IATC - Leading in a "Do"-ocracy - Tod Beardsley, Chris Nickerson & Beau Woods

AV setup and everybody's taking a seat one of these we said when we first launched the cavalry is our fight might not be your fight but the whole intention was try something do something so if you know head hunter or you know Claudio a lot of people are doing more with civil liberties or protecting dissidents or they're doing things no Jen Ellis just presented earlier she helps to the capper but she's also working on protecting researcher rights so what we wanted to do is bring up a few different doers who know how to herd cats and make hacker types you don't like to join stuff do stuff important so we took hope Phylly you have a nice

little smattering here and you guys ready to go alright so like I said our fight might not be your fight but try something do something or we can keep from planning about it question oh that was just the finger sorry alright so real quick here um bios are on the side except for everyone from whim down on the end we've got Chris Nickerson we've got whim we've got Bo we've got time here's Lee and I'm Tim I just do [ __ ] so I get volunteered and go out so real quickly here guys I'm just gonna throw a question out you guys can answer it and whatever but what inspires you guys to get out and actually do [ __ ] rather than

complain about nobody's solving problem x and I wish someone would do whatever im gonna stop yeah so to preempt him so that we have some time for the other panelists I'll jump in first one of the things that kind of drives me to go do something is I guess it's kind of a switch going from the sitting around in bars and you know feeling sorry for ourselves and commiserating over beers to like actually making the problem either less bad or at least contributing towards making it better the reward center on my brain I guess at some point got flipped after doing it a couple of times after participating a couple of times and now while it's nice to sit

around and tell war stories it's even nicer to go and actually work with people who have the ability to change things hello at least for me like every nothing works and everything sucks right so when I run into this problem one you know an hourly basis I try to you know solve whatever the problem is that I'm facing and then as soon as i'm done like I realized that you know it's it's way better to do this with an audience and so I'm super happy to like just write documentation and put in decent bug requests but uh you know bug reports and pull requests and whatever to just try to like it seems like a

waste if I'm the only one who like solve this one you know weird terminal problem like I'd much rather that just have everyone solve it forever and then that sucks a little bit less you know a little less often I mean that's that's kind of my motivation so go for it hi um the last step of AAA says having had a spiritual awakening I'm gonna go share this with other people and I've been able to watch this community go from an amazing group of people who are constantly sharing with each other to a closed-off group of [ __ ] who troll each other and that was my spiritual awakening because I had to sit there and

look at the people that I was right next to and say wow I'm the person who's the trolli [ __ ] and makes me sick totally sick and I think that all of us need to get off her [ __ ] high horse and actually do some [ __ ] like stop talking about it like it's it's it's ridiculous you you sit and talk at a bar about how the other people are doing things wrong when you're the [ __ ] talking [ __ ] and they're at least doing something even if they're doing it wrong they're doing something and you're not you're doing nothing in judging and I think we do that all to our clients and we do that

all to the people that we work for because our whole industry is built around this [ __ ] holier-than-thou I should tell you what to do without doing it because then I'm in the mix and we have to keep the separation of church of satan it's all [ __ ] and the thing that has inspired me are people like whim who looked at it and said hey all of us are sitting here talking [ __ ] and then all of a sudden one day whims on the other side of the table i'm sitting and talking [ __ ] oh [ __ ] I'm talking about whim I can't do that yeah i did and i think this panel is a birth of

that same [ __ ] talking fiasco that we go through it bothers me and i want to see it fixed so what inspires me is the fight knowing that I'm gonna go do everything that I can and if people don't like it [ __ ] them don't care because at the end of the day I'm gonna go home to my wife and the friends that I'm sitting next to aren't going to be the ones talking [ __ ] we want to do it so now it's my turn mental note never talk often occurs on purpose I can basically say what he said he better he when people one I was supposed to be here but anyway with when I think about

the what motivates me to do [ __ ] is basically people that don't and he said it more eloquently than I probably came with my funny accent but we always talk about the echo room and we're all talking to each other talking ships doing nothing and that bus gets definitely right at least for me and those are the breaking points where I say either you partake in the [ __ ] then you talk talk's it or you actually step out and do things right and I think everybody in this room can basically do that you just have to be able to hear the [ __ ] to hear the rumble to get to that level where it hurts you

