provide you know continue to be kept bedded in this space so so I think that's cool I mean that you know that's that's a better internet ecosystem for all of us right but you know with that I really think that there's gonna be even more of a push for end to end encryption right I mean the

more cables that go down the hardware is to monitor the cables to know what's going on at all your different locations and you know companies like in the tech industry like Facebook have been preaching for a while now that you know you basically you need to do end-to-end encryption everywhere even inside of your private networks in your data centers application application inside your own data centers you need to be encrypting it and that and that is what as far as my understanding my knowledge base is what Facebook does right now is they encrypt all the transmissions even inside your data centers so even if someone were to compromise one of these fiber-optic cables or they were to

compromise a switch or a router in a data center they theoretically would be unable to read the communications because there is encrypted even inside their own private networks so I think that's pretty cool and I also think the push to cloud is really enabling this I mean the cloud providers basically enable TLS automatically because they assume that you're gonna access them over the internet which is not trusted but you don't have to I mean there's ways to set up AWS accounts that are completely private so that none of the services that you're using can ever talk to the Internet you can drop endpoints inside of Virtual Private Networks in AWS and you yeah you can set up a lot of

those services now so they never talk out to Internet right but you still I mean that's inside AWS is data center so you still want what if a router switching is compromised in their data center right you want that to still be encrypted and a lot of those service providers are now doing that by default so I think you'll see more and more push for this you know I know some of the major tech companies are doing this now but not all big tech companies are doing it just really the ones that are trying to be a little more proactive so hopefully you know everybody just does this by default going forward so or everyone gets on the cloud providers and

the cloud providers are just kind of doing that transparently underneath right for you all right so yeah D fakes D fakes are scary man right cuz you know at least right now or previously you know if something was a fake and you know journalists would would really be to be all of that I mean up until lately we still had press conferences with the president and journalists were invited to be there you know we're kind of going into a at least for me an unknown territory here the the you know if we can't meet with people in real life there's really no journalists or anyone to fact-check that someone said or did something right and if

somebody's able to create videos and to the point in which we can't detect if they're fakes I mean you know they could potentially shape world events so for example I mean it's widely considered to be a fact now that you know foreign governments were meddling in our previous election right and I mean my understanding of reading the unclassified reports about this is that you know Russia basically wanted to sway the public and so they used bad networks and fake accounts on providers like Facebook and Twitter and things like that to try to push certain narratives and they thought the net effect of pushing those narratives would be that you know you would vote more for one candidate

versus another candidate so thinking about this again we've got an election theoretically coming up in 2020 if it doesn't get postponed or whatever they're gonna do right and you know what if Russia predicts deep fake videos that we can't using technologies we can't verify our fake and then just starts releasing those on social media which starts swaying the public one way or another right I mean that's a pretty you know maybe we have the technology to detect those fakes now but you know technology has a way of leapfrogging to in a way that you know improving in leaps right so so you know it's possible is it probable I don't know but but you know without people being at press

conferences or being able to fact-check with people in real life I mean it definitely makes you know trying to manipulate public opinion like a whole new level so yeah it'll be interesting see what happens here I mean they're definitely you know incentive right for foreign governments to meddle with other governments elections right

all right okay great so you know I I think one thing that might be positive is you know I don't know how many of you have VR sets virtual reality sets right but you know if people start to lack the human interruptions right I mean this is an alternative that they could go to with little risk right without the risk catching fire is there anything like that you know as long as we're not sharing headsets or something with keep unknown people but but you know this could be a real boon to this industry I mean the VR industry is in my opinion pretty cool it's uh but you know it's still you know pretty enthusiasts into

the enthusiasts space right like people who want to be into it or into it you know that you know that we could see like a much wider especially if like the virus were to linger for like a year and a half or something like some people are predicting you can see a much you can see a boom and VR I mean right now you know you go get theoretically like an oculus quest and you do anything a computer to hook it up and I can do room space base VR so so you know you don't even need a good computer right to run it it's all self-contained the headset and you don't even need sensors in the

