For those of you who are aware, every August for the past 30 years or so, hackers have been meeting in the dead heat of summer in Las Vegas Nevada to host multiple learning and community events. It started with Def Con, a conference dedicated to hackers & hacker culture, releasing exploits, and “doing stuff that makes you feel like a badass” (or at least that’s my opinion). Four years later, Black Hat was started, a corporate security event, known for high quality training and research-heavy presentations. After multiple years of being rejected from the Black Hat and Def Con conferences, Jack Daniels (who I met this year for the first time, he was so nice and friendly!) started a conference for those of us who have been rejected from the main conference, named aptly “B-Sides” (for those younger than I: records and tapes used to have an “A side” and a “B side”, with the B side having… Less popular songs). As a person who has been rejected over and over by these conferences… I love the Las Vegas B-sides and B-sides in several other cities (they are all over the planet now, by the way)! As the years went by, more events were added, such as The Diana Initiative, and so many more. Eventually people started referring to this annual event as “hacker summer camp”, and if the shoe fits… Hack it!
This year started off for me by keynoting The Diana Initiative. Not only did We Hack Purple sponsor this annual event that I love so much, but I credit this group (community? movement?) with being the main reason that I have come back to Vegas (my least-fav American city) year after year. Being able to keynote what I consider to be my favorite part of hacker summer camp is pretty much the best outcome I could imagine. Diana is a place where I always feel comfortable and safe, and after my first trip to hacker summer camp (2015 – before I gave talks or had a twitter account) being extremely uncomfortable, I have found them to be a force of nature for re-building trust with those of us from underrepresented groups. My first trip to hacker summer camp involved a lot of unwanted touching from men, being followed around (even from one building to another, with me saying “Stop following me!”), lots of feeling unwelcome/not fitting in, and the TiaraCon folks making me feel so utterly embarrassed by demanding I wear a plastic tiara and feather boa, so many times, that I ended up yelling at them to “stay the F away from me”. Not one of my finer moments. Sigh. Hacker summer camp has come a LONG WAY since then.
We Hack Purple Podcast alumni Maril Vernon doing the superwoman pose with me, and the Diana Initiative Volunteers! There would be no conference without volunteers, hats off to each and every one of you!
The next day I had a We Hack Purple meetup where I got to meet several community members, including my new friend Chadd (he’s looking for his first job in AppSec, if you’re hiring!). We chatted all things community, jobs, AppSec, and how I could plan a WHP meetup in DC in October when I come up for OWASP Global AppSec. Also, did I mention that I will be speaking at OWASP Global AppSec?!?!?!?1? Yay!
Also on Tuesday, B-Sides LV started! I gave a workshop (Adding SAST to CI/CD without losing any friends) with my new colleagues, Enno Liu and Colleen Dai. It was SUPER FUN! I covered the easy parts, setup, cloning and running the CI, Juice Shop, the SCA and SAST results, etc. Then Enno and Colleen really took it away with rule writing in Semgrep. I’m new to Semgrep (week two), so I’m still learning to become a little rule ninja. I suspect I will learn a lot from these two.
Monday night I attended the B-Sides Speaker dinner and ate very little… Because then I went to a team dinner for work ,and we ate KOREAN BBQ (which I love)! It was all you can eat, and folks, I did my best to get my new employer their money’s worth by stuffing my face. 😛
Wednesday morning, I met my dear friends Vandana Verma and Gabrielle Botbol for breakfast. We caught up, ate tasty food, and took selfies, just like any other set of friends who have been apart for a few months. Don’t they look lovely? They are two wonderful human beings!
After breakfast I had several meetings that were sort of all over the place, broken up by “Oh hi! I haven’t seen you in forever!” type conversations as I recognized people at B-sides. Obviously, Chad was there!
Later in the evening I met up with the crew from IANs Research! I also FINALLY got to meet Malware Jake Williams in person, instead of just tagging him in slack all the time. He had a create Splunk T-shirt that said “You bet your sweet SaaS” and… I want one! LOLOLOLOL!
Thursday morning started with a Forte Group breakfast. Well, there wasn’t really a breakfast per-say, but who cares? I can get food anywhere. What I cannot get anywhere is 100 CISO, CEO, and Startup lady founder friends!!!! Only about 30 of them showed up, but it was awesome! Obviously, we discussed taking over the world. Wait, I mean: How can we train and find the next generation of cyber security professionals, and ensure more of them are women than ever before. Yes, that what as it. ;-D
After the Forte amazingness, I went for the first-ever Semgrep Community Meetup! We were *supposed* to meet in the Starbucks just off the lobby from Caesar’s Palace, but unbeknownst to me it was closed recently for construction, and for some reason an unfriendly employee was demanding no one stand around. I tried to stand around and wait for people, to direct them to the new location (Starbucks in the food court of Caesar’s) but she yelled “GET!” at me, and I ran away… She was not having any of it. The Cloud Defense team was there, and they also tried to go round up any community members I missed and were also shooed away. If we missed you, I am so sorry! That said, the people I DID find had lots of fun with me and Semgrep!
After that I headed off to the Bishop Fox Drybar event, and (completely randomly) ran into Ariel Shin (previous WHP podcast Guest) and several other ladies from the Twillio/Segment product security team. DON’T WE LOOK GREAT? Thank you Bishop Fox!!!! We will secure the world and look great doing it!!!!
Later that night I met up with several friends from the Slack Product Security team, ate dinner, and learned a lot of new stuff about what makes the ‘glue’ of a team. Although I didn’t take pictures, but I assure you that it was both delightful and delicious.
Friday was the big day…. Presenting at the AppSec Village! Both Semgrep and We Hack Purple were sponsors of the AppSec Village, because we both LOVE AppSec and this community. I gave my talk DevSecOps Worst Practices and it went really well (everyone laughed when I hoped they would, and did not laugh when they were not supposed to).
Then I flew home. Phew, What A Trip!
Thanks for reading, see ya next time! Also, lots more photos below, just ‘cause!