and you can either step away from it or try to make a change Tim can I ask one more question go um cuz I think i'ma let you finish yeah so i know i really i really think it'd be valuable for people to understand like if you guys don't know who whim reams is um I at well you know it's hard but there's probably one that's been in turlock or something you see yes see she can't even joke about it um no but but what I I would love to hear because I even being your friend don't know how it worked from you sitting there talking smack on is e to being on the [ __ ] and that to me was

an inspiring thing that I know nothing about that I think it'd be really interesting to hear something ok so for me it's quite quite a the same story i said as i just said i was a cissp am I so divided in two thousand six it was around 2010-2011 everyone was talking [ __ ] about IC square me too I was complaining about submitting my cpes and not getting anything back from it right and then I heard about the what was able with with a petition like why do i why don't I try it either you try it or you don't and I get very very euro asked when I say that do or do not dry out all

right a little bit taller not when I sit here it was just that moment where you decide either you talk [ __ ] about an organization that you're not really involved in I pay my game as I super submit by CBS but I can't critique people that actually try to do things while not trying to do things myself and for me the best way was to to run that petition and try to get on the board which that happened and then that's where the difference lies i think you have action and reaction and a lot of our industry is about reaction and very few people in our industry are about action and action is about not really knowing where you go I

didn't know where I was going when i went on I AC square board and it is basically jumping in the deep and you can hurt yourself very badly but you can also end up in a better place and that does basically the way I think about trying to get involved in things rather than step away from it and point at it from a distance thank you thank you cuz I didn't know sorry too I wrote down you want to take my place patches accepted I agree the lady will have one this panel started because Tim you can everybody can oh we could talk come on it's cool so so I all right that's a awesome segue

two things no no no hold on once again because that is an awesome segue the reason that we started doing besides the whole reason is because talk started getting like this where no one said [ __ ] and the fact that you're talking is the thing that needs to [ __ ] happen all the time and it doesn't like that's a [ __ ] hole you guys are sitting at it no I'm not [ __ ] kidding like if I get one meaningful talk out of sitting here talking to you about this I don't give a [ __ ] who's in the room they can hang out and listen they'll get something from it let's don't say it that way people are

gonna think about it now don't get in the position get in the chair guard yourself one see now you take your chair and sit here see now just kicked out you need the podium maybe there is somebody else was a gender identified as a female who would like to do I mean I don't know how to say this without insulting anyone so anyone with chromosomes are XX or something we'd like to be the female on this panel I'm always like the only female in the panars that I may act okay how do you think the black cable feed please do okay please I mean there's way less of them okay so i just did yeah can

we get Derek you come up here and become someone else come bpc this is now a diversity yeah can we make this more [ __ ] pc please well it's not a diversity fender but the industry needs all kinds of people agree with you a hundred percent and that you doing something is where that starts okay I appreciate that if I have a question that I want to respond i want you to realize i want you to participate as part of us because all of us are in this together this isn't a talk from us to them it's all of us talking to figure out I can do this here I can see you can

do it grab the mic and we participate did how can you help this song I hope so so I want to commend this little theater this was a hack this wasn't supposed to happen with plan doesn't fit the pc thing this is exactly how doing starts the first time somebody hacked something together it's not adequate it's not the right person we should have this but then you build on that and you build on that you build on there how are you true that however there's there's a saying in improv you can't say no you have to say yes but so if someone comes with a really stupid idea you can't say no that idea sucks you have to say yes I like

that idea but what if we changed this about it so instead of shutting it down you open the dialogue sorry it's actually yes and yes and not guess but that seems they took some cough cold building off of it so one of the other questions I've had for the panel here was Josh's face so a lot of everyone up here has done a lot of stuff Chris was involved with starting besides ages ago he helped start p tez BOS help start um sorry great i am the cavalry i am the caldo i am the catalog I'm not as familiar with Tom it's Todd started but you know I personally had been involved with b-sides for a number of years

because someone said hey we need volunteers let's go do something Hackett when that first came out I'd been talking to a small group of people about doing that and then Chris Hoff said I'm doing this one of my friends said hey Chris Hoffs doing that I picked up the phone and said I don't care where it is what's going on I'm involved in that so for me you know whenever I heard about something I wanted to be involved in I've just jumped and done it but what a lot of people don't realize is when you say we're having a B sides or i am the Cavalry's doing something it's a lot of work has gone in place behind that so