walls or anything fancy you just plop this thing on pick up the controllers and you're good to go so I mean we can see you that stuff start to boom right and you know I know there's some like applications on the platforms right now to do social interaction and I've looked at them quite a bit you know there I'd still say they're pretty basic right you know there's some your chat room like experiences that are you know people like but you know they're still pretty in my opinion rudimentary so you could see a lot more active time being put on those to provide people that much better like experience right so instead of this just

going from an enthusiast market that people think is gonna be a thing in the future you know it could be a thing almost now right so right so then I was thinking like Villar takes off right theoretically because people can't go outside for like a year or something like that I mean that's you know probably a worst-case scenario but I was just you know to go with that scenario so so I was trying to think like hey what's the implications here right and like the thing that I you know you're gonna have all these guys developing VR apps right for this platform if it takes off and you know historically I think that's gonna be a

lot of the same resources that have done video game programming in the past and you know video game programming in the past is not it's been very emphasis on features and performance and there hasn't been a like a huge emphasis on security right so at least from my perspective there has not so like for example you know yeah I mean several vulnerabilities have been discovered in video games like a lot of those games on Steam that are produced by Val but used to use or still use the source engine like csgo uses it I believe Team Fortress 2 uses it and all that and you know I think there was a period of time where for like I don't like you know

like for about five years where there was a particular spray you know in those games you go down and tag the walls right and if you tagged the walls you can have your team's logo and stuff like that on the walls right so you know you could kind of use that to mock the other team as you're winning or whatever but for the period of five years there was actually a vulnerability where if you built a very like a malicious spray you could spray the walls and basically crash everybody's clients except for your team's if your team's clients don't crash everybody else does you can go around and frack that and eventually a German researcher reported this

vulnerability to to valve and they fixed it across the platform but you know I mean I don't I mean there's things like that that I feel like the gaming industry is not really put a lot of time and effort on the security end so so you know what could this future look like if they're gonna crank out a bunch of code they're gonna crack it out fast and they haven't really had it in focus on security in the past what's that gonna look like in the future you know and and one thing that I just kind of thought out was you know this could literally be you know a whole new market right so I

don't know if you guys are aware or not but you know there's companies out there right now and all they do is they buy zero day vulnerabilities or zero day exploits right and what what is a zero day exploit it's a it's an exploit that takes advantage of a vulnerability and a piece of software that it's a it's a that's not known by most people right it's known but you but not really known by anybody else so then you can sell that exploit to somebody else and then that usually gives them some type of capability like it's some bypass authentication on an application or gives them remote code execution which means they can execute whatever code

they want on your system and if they can execute whatever code they want a new system they can steal your files or they can you know use your system to pivot to other systems or they can you know I don't you know just generally do anything that you could do you do on the system right so right now you know it's pretty baby town frolics if you want to develop exploits on gaming platforms so it's it's not that hard but you know if everyone starts using VR and if you are is using a lot of the same code base that gaming software is using today you know the value of these exploits for the VR

platforms could go high right and now you know one possible use case for this is I don't know if you guys have ever seen ghost in the shell' before or not but there's a there's a hacker in here called the Laughing Man and basically when you're when you're everyone in this basically futuristic Society has enhancements right like some part of your body is enhanced with technology and so he is such a good hacker that he's able to exploit weaknesses and in those enhancements so that no one could ever see his face Oh every time everyone tries to see his face they just see this Laughing Man logo because he basically has O'Day's for their there enhancements

right so you know you could see something like that occur so that people could stay on - on these platforms you know I mean if everything's thrown flowing through the internet and everybody's on you know one to two to three major chat platforms on VR you know chances are high you know criminals and others are gonna jump on there which means law enforcement gonna jump on there and start monitoring it right and you know there's always a sub demographic that wants to stay anonymous on platform so you know that's that's one use case you know another use case is you know if people are actually able to develop exploits for those platforms maybe they can even get remote code

execution under your laptop or some like that so it's like hey man let's meet up on VR and chat and when they do you take advantage of vulnerability in the software and you're able to take control of their laptop without them knowing so you know it's it's it's pretty interesting just how a remote work shift and how getting rid of a lot of this old you know hard outside soft inside type mentality would you know would change us but in the cyber security space I feel like you know a lot of parts of society is maybe not for the better right but in the cyber security space I feel like there's a lot of stuff that we should

