Some of the music industry’s best hits came from B-sides. Gloria Gaynor’s I Will Survive was a B-track, as was the Red Hot Chilli Pepper’s most successful single ever, Soul To Squeeze. Vanilla Ice’s US #1 hit Ice Ice Baby was also a B-side, but we try not to talk about that.
The point is that sometimes overlooked creative efforts can be works of genius, which is how Security B-Sides got started. Black Hat frequently has to reject proposals for talks, not because they aren’t good, but because there simply wasn’t space at the conference. This is a problem that SecTor knows all-too well.
In 2009, a collection of rejected Black Hat speakers decided to solve that problem with a series of grassroots, agile conferences of their own, where perfectly good talks could still find a home. Security B-Sides was born. It’s an ecosystem of quickly hacked-together conferences that calls itself a ‘do-acracy’. There are no members, but only participants, who take action themselves to make things happen. As it says on its front page: “You are the ‘we’”.
A different kind of conference
Seven years later, there are dozens of B-Sides conferences, in areas as far flung as Algiers and Asheville. Canada has its own, in cities ranging from St Johns to Calgary. Laura Payne, a keynote speaker at SecTor this year and a key organizer of B-Sides Toronto which takes place this month, explains that the B-Sides ethos is typically different to that of larger conferences.
“It’s more relaxed and community focused,” says Payne, who is organizing the fourth annual B-Sides Toronto this year. Tickets are generally cheaper, and there is a broader mix of people, she adds. “We run a single track, with shorter talks, and you’re trying to hit all sorts of different topics.”
The degree of relaxation depends on the organizer. There are three types of B-Side Security conference. B-Sides Toronto is a structured day talk (where talks are typically decided and scheduled ahead of time), whereas others are ‘unconferences’, where talks are decided and arranged on the fly during an initial scrum session. Some organizers create a hybrid of the two.
You’d think that cybersecurity conferences would all compete violently with each other, but it isn’t the case. The different ethos of the B-Sides conferences, combined with a supportive and healthy security community in Canada, makes ample room for different events that will often complement each other and work together.
For example SecTor sponsored B-Sides Ottawa on 29-30 September, which saw some groundbreaking talks. Speakers at that conference included Raul Alvarez, who talked about how to reverse-engineer polymorphic ransomware. You can see him talk about different kinds of ransomware and their propagation strategies at SecTor later this month. B-Sides Ottawa also saw talks about how to lead a red team, and several discussions on how to build a better incident response outfit.
B-Sides Toronto, which runs on Oct 16 2016, the day before SecTor’s training day begins, will be the biggest Toronto B-Sides ever Payne says. “It started with 100 people in a bar,” she says, recalling its inception four years ago. This year, its 300-seat lecture hall at Ryerson has sold out.
There is a broad mix of talks at B-Sides Toronto this year, all of which last 35 minutes, which gives the single-track audience a quick turnover if a subject doesn’t capture their imagination . Boris Rudakov will talk about using rootkits to defeat the ransomware menace, while a team from Telus will talk about darknet operations in Canada.
Those who haven’t got tickets to the B-Sides TO event are now out of luck, but some of these talks will crop up again at SecTor, often in a longer, more detailed format. Check out the darknet session on the SecTor site.
Are you interested in starting up a B-Sides conference? Check the list of existing events, and read the organization’s quick start guide. With technology – and exploits – evolving at a breakneck pace, there has never been a better time to get together and talk security.