how long would you say it takes before you go public on something that you've been working behind the scenes gathering momentum bringing people in yeah I'd say it there's not a defined time period but there is a lot of work that needs to go in behind the scenes one of the things that I've noticed about some of the most effective leaders in my past life is that they never have an idea spring forth from their head like Athena from Zeus's head that tends to break your skull open and you don't have such a good day after that but instead they take a small idea work it around curate it talk it over with different people

and then by the time they get to actually bringing it to fruition it's been vetted you've had a pin test on the idea basically and then when it comes out it's much much better you have people who are willing to jump in and do things to get involved so you kind of you know when the time is right because there's not a lot of change in the idea each time you you go around to one of your colleagues or friends and and give them the the 62nd overview and a lot of the times I've been on the receiving end of that and I've heard the idea iterate three or four times through the cycle and each time it gets better

it gets better and I get want to get more involved in it so I completely disagree there is a absolutely there is a time limit it's 90 days like 90 days so our ability to just like sort of yeah for like the wussy ones bay at night if like because there's value in in you know having like something articulate that you can put out there but if you're not if you go from like day 1 to day 90 and you haven't made enough progress to like it tell someone about it you're not going to do it and so move on and that's fine you're allowed to do that and just move on to something else like ice I

suck at nearly everything in the world I'm okay like one or two things thank you yes I'm terrible at most tasks and so I need to tell people about you know things and have at least some kind of structure forever it could be just like it mainly IRC channel doesn't matter but as long as as long as you go from it because if you keep your idea like secret to yourself and private to like you and your you know three friends or whatever and you don't ever talk about it it's it's it's so easy to walk away from a tube because what you say in public now you're committed now now you've got something riding on it so

yeah 90 it like president gets 100 is like president it 100 days to do something cool everybody else gets 90 days I don't I can't ask question yes the question is like following guy I get a lot of emails from packers all over the world people just want to be hackers actually I get emails from people that want to be happy and you know it sounds like a something bad to say ya wanna be hacker but actually these people are asking me how do I get started what do i do I want to be a part of the solution not a part of the problem and the people in this room they're already here there in Vegas

they're like in the midst of it they're hearing you guys you know how do we I don't know that I mean there's local besides events and stuff like that but there is really you know no solution to this question people ask me I like well go read about these do that learn some [ __ ] tcp a UNIX you know I gotta give them a bunch of different advice which is also not one solution fits everyone so if you have any ideas on that because I think we gotta make some more hackers out there for me it starts with community you know when I go to conferences I talk to people and I network people and then I go other

places and meet other people and I was on the flight up here and someone's like oh I'm in Ohio and I'm a programmer and I'm really interested in security I'm like great i said here's my card send me an email and i said i will reach out to my community and it will find out people who are in ohio and what you know what besides is going on what is sa meetings what local security groups are there and i will point you to those people and i will say hey here's a guy he's interested you know bring them in from that standpoint even just simply an introduction to people in the area helps um the last time that we asked that

question some really awesome people stepped up and they made this thing called Def Con and we [ __ ] it up we did a bunch of other things [ __ ] that up and then we ask the question again so we were like we should just make more of those because it worked for like a minute then we screwed that up so we're like yeah we should do it the same way but different and we did besides and now we [ __ ] that up um there's goes I'm over it I think I think we have conferenced our selves to death and huh Castle I wish because because because you you and I would have to live in it

no I just I I think it's I think it's time for us to stop hiding amongst ourselves and start figuring out who's next to us I think if all of us in the room had anything that we could take away from all being in a room together is find people that are sitting next to you and figure out who the [ __ ] they are and how you can benefit from each other because absolutely all of you can give something to someone else it doesn't matter what you do or how you do it you can do that and the fact that you sit here and ignore the people next to you ignore the people behind you and wait

for somebody to sit up here and talk and then walk out of the [ __ ] room and hide again is why everything's screwed up yes we have audience participate outside they wanna know you're off lease but participation always happy to cut you out of this which he can Kanye me anytime oh come on use this haha hey always happen to cut you off I wanted to talk about the what you said about the how long before it starts then to become real and then participation with locals a few years ago I think was 2011 a bunch of us in Israel were sick and tired of the the way the operation of security response and responding to the hacks and

breaches were gone on ink and Ian and a bunch of us got together I think was five or six of us at first and we said just [ __ ] it let's just build their own cert voluntary because the government wasn't doing everything and after spreading the word and starting to just opening a mailing list in a Facebook group we got more and more participation so it got its own life after a few months and just soared forward so it's all about just making that first move and getting the word out there and it becomes its own thing so kidding I have a question for you yeah I mean at some point it was it was you got