already be doing today so even if like we all wake up tomorrow and like CDC's like pandemics over we're all good everybody go outside I still feel like a lot of these recommendations here in these presentations are things we should do it like zero zero zero trust cloud security right those type things and an encryption I mean those are things regardless of what the future holds I mean we should really be pushing organizations towards those type of solutions and the cyber security professionals you know if we we should be making these things dead easy for for corporations to implement right I mean one thing that is really annoying to me is just you know like a company their

goal is to stay in business right it's to like drive value to basically you know their clients and their shareholders and and all that right and I feel like historically a lot of cyber screwed professionals there there's a no guy right there kind of like the mom that goes around the organizations like you can't do that you can't do that you can't do that and really as an industry we need to shift from no you can't do that - yeah you can totally do that and here's how we do it in a way that is you know well organized for you and well organized for us as security professionals so you know we don't want

to be the guys that are just telling people no I do believe that push - cloud is from you know for most of commercialism a bit of wolf right it's due to cost savings and but the you know the security professionals it's it's on us to go learning those platforms right we can't just be like hey I know firewalls I know VPNs I've been doing this stuff for like the last decade I'm not gonna I'm not gonna learn cloud like that's like I don't need to know how it rolls or access control works in cloud like that's it's not it's not gonna be a viable strategy in my opinion for the next 20 years right so as as on-prem and

datacenters start dwindle best I saw when you get migrated to cloud as you know startups mostly startups like rain and cloud infrastructure just do there they need to start cheap and small and then scale up rapidly with their platforms and you know I I do think the serverless platforms that are on cloud right now are ok for basic tasks like scripts that you want to automate but you know they're pretty hard for advanced applications because it's hard to debug the code in service environments especially if you have like multiple server layers components all talking to each other it's hard to know where things are failing at least from for me when I when I'm developing things

and for in lambda and those platforms so I mean I do think that there still needs to be a little more innovation and and ease of use in the end server live space but I do think that's coming as well right so so containers are kind of the new new and orchestration of them kubernetes is clear the winner of that right now which you know a lot of the cloud providers are very slick managed service for right now but you know after that pushes over then I think a lot of people are going to turn to the service and hopefully it'll be mature enough that people actually be able to debug complex applications and in those

ecosystems so yeah so I think it's security professionals where you just really need to get ahead of the curve right we can't you know just keep saying no forever we gotta be the guys that know the cloud we got to know AWS either GCP we got a no zero trust right we got to know how to take these old legacy lands and easily get them into a more secure state and then we got to be innovating right like it's not good enough for us to just say like like hey you know yeah everyone just gets cloned by a fishing you know and it's not good enough for us to say like you know we just need to do more

user training and awareness like that's that's not a real solution right like we'd an actual solution that we can provide to the masses and be like hey we know you guys get fished install this solution and you know that many days ninety percent of the risk or something like that right and you know a lot of that work is still to be done so that's that's the great part about cybersecurity as a profession and my personal opinion is just that me it's still a little wild Westy right there's still a lot of opportunity out there and you know while it's horrible that we're all focused focused stay inside I mean some people think that right I mean

there's a real opportunity for us as cyber security professionals to try and try and push forward the industry and yeah and try and make this just a little bit better the world than it was yesterday so so I I just leave that with you guys at this time and we will I think that's last slide oh thanks again on the sponsors really appreciate it especially digi sir is so helpful every year and RSA and Adobe and you know mine casting coral egg came through this year and Franken area and saw stack and even sink on and no starch crushed red point security pitched in as well so I really appreciate all them and all they're doing for this event so so with

that and I will post the slights that I just that I just add on to twitter my twitter name is tweak Fox and I'll put it in this also so I will these are being recorded and they should be up on YouTube relatively quickly after the event so big thanks to once again to poke with hope tech the really this event would not be happening without hope and and the team right and his media to you so I really want to thank them again they you know in a matter of basically a week put this entire thing together from a tech stack and you know hopefully we'll have any issues and recording all that and

