It’s another year of BSidesROC, a local hacker con that we put together. Our sixth year actually. Not everyone really cares about how BSidesROC has changed over the years but it’s hard not to at least mention them for posterity and laugh at our failures.

I think that BSidesROC has evolved with the times or at least updated their memes. Year one was all about the memes and just messing around and to be honest, we didn’t care if anyone even showed up. We were going to have fun and hang out whether people attended. Today, here we are with a big group of organizers, 3 tracks of presentations, and hopefully even a keynote. We’ve gone from un-conference to regular conference and I think that’s OK. It’s what people told us they wanted.

After the fist year we started doing surveys to figure out what people actually wanted. Turns out a lot of people liked BSidesROC and looked forward to it, but didn’t really care about whether we made it an un-conference. I think we were trying so hard to make it like BSidesLV but really not that many people went to BSidesLV to care. So we built our own thing.

The Challenge of Finding Sponsors

There are inherent challenges with running a local con on a shoe-string budget. I say this every year, “We can’t do this without our sponsors.” I know this is a line that sounds robotic and everyone says it but I lack the ability to express this. It’s not the easiest thing for a bunch of hackers to go out and try to pitch this conference as something they want to advertise in. One quick story about someone that gets it though.

In the first year, Jason Ross and I were coming up with names of people we should talk to about sponsoring. We had seen this pretty awesome skull logo with keyboards, and concluded that whoever these guys were, they get “it”. (Honestly if you put skulls in anything I automatically want to be your friend.) So I nervously called Steve Stasiukonis (who I affectionately now call “Secure Steve”) and tried to give him my pitch. I don’t remember exactly what was said but it was something like this:

“Yeah, we’re like, a free and open hacker con and we’re all about having fun and we just want to build a hacker community…”

And he jumped in with, “Cool, but I’ll only do it if you make sure it’s not some kind of vendor fest. I’ll send you a check.”

This was the first time that I think someone figured out what we were trying to do and our first sponsor. Not only has he and Secure Network Technologies been sponsoring us for every year since, he’s given some of the most entertaining presentations, hooked us up with presenters, and provided us with gear.

The Horizon of 2016

Every year, we almost start from scratch. You may think we have some scripts that run like ./init_bsidesroc.py --year=2016 graphics=random_meme.jpg  but we put a lot of time and effort to come up with something that we think is better than last year or meets our interests. Being at a big venue like RIT affords us some options in terms of better presentation equipment and grabbing local college kids and just makes us seem more “legit” somehow. I’m sure we’ll fix that, don’t worry. 🙂

Cryptobar

The last few years we’ve had an anti-surveillance undertone that I think most of the industry has shared. This year, I’m stepping it up with an idea I call “Cryptobar.” It’s a dedicated area that attendees can go to learn how better to  lock down their gear and learn about the latest ultra-secure operating systems like Qubes and Subgraph.

New Designs

Last year was the first year we asked a local artist to build what they saw as a hacker con art piece. It was used on our shirts and badges and the entire process was a lot of fun. We’re hoping to do something similar this year.

Keynotes

I’m hoping that the people I’m talking to come through on a keynote. My underlying motive is to give students some perspective on the industry outside of what their school provides. We’ll see how it goes.

New CTF

We have a new team working on the CTF this year. Hacker Battleship remains the theme but expect more interesting challenges that you’ve never seen before. Also expect more shell code exploits. 🙂