to stop saying you gotta stop giving up about the situation and being sick and tired of it and starting you know fixing it or at least trying you know so so can the outcome of this be all of us wrap with each other and find resources to do things together instead of ID I mean even if we just so that's that we're doing it in this room right like whatever for anybody else but like how do I don't know I don't know how we do [ __ ] anymore I feel like every time I talk to somebody they're like yeah and then they go back and there we go i was super busy and I so it's a map making

that change and realizing that if your tip easy and we're all too busy nothing's going to happen agree it's just about that first step small first step and you you know all of a sudden you found we were five of us at the beginning there's over 100 right now yeah all supporting and volunteering they're all doing just a tiny bit but together it's it's it's a 55 person full-time yeah so we're making an effort and by now the government stepped up and they're putting budget on it and we're in the midst of transitioning our work to the government I'm also so stuff are happening and because just a few people got fed up by nothing going on that's

awesome so it's just making that first step jealous so one thing I have to say about that is that that ties in really heavy to the 90 days even if you're really busy if you find something you want to do and you say okay you know what I'm not going to sleep but you know four hours a night for the next 90 days or whatever it is because something really makes you passionate and you start knowing and you bring it out to the community and all of a sudden people join in you can then do less because they're doing a little bit more so five minutes from use I don't know I feel like go early go often works

because absolutely because like I'm an Asian some acts like a win-win way but the Penta the P testing literally I was pissed off one night and I [ __ ] had it and I was sitting and I'm staring at my computer and I was looking at a bid that somebody else put up and I'm like what the [ __ ] is is crap like what are they doing and and was pissed and I was like okay fine email 15 people here's what I want to start are you down with this yes now I I had accountability and once other people were holding me accountable it was actually putting my ass in gear to [ __ ] it becomes a

snowball and it never stops absolutely yes it's making that first step and you you're amazing how many people julian i joined the eff actually happen you know i think a really cool thing would be to put together some kind of a tactical playbook for changing the world like what have we done that's worked about it and how do we replicate it you know stand up a wiki or whatever with examples and method because he's forgotten more than I've done in my life you [ __ ] if I mean what you hear was he was can hear it in my opinion just stepping up and doing something you are the camera even if I don't have you have

joined officially of you you call yourself but in my opinion you're the gallery that's all that's needed stepping up doing something yeah don't touch absolutely yeah why waste your time by bringing somebody down it's like yeah yeah yeah oh and all us you know so many of the guys are running around killing since tonnages it is like puzzles we need more girls help us anymore of everybody anything good we need more we need more of everybody yeah so how's that resource depleted so ask you know kind of hard question you're seeing you're saying you haven't duoc receive just just [ __ ] do it all right i mean i do in so many things I I

mean you're some consensus here I mean yeah the talk is call about to do lokra Searight but yet there's a bunch of examples lately that in the media and everything of people who saw something and the only way they could prove it was jus just [ __ ] do it and are getting a bunch of [ __ ] for it so where's the line so yeah so for me the that line is if you're going and acting completely on your own volition completely on your own terms and really unilaterally then anymore that's that's kind of a recipe for failure going and teeming with other people who can help you accomplish the goal is a recipe for success guys this

nascent thing with I in the cavalry there's some other initiatives going there was a comment Commerce Department thing that they were mentioning earlier yeah that are just starting to now exist but there hasn't been any who the hell do I reach out to you with my another control research there hasn't been anybody basically so yeah it's kind of why I'm like what the hell do i do I want to see this fixed I gotta okay so because we have I am the mailing list and figure it out I mean seriously I'm not [ __ ] joking Josh I'm not can you guys do something good I our response is the foundation of what the [ __ ] you did

in the beginning no I know I will know now I'm pissed this person I'll shut up the mailing this what are you talking about and justice to respond quickly Chris shut up how does he submit his research q Ian yes honey go ahead and i agree with just you know stepping up and doing but as both said if you just do it on your own volition and you don't understand that you're also hacking the industry the process the environment that you're in you're bound to fail and it happened the same with the cert in israel having the same with setting up the DEF CON group it happened saying with be tests yeah if we would just hop mop say [ __ ] it and do

