Call For Presenters (CFP)

Please list your presentation for BSidesAustin below (and an external link to outside material if appropriate.)  Once we have a list of presentations we will vote and decide on the finalists by popular demand.

Talks

Please update with your: name, contact information (email, twitter, website), presentation title, presentation length (15-20 or 50-55 minutes) and short description.  Please use the example text as a template.  Simply copy and paste it into a new entry, then edit it to fit your talk.  We have two rooms for the day, so we have som eroom to spread out, or have side conversations.

Proposed Sessions

• It is during SxSW Interactive, privacy would be a good topic, no?
• Cone of Silence sessions, frank and open discussions, no recordings, respect confidentiality of information
• AppSec
• Whatever cool hackery you are up to
• Bad Security Awareness Poster Contest!  No, you cannot submit someone else's poster, and it may not be copyrighted work.  But there are still endless possibilities out there ... 

• Name: Jack Daniel, http://blog.uncommonsensesecurity.com/
• Title: Compliance is Boring. GovSec is Boring. Or, why you work for old white men. (even older and whiter than me)
• Length: 15 minutes [RANT]
• Abstract: Security is sexy.  Breaking stuff leads to stardom.  Boring stuff is boring.  Patience is a virtue, but I don't have time for that crap.  All true to varying degrees, and all keeping a large number of people with a passion for security from being able to make a real difference and get traction with the people in control.  Part cathartic rant, part assault on sacred livestock, part pep talk.

• Name: Ben Tomhave, @falconsview or http://www.secureconsulting.net/
• Title: I Think I'm Gonna Hurl
• Length: however long it takes (less than an hour)
• Abstract: A snarky little talk about just how screwed up this industry has gotten. Hype, risk, buzzwords, analysts, vendors, certifications, and why we're failing miserably. Oh, and a discussion of how we can get out of this ugly little scenario. As absurd as reality has gotten, there are some common sense changes that can still save our bacon (and eat it too - er, wait:).

• Name: Ben Tomhave, @falconsview or http://www.secureconsulting.net/
• Title: Developmentally Challenged
• Length: however long it takes (less than an hour)
• Abstract: Clearly something is wrong in the world of programming. How could it not be? Look at all the bugs, all the vulnerabilities, all the successful exploits (not to mention insider threats). Yet we have to consider that the human condition is one of fallibility. Is it reasonable or rational to expect perfection, especially given the time pressure to get products to market? To use the old ax, development teams need to work smarter, not harder. In the infosec community, we have much to offer in terms of helping achieve this goal. 

• Name: Jason Jones, @thedude13 or http://www.linux-ninja.com/
• Title: WebApp (In)Security on a Tight Budget (or did the recession make our online lives even more insecure?)
• Length: 15-20 minutes (If we can get more people would love to turn into a panel discussion)
• Abstract: Over the past few years many SMB's have cut budgets and staff in an effort to stay afloat while  attempting to duplicate popular web application launches hoping to duplicate Facebook / Twitter / etc in an attempt to strike it rich. The pressure to churn out ideas and pack features has resulted in many preventable flaws being prevalent in many of these webapps. I plan to draw on my experience as a former webapp programmer in a similar situation and look at a process of ignoring security in an attempt to generate profit (and draw some broad generalizations about the security tradeoffs many new webapps that are springing up may have made and the consequences that will impact users as they gain in popularity). 

• Name: The B-Sides Team
• Title: Behind B-Sides, putting on a B-Sides event
• Length: Up to an hour, depending on feedback
• Abstract: Lessons learned, both the easy and hard ways, in organizing and running a B-Sides event.  Come to learn, come to laugh at our mistakes, come to make "polite suggestions", start planning the next event.

• Name: Joseph Sokoly, @jsokoly
• Title: The Young and the Restless
• Length: 15-20 minutes
• Abstract: People have complained about a lack of fresh blood in InfoSec for years, but in the past year, the "lack of cyberwarriors" has been called a national security threat. We need to start rethinking the way we deal with young people in the InfoSec industry as a whole, and I've got observations from the front lines of the fresh blood. I plan to discuss some of my observations, and issue a few challenges to the old timers. 

• Name: Brian Milliron, http://www.expertcomputerrepair.com/pentesting.html
• Title: How the Advent of Quantum Computing Will Change Encryption
• Length: 20 minutes
• Abstract: Advances in quantum computing within the next 5 to 10 years will represent an increase in computing power by an order of magnitude. This will force a complete rethinking of encryption technologies and the online security landscape as the time required to brute force many industry standard encryption protocols will drop dramatically. I will present a brief overview of the encryption "arms race", an examination of the current state of quantum computing technology, and extrapolate out to make predictions of how much raw data crunching power will be available to brute force current encryption standards in the near future and how that will force encryption technology to adapt.

