Posted by:
admin
12 years, 1 month ago
Last Friday was the 3rd annual BSides Atlanta Information Security Conference. I think it came off pretty well. This blogpost is meant to help others as they plan out their BSides conferences and to remind us of things we want to do differently next year. These are just quick, initial thoughts.
Structure
There's a lot of talk about how to organize a BSides group to manage events. The options are: set up a non-profit or separate corporation (or perhaps run it through an existing corporation) or have the sponsors pay the vendors directly. We chose the latter route. We thought it would be simpler for us. I find the accounting for my company to be too much accounting for me. Most of the organizers also work for sponsoring companies so I knew that we could manage most items. In the worst case, people would have been going out for lunch. Perhaps we could have had some food trucks available. There are also 4-6 co-organizers depending on the day so we have a good team and we have a ton of great volunteers!
The concern about this structure is that it is an extra hassle for sponsors and that sponsors might prefer to pay a non-profit. Actually, the profit status of the organization doesn't matter to sponsors - they deduct the cost either way. The only benefit that I see is that if the non-profit pays the vendors, they don't have to pay sales tax. (More on this later.) Everything went relatively smoothly for us. Most or our sponsors were local or had a local presence. The one exception was our lunch sponsor, Tenable and that was easy as we called in the order and they called in the credit card. We did have multiple payers for the t-shirts, but that vendor was fine getting two calls for payment instead of one.
Our ability to have BSides in the Think Inc office space for the third year in a row helps tremendously. It keeps our costs down and greatly simplifies planning.
Money
Last year I did a better job of tracking expenses. I entered them all into a google spreadsheet. I knew that we way overspent on coffee, beer, booze and food (I know!). We spent $2500 on food for example and a number of people took home pounds of BBQ. People took home bottles of WiKID Whiskey sours and we left a fair amount of beer for the Think staff. We left two cases of light beer that eventually became a white elephant gift at the Think holiday party. This year, we capped the food budget at $1000. Oddly, despite having slightly fewer attendees, we totally went through the food. We had snacks later which we also plowed through. Lancope sponsored the beer this year, which as great. Next year we probably should have had someone bring non-alcoholic drinks. Oh well...
Although I don't have exact numbers for everything, I do have the big ticket items. All told, we spent roughly $3900. The big items were lunch and t-shirts both at $1000. Beer, booze, coffee, snacks, and chairs were in the $300-425 range. Then there were miscellaneous items, tips (thanks Dan!), tapes, signs, etc. So, assuming you would pay taxes on all of that and your sales tax is 6%, having a non-profit would save you about $234.
Content
As always, the content was great. I tried to watch more talks this year, but still got pulled out to deal with lunch, parking issues etc. The keynote by John Graham of First Data was an excellent kick off. As always with practically any conference, I came away wanting more. We didn't have any panels this year and I missed the interaction that panels create. Last years CISO panel was perhaps too interactive so it's a fine balance. I think that different formats can create different energies that get people excited and discussions flowing. The model of 45 minute presentations is a very one-way affair. Moreover, it's geared toward the evangelist rather the CISO.
That's not to say that great content can't be delivered that way. Although I got pulled out to deal with the caterer, I enjoyed Rob Graham's Freaky Economics of Cyber security, part 1. That this talk was SRO shows that there is a demand for non-technical talks. It's definitely hard to gauge that beforehand. And one short-coming of the space is that there is one huge room and then conference rooms. The conference rooms are big conference rooms, but still smaller.
I would like a better way to get a sense of interest in talks from attendees. I'm not sure if that's setting up a survey or an online voting tool, etc. It's tough because we would want it tied to the registration system. Also, I would be disappointed if speakers didn't try to um, game the system.
As a co-organizer of the Atlanta NAISG chapter, I can't also help but think about the community over the course of the year. We've had some great talks both technical and professional and we've had some great discussions. However, the effort and costs have become a strain. I'm not sure what we'll do going forward, but expect some changes. Ideally those changes would feed into Bsides to create a better conference.
This year ACE Hackware handled the lock pick village instead of the Lockfale guys. This transfer was very smooth and resulted in slightly less trolling.
Summary
First, if I do say so myself, I think the sponsors did great this year. One goal I had was to increase the local sponsorship and we did that. Second, order more food next year and perhaps fewer t-shirts. Third, encourage more panels and interaction. Atlanta has both a solid group of information security vendors and large sophisticated buyers. We need more knowledge sharing and interaction which will benefit the entire community. That's kind of the point of BSides after all.
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)