it and try to ruin something and you know just do it in spite of something it's going to be great for like five minutes and then you're done and if you're hacking whatever it is airplanes cars snails i don't know what and you're just you know what i'm going to [ __ ] with the industry and just drop in all day guess what you're not going to get a lot of cooperation but if you hack if you figure out that you need to hack that system so when we did cert we hacked the government we hacked the process around it we have you know the people that were involved and it took a lot of time and effort and getting

pissed and sitting in stupid meetings in committees and whatever it is and sending up a non-for-profit that we started shelling out money for because that's part of the process and that's how you embed yourself into that process by hacking into it if you just come up and say you know what I have some technical whiz bang Oh day boom I crapped on your table and now I'm out of here yeah you're not going to get a lot of so so does that mean planning with accountability I know it's a dull ship I know but we're all getting old at some point one of the first things I think he's beginning is over he was first one

sentence sorry just don't listen you said that you apologized for using the word cyber I think was that you or and I agree with that that's the thing it's about if you're gonna change something that's wrong you gotta you gotta play their game right and you gotta speak the same language otherwise you're not going to give it hurt if you're going to come and say this is [ __ ] let's fix it and this is how I will fix it and this is how it should be no one's gonna listen you're gonna just swimming against the stream and that if you join it you know and you know if you can't beat them join them absolutely

longest center that's the long center that's a really long time sorry yeah I just wanted I just want to tag on to what the previous gentleman said and argue in favor of a long game so I've been working since 2007 on metrics risk analysis incentives we're nowhere close to being done with that it's a really realistically a 20 year project 25 year project while 90-day projects are fantastic and really useful not everything fits in that box if you try to take on something like I want to change the government I want to change laws i want to change how decisions are made in these long stained sending institutions you try to do that 90-day pieces you're going to be splat against

the wall can i connect can I ask so I am strongly in favor and actually part of my my academic work is studying how these processes change and the artful integration of lots of small changes combined with a long game I think is the best combination yeah with you having that experience can I ask you how you started the enrollment process to get people prepared to play a long game and not have instant gratification because I think that's part of our problem right is I released an oday BAM what's up you know and they're like well maybe a ball and then it goes away and like I i think that there's the instant gratification thing that we have to deal with and it

sounds like you've breached that hurdle before but by the way like the other part is is is the attractive bit of hacking you know that's what makes it not software engineering totally know so you know the Road Runner and wile e coyote I was willing to be wily coyote for a long time so I built crap i hurl myself against the wall and by that I mean so I come in for the business side I'm not a hacker from way back I can't crack cryptography but I come in for the business side and for about three years I spent time saying has anybody thought about this is you know try this approach is this a problem I got blank stares I

got doors closed in my face I got you don't have the right training so i'm in a PhD program so just a lot of personal commitment and persistence and connecting with a few people here and there and more of those people find people so it's so you feel like your support structure help you play the long game yeah but i had to make myself connect to the two well I'm sorry Jesus Nelly so I wasn't like I got a bunch of light bulbs and I'm going to bring people along I had to connect with a lot of people some of the people here in the room I had to learn from them I do you

know basically get the practical experience and raise myself to the point where I could start doing some things well and I'm also trying to hack it at the same time so some other people created society of information risk analyst around a bar and it's now turning into a thing we have an annual conference we have a mailing list it's actually a productive resource for people that are doing this inside a company's awesome all right quick before we go to the next question just so you guys know we are at our time at twelve-thirty but we're going into lunch if you'd like to stay please do and continue the conversation Josh what were you gonna say just answer your question

so real fast yeah the whole platform was collecting existing research and researchers connecting them to each other and teammates and industry and then forming collaboration vehicles to make things safer sooner the reason that car stopped happened is craig smith was so generous with his time the tesla guys were open the GM guys were open we saw doing stuff there's a one of the guys over here is from the medical industry that's another reason I guy eating like so if you'd like to start an aviation project there's a guy from aviation street tonight we'll start the project tonight josh is there any way only do not the barrier what is there a way to make you not the barrier because if he

had that information six months ago the projects would already be started so what I'm asking to everyone in this room is how do we fix that right now not tomorrow not oh yeah we'll make something what's the answer that all of us are gonna go yeah that makes sense to me and start [ __ ] doing it previous gentleman was talk about you know getting into the system hacking the system from the inside you know long game or know that but there are certain things that can't wait for that long game totally there's more immediate problem totally agree and you know what I've been experiencing is where you're just bashing into that wall of yogurt

