ID Cyber Solutions Conference Report — BSides Leeds and SteelCon 2023

31.08.23 01:32 PM By Keven Anderson

Attending conferences is a crucial way our staff can keep up to date with cutting-edge research, be introduced to important new ideas and perspectives, and help inspire and support the next generation of cyber security professionals. Our ID Cyber Solutions Conference Report series aims to showcase some exciting and ground breaking ideas presented at these events.

Report by Alice, Cyber Essentials Assessor and Technical Editor

It’s hard to deny the value of conferences. Meeting new people and developing networks, learning about new technologies and ideas, and even just reinforcing your existing interests – I don’t think I’ve ever been to a conference and not a) massively enjoyed it b) gained a lot from it on both a personal and professional level, and I’m happy and grateful to be working for a company that supports its staff attending these events.

However, there’s more to be done at a conference than (just?!) attending, listening, networking, and learning, and I’ve recently been appreciating the importance and the satisfaction of directly contributing. This means that our usual conference wrap-up post is going to be a little different this time, given I didn’t manage to actually attend many talks at all!

On 24th June 2023, I attended BSides Leeds as a conference volunteer. I had signed up for this several months before, and had dedicated the odd morsel of time here and there to tasks passed on by the conference organising team. As regards the event itself, my weekend looked something like this:

Friday

14.30: Leave Glasgow (sharing the car with two other volunteers and an attendee)

Beginning the ~240 mile trip to Leeds

19.00: Arrive in Leeds

19.30: Attend pre-event social gathering

Saturday

01:00: Arrive back at hotel after social gathering

06.00: Go for an optimistic but probably ill-advised run with another volunteer

07.30: Leave hotel

08.00: Arrive at venue to don volunteer garb and to help with outstanding setup

09.00: Attend opening remarks

09.30: Attend opening keynote (Holly-Grace Williams discussing red teaming)

10.00: Complete general runner duties – setting out biscuits for the coffee break, retrieving items, retrieving people

12.30: Have a quick lunch (accompanied by an excellent brownie)

13.00: Complete Green Room duties – providing a secure space for speakers’ personal belongings, helping settle speakers before their sessions, (unexpectedly) helping teams obtain scavenger hunt items

14.30: Go back to being a runner – more biscuits, more retrieving items and people, undertaking critical missions (finding coffee for tired speakers)

16.45: Attend final panel session, juggled with the theme of the day – retrieving items and people

17.30: Attend closing remarks

BSides Leeds organisers delivering the closing remarks

17.45: Point attendees in the direction of the afterparty

17.46: Frantically tidy up in the few minutes left before the venue closure

18.00: Say hello to attendees at the afterparty

19.15: Begin the drive back to Glasgow

21.30: Stop at M6 services for expensive fuel (for both car and people)

Sunday

01.15: Arrive home, having deposited other car-occupiers in various locations

Being a volunteer essentially guarantees an incredibly busy day with not a lot of downtime. I managed to tot up almost 14k steps during the event, and only saw the opening keynote and part of the final panel. However, this doesn’t mean it’s not an amazing experience. Seeing attendees having a great time, an appreciative nod from a tired organiser or presenter as you silently pass them a coffee during a session, the volunteers’ WhatsApp group exploding with messages because something is needed and everyone is leaping to help – these things all mean you have an absolute blast and have the additional satisfaction of knowing: you helped make this happen. I would wholeheartedly recommend volunteering to anyone who just enjoys getting stuck in.

And then SteelCon… that was a different kettle of fish entirely. When I finished my academic endeavours and embarked on a publishing career, I swore to myself I wouldn’t ever put myself back in a position where public speaking was required. And then I came to cyber security and actively sought it out.

My application to speak at SteelCon was accepted, and I duly made my way there for the conference on 8th July 2023. I’m not afraid to say that I was extremely, extremely nervous. I’m not a natural public speaker and, while my experience from academia was that fully scripting a talk was the norm, my foray into cyber security presenting would involve speaking with only a few Presenter Notes against my slides. In fact, I was so nervous that I couldn’t attend anything in the morning beyond the opening remarks, because I needed to try and calm my nerves through mindless repetitive action (playing Space Invaders at a sponsor’s stall).

My talk (about effective communication in cyber security) seemed to go well, with lots of positive feedback, and after the lunch break I was finally able to attend some talks. First, I went to Maya Boeckh’s talk on how creating JavaScript challenges for Capture the Flag events has helped them with reverse-engineering. This was a highly technical talk, and I’m not ashamed to say that aspects were far beyond my coding capabilities, but Maya had structured their talk carefully and in such a way that anyone, possibly even someone with no coding knowledge whatsoever, could follow their logic.

Maya Boeckh delivering their talk on JavaScript and reverse engineering

I then saw Ian Thornton-Trump speak on “Good, Better & The Best Security!”, which was a passionate and important discussion about how security controls can and should fit within an organisation. Ian is a really excellent speaker and this was a highly engaging and entertaining talk about compliance, controls, and context.

And, aside from closing remarks, that was all I saw. The nerves and adrenaline of giving my own talk had really taken it out of me, and, although I did attend the afterparty for a couple of hours, I was honestly ready for bed from partway through the afternoon. But I really enjoyed it. I felt good about the talk I gave and the feedback I received, and I loved that, after attending my first SteelCon in 2022, I was able to actually contribute to it in 2023. I loved that aspect to such a degree that, despite loudly proclaiming to fellow SteelCon attendees that they had witnessed my first, last, and only presentation, I applied to speak at G3C (to be held at Glasgow Caledonian University in November 2023) only a couple of weeks later.

Am I sad that I saw barely any talks from Leeds and SteelCon? Yes. But! YouTube is a wonderful thing. Cooper (@ministraitor on Twitter/X) manages, with the support of a small team, to record the talks at a huge array of conferences, meaning you can catch up online afterwards. And while I didn’t see the talks on the day, it’s been really lovely over the last few weeks to spend a lunch break or a random hour at a weekend revisiting the events and seeing what I missed at the time.

If you’re interested in copying me and spending your spare time seeing the honestly brilliant offerings from these events, check out their YouTube channels (BSides Leeds and SteelCon).

And if you’re interested in copying me and volunteering or speaking at one of these events, please please do. I can assure you that you won’t regret it.

Keven Anderson