BSides and Stuff

so these sides and stuff this is me quick just I'm psyched to be here I apparently there is more to Charlotte than the walk from terminal D to terminal e which is normally from public jumpers to the real airplanes and vice-versa but so that's kind of cool again but here we are but first

[Music] so that was Steven Seagal's they're a Finnish band you should see their videos they're beautifully produced videos on YouTube if you haven't seen them they're amazing they're their video for born to be wild is stunning you're welcome you aren't here or here there which is which is awesome it's great that this event has been revived thanks folks but one of the things to keep in mind is that you're here but you're also here and part of this amazing movement of events this map is pretty much up to date the blue pins have held uh V sides before the green pins our first time once coming up question marks our babies the handful that have stars our tenth or

upcoming tenth events a handful events already had ten Vegas has had eleven but more importantly you're part of all of this then over ten years ago a few of us are kicking around ideas about what could be better about conferences and then people complained about their talks being turned down and we get a conversation and you know the big cons just get too many talks but we saw some that we're like interesting but maybe they weren't gonna fill a room at black hat or Def Con because they need to put a lot of see you know a lot of boats and seeds that's too bad there would be a place for these there to be a place for

people to develop their skills there ought to be a place for people to hear interesting ideas that are maybe interesting to dozens of people but not thousands and so we did a one-off event in July of 2009 and it turns out maybe it wasn't the one-off this is besides event 552 globally since that first

Cardiff Wales current of wheels turns from green to blue today they've got a five hour time zone head start so they're well into their conference that's their first so this has been 552 so far 163 cities in 50 countries depending on whether we count Scotland and Northern Ireland again keeps us from focusing on our own seventy-eights this part of this year and 32 more schedule that's changed in the few hours since I finished this deck two days ago and 34 more schedule to the left for the year 112 events this year 15 cities scheduled will hold their first ones and it's because as Jenny said of everyone it's because the organisers because of the volunteers it's because of those of

you that are here to participate whether it's participating by being part of the community its sponsors speakers everybody takes everyone to do this and it's just amazing it's like I don't know how did this happen and I speak to people I speak to like 60 or so teams a year that want to do an event about the third of them happened and so we bring events and mentor events and the local teams running all this is that this is the b-side of Charlotte's Tunes event it a connection to an amazing community but they do all of the hard work but anyway you know let's let's dig into some deep thoughts I want to talk about the history of

computer security just for a couple of minutes and give you some thoughts things to think about so a very complicated timeline we'll dig into that somewhere in the middle of that timeline the NSA decided that they would have security awareness posters yes that's NSA but they were that's this last year yes there's a set of a hundred and thirty-five or so of them available as a PDF if you ask the internet are paying me and I can help you most of them are boring some of them are bizarre and more than a few are more than slightly creepy surprised to hear that they are propaganda posters for the inside of the NSA so anyway history of

computer security I hope this complex timeline hopefully I won't lose anybody with this

but I I can this obviously I can go for hours on but there's some interesting things back then computers were rare huge and expensive and the people that operated them were treated as clerical even the guys believe it or not and they were plentiful and cheap relatively speaking now computers are free they're effectively free that's why there's a computer with an OS in everything if you bought light bulbs to have web servers in them because that's a brilliant idea what could possibly go wrong it's cheaper to put a full computer in a full stack and a full set of vulnerabilities and exposures in every single thing you own yeah luckily luckily nobody abuses that either for criminal purposes or

just to sell a stone wherever because privacy is dumb what else I don't know at that end I used to be an auto mechanic at this in apparently I'm not anymore the one thing I want you to think about though is the stuff that happened and the more stuff is why we have an industry to a large extent back in the old days computers were insecure but they weren't that well connected and they could have been secured okay I mean single users single process stuff we started down that path with things like BP and 10x like I'm the only one here old enough to know that other than historian but you know 10x was going to

be really secure and they made some of the dumbest mistakes you can imagine if you're really into that thing you know I'll give you some papers to dig into but what happened in the middle well we started connecting everything that was a good idea turns on the Nets of baggage computers became commoditized that can became consumed Erised and then commoditized and just doing that with the hardware opened up a lot of attack surface once we connected everything but then we consumed Erised and commoditized software and that was another step in a direction that gives us job security and then the giant step was that we consumed Erised and commoditize the creation of software so that any idiot can be a web

developer and they still call themselves web people even though they're plugging into the database of everything that runs your entire organization so I just do web stuff yeah does your web stuff like touch everything that runs our enterprise and has all of our customer data on it look yeah okay you have to act like a developer so that's where we are now then send the people if you believe the hype we're all well-paid and they're they're millions insufficient number of us but in the order of millions if you are a little more realistic you probably well-paid and have secure job if you have the exact match of bulleted checklist for your job then you stay up to date

there is a huge skills gap I like to talk about this and as soon as we solve that skills gap in HR and recruiting this will get a lot better so hey here's the thing that everybody needs to do to anybody here like this their first conference first piece on its first event all right that's worse but eventually I'll remember their names so if you ever need to find folks or just want to bounce an idea off somebody or just one event because your boss you know reach out seriously and welcome to the community welcome to b-sides into the community for everyone who's first-time event because this is what this is about this is what we can do

here is we can meet people we can make connections we can make a difference forgive me for being idealistic we can change lives it's a thing that I believe in and a lot of other people and derbycon did it and Dave doesn't and a whole bunch of other people in this room do it because we're in this together like it or not and let's act like it and with that that's not the end that's the beginning [Applause]