one guy who came up with something started asking questions and just bashing into this wall yeah that you are so low on their totem pole they don't even you don't respond to your emails and stuff like that don't you may end up on a couple of watch lists but well I I feel like some of the stuff that the Cavalry's been doing is giving us extensions into the totem pole that we don't have access to yeah anybody this is what I'm saying that this is really nascent as you said right it's months ago this may not have been a possibility right right exactly Nick that's exactly where i was going to jump in with these

previous to talk TSA's i work at a major major medical device manufacturer and i've been connected through a joshin bow for about a year or two now and then working for a year trying to drive change and we're talking about all this change from the outside but the inside is words you need to be as well you need that champion in the company's connected I mean I walk around my company and I can count one hand how many people I could call quote-unquote hackers that would even understand what besides is even understand what this stuff is and most of these big companies that's how they they are people in this room a lot of markings some of those companies a

lot of them are and you can't find those champions because the companies are so large if you can find one or two champions at a company and connect with the folks in this room that's how you kind of build it out that's what we need greasewood instead of talking what are we going to do about this like we we have we if we got anything from this panel which I assume there's gonna be nothing I'm shot it but but if we get anything from this like what are we going to do coming out of this so one of the things and this touches on what the young lady was saying right we need to get more people involved I ain't that

young honey haha yeah but I've got a great yuri either and I've got a gray beard and you're young so one of the things that we've got to do though is get more people involved that think differently than the way we do because when we go ahead and we circle the wagons here we're probably about 90% technically are in I mean we're going to have a few folks that go ahead and cross that line but as the gentleman before me went ahead and mentioned you know in his organization they may do medical devices they may only have a few folks that go ahead and really get technically when we say technically oriented but they have a

lot of folks that have problems all the time and I guarantee you most everybody in here works in an environment or touches base with an environment where people have problems and they come to you and say hey can you help me out and we go down the rabbit hole we go technical and they glaze over and we don't show them how to get the answer we give them the answer and by giving them the answer what we've gone and done is we've skipped that step that educational step that exposure step where they actually kind of get it they see the tip of the iceberg they're not going to be able to go ahead and understand what

you're doing to the level that you do but they're going to understand that there's something that they're missing and it's going to start a conversation it's going to start an exposure so we've got we've got to ease into it let me just nutshell that uh basically we need you know us and them both need to be more accepting of outside opinions and views and we can help each other like rolling this together that's the point right there in there man it's not us and them its weight so so real quick I think I think it's just you know I just I think it's all of us man you know so back to the we're just sitting here talking not doing [ __ ]

we are doing [ __ ] no we're not you're not you're not here right now but later we will okay so this afternoon here's here's something i am going to yeah I'm know we've got schedules this I huge Tim shut it i'm gonna put out a challenge to you that whatever magic mailing list communication [ __ ] smoke signal [ __ ] that comes out of this that allows us to connect whatever that is website chat server where the [ __ ] it is fine IRC is pretty i know i like RC right like i want what i want someone to set up something so that people can connect I want people to connect to it

and then I want every single person who's from if you're still here if you actually want to go do something I want the first thing that you do to bring somebody who has nothing to do with infosec into that communication platform hey hells yeah I yeah let's just go become you know done seriously Frank bring anything in and if you don't get the [ __ ] out and let us do a work but please don't join if you're not going to do it and I think this afternoon is a good way to test that because we have specifically set aside to to our blocks to come up with some of those things how do we get those people all together in

the right place how do we identify leadership how do we build a team that's not just us that's more than just oh who knows how to build an IRC server it's called slack you do are you putting your hand up cuz you're building our IRC server okay yeah are you or are you not going to build our IRC server answer the question it's like ease up pointing at someone else this is a dude thing not an outsourced thing that it exists it is extant done all right it's whatever if you know what if we need something new we need something new get it can I ask the audience to do something for a second if you still in the room just put

your hand up in the air you know let's stretch out for a little bit few people put your hands up in here thank you you're all volunteers now congratulations that is the Israeli way [Music] how old are you here put this on one just just one thing I wanted to say you said you're doing research on their traffic so the reason why up until about a couple of weeks ago we didn't know anybody involved in tightly involved at industry um how so I got invited by Karen to go speak at a conference in Israel so I had to get on a plane and fly for 17 hours I spoke on the camry Pharaoh had these of 5th annual