• Name: Leigh Honeywell, @hypatiadotca, http://hypatia.ca
• Title: Hardware Hijinx: USB and Arduino
• Length: 15-20
• Abstract: Leigh will present some new research into fuzzing USB device drivers with the Arduino and a custom USB "shield".

• Name: Various
• Title: Cone of Silence
• Length: 50-55 minutes
• Abstract: We will have at least one of these sessions, where those who cannot normally speak freely due to contractual or regualtory restrictions can have an open discussion on relevant topics to others willing to honor the confidentiality of the session.  Depending on the participants and sensitivity of the topics, formal NDAs may be requested from participants.  Letting a handful of people speak honestly is much better than keeping them in silence.

• Name: Rick Redman http://www.korelogic.com/
• Title: Cracking 2.9 Million Passwords - Supercharged John the Ripper Techniques
• Length: 50-55 minutes
• Abstract: Password crackers such as John the Ripper ("JtR") are an integral part of a forensic practitioner's toolkit.  However, many of us just use the default "rules" defined in the configuration file rather than using optimized rules.  In this presentation, we will demonstrate the types of passwords JtR can crack using the default rule-set (using real world examples).  Then, we will demonstrate (using a PWDUMP output file containing 49,000+ real "complex" NTLM passwords) how JtR's default rule-set can be improved to crack tens of thousands of additional passwords. The presentation will include numerous real world examples, and attendees will leave with a large wealth of knowledge that will be immediately beneficial to your password cracking efforts. This class is not a tutorial on how to use JtR - but instead how to fully leverage its power by training you to read and write new optimized JtR rules.  
   

• Name: Wendy Nather
• Title: Let's Get Rugged, or:  Clint Eastwood or Pickup Truck Commercial?
• Length: Most likely 50-55 minutes
• Abstract: The Rugged Software Manifesto (http://www.ruggedsoftware.org/):  great idea?  Too naive to work?  If social engineering isn't going to make software more secure, what will?  A facilitated discussion (and by "facilitated," I mean "no Shmooballs please").

• Name: Andre Gironda (@atdre), http://www.tssci-security.com
• Title: Application Security for the InfoSec Professional
• Length: 45 minutes + 10 minutes (discussion/questions)
• Abstract: This presentation will cover application security policy examples. Should you have one and what goes into it? Once written, how do you go about enacting the principles and controls behind an application security policy? Let's talk about the best-path -- going from application security illiterate to handling uncooperative developers, messy source code, complex hardening & coding standards, realtime appsec monitoring/logging, and notoriously blackhat appsec pen-testing.

• Name: Rocky DeStefano (@rockyd), http://www.visiblerisk.com
• Title: SIEM 101-201
• Length: Can be either 15-20 or 50-55 minutes I'm flexible.
• Abstract: Making Security Information and Event Management (SIEM) useful by explaining the thought process of "use-cases".  The talk is focused on ArcSight ESM, but applicable to any SIEM.  Follow-on to my SIEM 101 and 201 blog posts. 

• Name: Vikram Phatak, http://www.nsslabs.com
• Title: Being Inbred Isn't Just a Problem for Hillbillies.  Groupthink and the InfoSec Industry
• Length: 40 minutes + discussion
• Abstract: Attacks are getting more aggressive, yet defenses have lagged behind.  The Google / Aurora attack wasn't very sophisticated, nor was it new.  Yet the multi-billion dollar AV industry was caught unprepared.  If hackers in Russia, China, and elsewhere can uncover new vulnerabilities, why hasn't the InfoSec Industry been able to find them first?  What are vendors not doing that they should be?  And why not?  NSS Labs will share our technical research findings, along with a breakdown of where the biggest InfoSec product weaknesses are and how the next big attack will leverage those weaknesses.

• Name: Robert "RSnake" Hansen, (@RSnake) http://ha.ckers.org/
• Title: Defeating Google's real-time manual human review team
• Length: 15-20
• Abstract: Sometimes blackhats want a way to counter real-time web-application forensics to allow their malicious or spammy content to survive longer under intense scrutiny.  It turns out Google's underpaid slave-labor human review team is actually doing a surprisingly decent job of detecting the vast majority of bad stuff, but they're doing it in a flawed way that can be defeated if you know how.  This is a quick speech on how evil content can survive under non-ideal circumstances even in the face of an educated adversary.  Oh yeah, and it's only 6 easy steps.

• Name: Name, http://www.URL.com 
• Title: Title
• Length: 15-20 or 50-55 minutes
• Abstract: Tell me something about your talk.