SecurityBSides in San Francisco on March 2nd and 3rd held at Parisoma was an experience that those in attendance will not soon forget. This is not for the reasons of Andrew Hay’s opening slide with his pink dress, but for a community of security professionals sharing and collaborating in a fresh new way from the vendor is king conference that was across town. What makes this conference so very different is the interaction at a granular level that the attendees can have with the speakers and sponsors. Not only are the actual talks much more interactive, but the sponsors who are in attendance can actually interface with the attendees and understand their needs as well as have the opportunity to convey their message in a conversation, not an expo-floor 5 minute pitch.

Some of the talks that were covered over the 2 days of the event are listed here.

Media coverage of SecurityBSides here.

Thank you to the vendors & volunteers that made this event possible!

Upcoming SecurityBSides Events:

March 13, 2010 - BSidesAustin – “Keep Security Weird” – Coinciding with SxSW Interactive

April 24-25, 2010 - BSidesBoston – weekend after SOURCE Boston.

July 29-30, 2010 - BSidesLasVegas – coinciding with Black Hat / Defcon

Here are some highlights from SecurityBSides San Francisco acquired using the ancient art of screen capture from the Flickr streams of Jack Daniel and Vissago.

If you have been living under a rock somewhere and somehow haven’t heard about this revolution known as SecurityBsides, well, perk up folks! With SecurityBSides San Francisco being the second large-scale un-conferences that compliments a large corporate conference, the proposed talks are already shaping up to be something so very special to our industry! This is an un-conference that is completely powered by the people, so if you haven’t yet voted for the talks that you would like to hear, do it or don’t complain!

Here is my short-list of talks that I think are going to be wonderful

*Some are not yet picked to present, so if you agree, vote often!

The Great Compliance Debate: No Child Left Behind or The Polio Vaccine

Panel Discussion: Joshua Corman , Jack Daniel (@jack_daniel) , Anton Chuvakin (@anton_chuvakin) , Andy Ellis (@CSOAndy), a surprise guest

How to Design and Develop Your Own Security Event

Stacy Thayer, Ph.D. @stacythayer

My Life on the Infosec D-List

Andrew Hay

Hacking the Sales Cycle

Gal Shpantzer

Being Inbred Isn’t Just a Problem for Hillbillies.  Groupthink and the InfoSec Industry

Vikram Phatak

Risk Management – Time to blow it up and start over?

Alex Hutton

What kind of self-serving person would I be if I didn’t put a shameless plug in for the Gender Panel: Unicorns, Clubhouses, and Ruffled Feathers: Women in Security:

Rounding out the panelist this year will be:

Jennifer Jabbusch – CISO of Carolina Advanced Digital, Inc.

Andrew Hay – 2008 “Security Thought Leader” award winner by SANS Institute / Security Blogger / InfoSec Professional

Lisa Lorenzin – Crazy smart solutions architect for an organization that I’m not sure if she’s listing (you have google, figure it out yourself)

Gurdeep Kaur – Author of controversial SANS Reading Room Paper “Women in IT Security Project Management”

Michelle Klinger – Full time QSA, defender of all things saucy and womanly.

Notice I said people, not women.

If you are interested in speaking on a panel at SecurityBSidesSF about Gender (Unicorns, Clubhouses, and Ruffled Feathers: Women in Security) and how it is impacting our industry by sharing diverse stories that have shaped your career, and tips for how as an industry we can improve, please contact me!

Gurdeep Kaur who wrote the paper on “Women in IT Security Project Management” has agreed to sit on the panel to discuss her findings and her experience that prompted the research. Also Jennifer Jabbusch will be speaking again as she did on the original panel at SeucrityBSidesLV.

I am looking for 3 more panelist to make up a 5 person panel.

Thank you all for the response, but I want to clarify two points that I’m not sure I communicated well in the original post.

First of all, I want to give SANS a big kudos for actually posting a piece that is gender based, this was a risk, and I’m glad they took it. Many more organizations would benefit from helping broaden the horizons of gender awareness in the technical fields. Conferences have been very apprehensive in accepting a round-table panel composed of industry professionals (not marketing women) to discuss the state of the industry in regards to gender. Currently, the panel is being held at SecurityBsides events and there will be some perspective European conferences this year that are opening up to the conversation. There are also many women that do not feel comfortable speaking out or helping other women gain entry to the field, this is a definite gender issue, but one we need to address on a different plane, and more in another post.

The second point in the original post was that of the review itself, the content of the research for the paper itself was fine, where I felt there was a deficiency was when it took a turn away from fair representation. Perhaps the advisor could have proofed the paper and suggested some edits to keep it broad enough as to not be easily identified as personal rhetoric, thus reinforcing the research points. I am fortunate enough that the author of the piece HAS agreed to speak on the Gender panel at BSidesSF that will occur during the week of the RSA Conference in San Francisco.

Again, for any women that may be reading this, here is a list of some great sites on the internet that discuss current gender issues.

The Geek Feminism Wiki

Executive Women’s Forum

Signed,

There is a paper in the SANS Reading Room titled “Women in IT Security Project Management” by Gurdeep Kaur that I came across this morning thanks to a friend of mine. After reading this paper it is clear why I get together with some of the most wonderful women in security to do the gender panels. This piece is actually written by a women, which is surprising as some of the rhetoric could likely be found in a piece from the late 1960′s when gender equality in the workforce in the United States was just in its fetal state.

The paper is written in such a way that the author questions if women possess the critical leadership skills to be successful in IT Security and Project Management, she brushes upon the decline of women entering the IT field, then the paper just gets all kinds of messy! She speaks to ‘Building a strong foundation’ and encouraging girls to stay engaged in the Science, Technology, Engineering, and Math. YET, she then digresses into a generalization about parents influence in their children’s behavior. WOW! Really? My parents bought me my first computer when I was 7, I have a friend who’s parents were government intelligence and she played with crypto when she was young. Both my friend and I were cheerleaders but somehow managed to still love science and math despite this author’s claim that during puberty that we would need additional encouragement. I call hogwash! This is where the paper just starts to spin down and where it becomes easily identifiable that the author is not using as much data to create a fair representation, but rather to justify her position and behavior.

I would like to formally invite the author to be part of our panel in March at BSidesSF during RSA Conference if she would like to defend her points, especially those in the 3 section of her paper. You all will just have to read it to understand that I don’t have enough time to pick apart all that I disagree with.

I am absolutely confused as to why SANS would actually post this to the reading room, this type of rhetoric belongs only in blogs.

Most asinine quote from the paper:   “It’s important to prove expertise with an industry certification.”