cybersecurity summit at Tel Aviv University after my talk someone from a major airline Association came up to me and hand me their business card and said let's get in touch i want to help collaborate and help out so up until a couple weeks ago we didn't know who that person was and they're actually here this week and bo has been a communications I connected with bow and they're going to meet with I think tonight right yeah so I mean that's how so in the future like those types of things that sort of like that things that just happen I'll just come to Tel Aviv don't you tap thanks Barry yeah so what to say it the point is we have a

mailing list it exists today there's about 400 people that are on it if anybody in this room has they're doing research they want to get in touch with somebody male to that mounting list and we can help facilitate that that connection there are some people who we speak to that are at various companies that are part of Sochi ations there are some sensitivities because sometimes they're stepping out of their role or they're doing things that are out of their chain of command within their company to be able to try to foster that met mission and that message internally so we can't just publish a list that says here's all the people at all the major companies and major initiatives

that want to help but we can connect you with them behind the scenes and get you get you connected with if you guys are lfg definitely post and we will look for contacts in those industries to help put you guys in touch what is nfg look for great look it's a slang out of like mmog looking far mind games looking for group so if you're looking for I need to connect to somebody in the shoemaking industry because whatever post your information say I'm doing research on this I'm looking for people in industry and we will help facilitate that it's like put up the bat sign an intel dual onyx oh man actually this is work also recently at an assert for IOT

specifically was started in France called digital security at fr and they have joy diamond they have enjoyed our recovery and they will also help with connecting you if need be ok so so we're all going to bring someone new to the party and we're gonna who is not in a plus one your Plus Ones yeah we have to expose new people because like our blood is getting so tainted with the alcohol in sorrow that what that we need to do a Keith Richards and like get a transfusion of people so I actually do DevOps I'm not a secure profession awesome so what I've been in Boston is created decals what his opinion matters all the people seriously trouble so in

boston i create the kali linux users group and the best i've done is teach people you know it's one thing to go to a workshop and say hey look at me drop this okay let me do this crazy sequel injection double crazy attacks but sort of thing to actually have them put their hands in the keyboard and type it themselves a great pletely changes there a bite so is the cavalry prepared or thought about having all of us who are now in this collaboration group of doing [ __ ] teaching classes for free if you have ninety dollars three you can go ambicom make a private group you can teach in Boston I was given free groups

space at Mozilla recently godaddy free pizzas free craft beer awesome can you teach us how to do that seriously its release I'm just talking I'm not I'm not lying I'm asking you can you later elite teach us how to do that because what you guys mentioned earlier to you go out to the events and the thing is I go to the other tech events in Boston I go the developer events sis off events testing events you meet other people in IT and a lot of them are really interested in security so the point I want to make too is that I've actually applied to be a pen tester at a handful of security companies I'm

gonna say something you guys I want to hear the salary they offered me is half of what I make as a developer absolutely become an entry pen tester so solution i found was to move laterally imaginary terrible at salary negotiation no [ __ ] yeah I've heard the churn and burn to get some cheap college kids burn him out over three years the ones that survive they move on but that's a whole other discussion so I think having telling people that want to get in security move laterally your assistant no security yep become a sisal about security company and I jobs over the no security become a job developer and security come yeah I'm with that it's my some of the most

defend something fulfilling at least for me talks and lectures and trainings that I've given have not been at security conferences there there a developer conferences like I go to the rubies are way more rewarding yeah they're super rewarding you know because when you go to a security conference everybody already knows everything and nobody cares right because it's all broken and forever but when you go to when like I did AI didn't think in a local Ruby Austin Ruby thing of describing like what happens between opening your laptop and posting to github like every step one you know I think takes like an hour and a half to go through and and it was great it was really great it was like

really high energy got a lot of few minutes ago I had no idea that we had to trust like our pin dhcp units and all this other crap you know so it was so if if you do nothing else and you are infosec if you want to go find your plus-one you you you can be the plus one to two like a whole bunch of steps you know so you know what this may be cliche but not enough people do it yet I asked the question we have over 22 what is over 2,000 security conferences every year some of its not quite enough but I basically said like what if we had one tenth of that many what would we do

instead and so we used to say go speak at one non security conference like a medical conference auto we've been to a ton of those this year yeah developer the time it you know a lot of the DevOps folks we go to developer shows I actually think that's too modest you know I'm trying to make sure it half of the the conference I go to aren't security car keys play the other side you don't speak at security colleges at all right yeah man I think I I don't know more free talks we had I think this panel is over if we're not stalking if we're not talking to security conferences does that include this panel ya know what

does at the Sienna close it that's a wrap it's lunch