I have been wanting to start a security conference in San Antonio that was focused on the security practitioner rather than on the decision-makers and business managers. The management roles just as important as the security practitioner, but there are great conferences out there that focus on them. Conferences like InnoTech have taken an innovative approach to reach out to community leaders and have them create and manage content that would be of interest to local business leaders. The CyberDEF Dojo has played a role in the past three years in creating security content for the San Antonio audience at InnoTech. We like to focus on the practitioners and share talks that are both technical and higher level in nature around security. In the back of my mind, though, I knew that we needed more than a monthly meetup, quarterly Security Engagement Series, and the CyberDEF Dojo day at InnoTech. We needed a conference that was solely about learning, experimenting, and hacking.
I learned about the Texas Cyber Summit earlier this year, and it was pitched to me as “San Antonio’s DEFCON.” People who have been to DEFCON before usually dismiss that comparison, but I felt that was a great way to sell it. DEFCON has its strong appeal and excitement, but the most important aspect of DEFCON is that you can learn more about information security, and you are challenged by your peers to innovate on your processes of discovering the attackers by becoming an attacker. Hacking is exciting because it is a competition; it is the e-sport before e-sports were a thing. Much like in sports, it’s about pushing yourself as an athlete, to learn the game at a deep level, and to perform at a high level, putting all of your learning, tools, and techniques to the test at game time. At the end, you learn more about what you could have done, and others are ready to share what they have learned with you, so you are that much better.
As a Python programmer and now sales engineer, learning is something that excites me, not because I want to be smarter than anyone else, but because the more I know, the more I can share with others and the more valuable I am in my community. When I can teach someone something that I had learned before, I have accelerated their learning and pushed them to the next step in their discovery of a solution to a problem they are facing or a new technology that they can learn more about to solve problems later. There is a great deal of joy in that. This is the main reason why I was so excited to volunteer at the Texas Cyber Summit for its first year, and although there were some hiccups as with organizing any other conference, I found a great deal of joy being around other information security professionals, students, teachers, and companies supporting the effort.
The conference was from October 12 to 14, and it featured 78 hours of presentations and 67 speakers. Some of the notable speakers were Rob Joyce, Robert M. Lee, Jeff Moss, Ben Ten, Chris Gerritz, Russ Morris, Angel Crockett, Cherise Esparza-Gutierrez, Paula Gold-Williams , and so many more gracious and knowledgeable people willing to spend their time sharing their experience and skills with the attendees. Additionally, there was a Hacker Haven where attendees could test their skills on a capture the flag exercise and five tracks covering different aspects of security, such as Red Teaming, Blue Teaming, SCADA and ICS security, cyber security 101, and policy and risk management. Some of the sessions and keynotes were recorded, and those should be released at a later date.
We are still waiting to hear feedback from attendees, but as someone who volunteered their time and spoke with a lot of different people about security at the event, I enjoyed every minute of it. The few talks I was able to attend were fantastic. This was the conference San Antonio needed to have, and I am so glad that Joseph Mlodzianowski decided to put this conference together. The more knowledge and skills we share in information security, the better we become as practitioners and as professionals.
I cannot wait for next year! See you all there. #TCS2019
One last thing: if TCS did not scratch your itch for security learning and communal learning, I suggest checking out BSides San Antonio, as well. That conference is 100% organized by the community for the community, and I am a big proponent for that conference.