everything will be up for you rapidly so all right we will have the next session at 2 p.m. will begin and you know I'm just gonna answer these random questions in the channel for a minute while we're waiting on that so why is it called b-sides my understanding of why it's called b-sides is because and if you guys remember tape decks there they they had two sides right so the primary side we need we need how to tape and you put it in the tape deck to play music would be the a side but then a lot of artists realize they could record another stream on the tape deck on the backside and they'd call that the B side so that's

kind of where the name came from and I think the implication there is really you know black out in Las Vegas is I don't have anything bad to say about it I think it's a great event but it's also very expensive right I mean tickets are basically $2,000 a pop which makes the event very inaccessible inaccessible to a lot of audiences right I mean unless you have a corporate sponsor you're probably not gonna pay two thousand dollars to go to black hat and so you know some of the original organizers where Eastside started in besides Las Vegas they they were just kind of like hey we need an alternative here that's a low cost that everybody can go to and so

they create besides LV or Las Vegas and you know like you know comes from the reference to the tape deck right so you know ace the a sides maybe black hat and then the B side is their conference the alternative that everybody can go to so

yeah so that's kind of where the term comes from and then they kind of put together like a like an ethos right like what is a B sides and then the organizers in B side San Francisco which is one of the larger piece sides events besides Las Vegas and besides San Francisco are pretty large they you know got a trademark around the term and kind of put some legal framework in there but every B sides is its own legal entity so like we are in some of whom go through the process of becoming a non-profit so B sides Las Vegas or no b-side Salt Lake City we've we've gone through the process of becoming a non-profit we're

501c3 that's really thanks to the work of one of the board members Ryan Simpkins he keeping 16 Lohan oh he did that for us which I completely I my hats off to him I owe him and you know he helps us make sure we're compliant with state and federal laws with the charity every year so just know when you buy a ticket or you know you sponsor the conference or anything that your money is going to the nonprofit you know I don't you know no one who spends their time and effort on the event makes money off the event and then the only thing we do with the leftover funds is we use that to seed the next years of that so

so you know my goal really is to make this a self-sustaining event right where we have enough money to keep growing it every year you know I could envision a future where you know you know there's thousands of people at a b-side Salt Lake City event right I mean at a $20 price point I don't think that's unreasonable at all but you know I think there's something to be said about making this make an event the way it's been which is or small and intimate which you know we're trying really hard to stay true to our values when we when we originally created this and really if you haven't heard my I think my own speech is

recorded on YouTube on the channel from two years ago about like why we're doing this but the rule the reason that we're doing this is you know I don't know if you've seen this on my emails but the slogans by the people for the people I mean my goal really here is for number one to get more people into cybersecurity really like to get more college kids coming out to the events and up to speed and you know just even if they like have a little interest but they're not certain give them a platform to make some more connections in the community and kind of build their social network a bit more and then - if you're

already in the community and your cybersecurity platform it professional this gives you a platform to give back to the community so I really encourage people that are professionals like to submit for the workshops and the villages and call papers next year especially if you're in Utah because like I just want you know more the college kids to see and get to know you know professionals in the industry and you know kind of have more of a vision like hey if I work hard I could be like this guy or I could be like that guy you know I could you know I could be you know and in the process have fun like I could do some like RFID hacking or I can

learn a bunch of cool content at these talks and then and then hopefully inspire them to you know go down become cybersecurity professionals themselves so and then hopefully you know that grows the whole community across you know the world right so so you know even if they don't stay in Utah if they move to DC or anywhere else then you know we're still doing our part to kind of at least help me the cybersecurity gap a bit more and and also you know one of the primary things here is give back right so I think a lot of us were in cybersecurity now and have know the things that we have in life we got here

because somebody was willing to take the time out of their day to go talk to us right I mean I know personally when I was growing up I used to meet up with a bunch of hackers and a round Table Pizza like every week and we just talked about computer stuff and you know that was pretty much the catalyst that gave me the ability to get into this industry and to you know hopefully make a positive impact so so alright so I'm gonna hand it off to the next speaker and we'll start in five four minutes now thank you guys if you want to chat more I am on slack on Bryce Coons on the b-sides and you

guys need anything feel free to email info at Eastside salt lake city org and someone on the team will get back to you thanks these guys