We’re happy to report that the information security community in Central Pennsylvania is alive and well!
One goal of the SecurityStudio Roadshow is to get out and meet new partners. We want to meet them, understand their businesses, and help them grow their information security consulting practices using simple, fundamental, and compliant solutions (S2Score, S2Org, S2Vendor, and S2Team/S2Me).
We met some amazing people and companies this week. We’re expecting as many as four new partners from Central Pennsylvania coming from this leg of the roadshow! Stay tuned for the announcements coming soon!
Keep up with our progress on Twitter, using the #S2Roadshow hashtag. We’re entertaining dammit!
In addition to meeting new potential SecurityStudio partners, John (Harmon) and I attended the inaugural BSides Harrisburg Conference on Wednesday (10/2). The event was held at the Harrisburg University of Science and Technology downtown, and the organizers did a great job!
SPECIAL SHOUTOUT to Julie Goolsby. Julie is the Director of Professional Development Programs at Harrisburg University of Science and Technology, and she was instrumental in coordinating everything for the event. She is patient, responsive, and incredibly effective.
I’m sure there were others who helped Julie, but we coordinated with her the most.
There were ~300 – 400 people at the conference (my guess), and maybe a dozen vendors. I didn’t speak until 10am, so John and I took in the Opening Remarks and the Keynote. The Keynote was presented by Ken Bechtel, a very well-respected Malware/Threat Researcher with more than 30 years under his belt. I shuddered when he mentioned boot sector viruses of the 90s. I started my (paid) career cleaning boot sector viruses from Windows 3.1 machines.
Ken has been around for a long time and he’s got a boatload of wisdom to share. Crazy how much he’s seen and how many malware packages he’s reversed. Most people haven’t heard of Ken because he’s one of those behind the scenes kind of guys. Sort of like me. He and I are both most comfortable in a dark room behind a keyboard somewhere. After his talk, we spent 30 minutes or so sharing stories and laughs.
NOTE: Ken informed me that he’s in the market for more/new work. Get in touch with him if you’d like to inquire. Here’s his LinkedIn Profile.
This was one of those talks where I didn’t choose the title, but one of our marketing folks did. The title was “WANTED – People Committed to Solving our Information Security Language Problem”. Alright, let’s do it!
Finished my slides in a small coffee shop in Columbia, PA. SHOUTOUT to Café 301 in Columbia, a great little coffee shop in downtown. Good coffee and a great place to finish presentation slides.
My talk was in the event auditorium. There’s this slight fear of giving a talk in a large room (or in this case auditorium) and having a small audience. Thankfully, attendance was good, and it looked like the place was almost full. Phew! The talk was also livestreamed I hear.
SIDE NOTE: The very first talk I gave after starting FRSecure in 2008(ish) was at a conference in Bloomington, MN. This was my first ever talk, so I prepped thoroughly. I was early to the venue. I got to my room early. I got setup early. I was raring to go! One problem. Nobody came. Zero attendance. A good dose of humble pie, but ever since that day, I’ve said to myself, “as long as there’s more than zero, it’s a good day for a talk”.
I think the talk went well. There were awesome questions, and there was a dozen or so people who came up to talk with me afterwards. If you’re interested, a copy of my presentation can be downloaded here. If you want to watch the video, BSides live-streamed it, and you can also see it here.
Back to the Conference
We spent the remainder of the conference roaming the floor, striking up conversations, and attending other people’s talks. The two talks that I particularly enjoyed, so more SHOUTOUTS:
- Rae Baker’s Open Source Intelligence 101: Finding Information on Anyone was a great introduction to OSINT. Really enjoyable presentation, and she nailed it!
- Brandon Keath’s Hacking Yourself First, Penetration Testing for the Blue Teams: Part 2 was great. I had to miss Part 1 because I was in Rae’s talk. Brandon knows what he’s talking about and I really liked his dry humor. Good stuff.
We wrapped up the day with a few more introductions to potential partners, then headed off for BBQ (reviews below) and hotel work.
BSides Harrisburg was a GREAT CONFERENCE.
Cybersecurity Awareness Summit
Thursday’s agenda included attendance at the Cybersecurity Awareness Summit. This summit was also held at Harrisburg University of Science and Technology. The theme for this conference was “Caring and Sharing to Safeguard Our Citizens. Cross-collaboration Among Government & Education Makes Pennsylvania Safer & More Secure.”
I sat through the following:
- Welcome– Eric Darr, PhD, President Harrisburg University
- Opening Remarks– John MacMillan, Deputy Secretary for Information Technology and Chief Information Officer, Commonwealth of PA
- Security Challenges Confronting Government and Schools and Benefits to Collaboration & NASCIO’s Cybersecurity State of the States Report– Erik Avakian, CISSP, CRISC, CISA, CISM, CGCIO, ITILv3, Chief Information Security Officer Commonwealth of Pennsylvania and Srini Subramanian, Risk and Financial Advisory Lead, Deloitte
- CISA: Cybersecurity Resources for State and Local Governments– Benjamin Gilbert, Cybersecurity Advisor, Cybersecurity and Infrastructure Security Agency
I will be PC in my feedback, although I don’t really want to. Mr. MacMillan is a very sharp dresser. Mr. Avakian has a nearly impossible job and needs more help. If Mr. Subramanian would have said “cyber” one more time, my head would have exploded. Mr. Gilbert was a good guy who used a helluva lot of acronyms.
I have a ton of respect for state CISOs. They do very hard work in a (sometimes) very hostile environment with less support.
RANT: Somehow, we’ve gone from using the words information security to cybersecurity to just “cyber”. Information security is NOT “cyber”. I get it, “cyber” sounds a lot cooler. Maybe using “cyber” helps you sell more $*!%. Certainly, the hipsters are impressed by the word. The truth is, using “cyber” as a reference to information security is NOT helping. Words matter. Use a dictionary.
I’m a stickler for this because I’ve been part of this army, and we’ve fought very hard to make information security a business issue, NOT just an IT issue.
OK, off the soap box now.
Benjamin Gilbert did a great job showing us all that CISA has to offer. They are trying to do everything for everyone though. This will get very expensive (to taxpayers) and will be less than optimal (wait lists, skill shortages, etc.). CISA provides a lot of value, but it would be nicer to see them do one or two things really well versus doing a whole bunch of things sort of half-assed.
This conference was very well attended and overall it was great. Seriously, it was.
A roadshow isn’t a roadshow without a heathy dose of BBQ, or lots of doses of BBQ. John and I promise to eat at all the best BBQ places we can find during our travels and provide you with the lowdown. It’s the toughest part of our job, but you can count on us. We’re in it to win it!
We rate each BBQ joint we try on four characteristics on a scale of 1 (sucks) – 10 (best); Atmosphere, Service, Portions/Value, and Taste. The overall rating is the average of the four.
Sweet Lucy’s Smokehouse – Overall: 6.75
- Atmosphere – 9
- Service – 6
- Portion/Value – 6
- Taste – 6
Our first stop after landing in Philadelphia was Sweet Lucy’s Smokehouse. The BBQ was good, but not great. The best thing about the place was the really cool atmosphere.
Mission BBQ – Overall: 8
- Atmosphere – 7
- Service – 10
- Portion/Value – 7
- Taste – 8
We ate at Mission BBQ in Harrisburg in the evening of the first day. I wasn’t that excited for it because I knew it was part of a chain, but it was the closest BBQ joint to where we were staying. The staff was AMAZING. I can’t remember ever getting better service that we did at this place.
The cashier asked us if this was our first time at Mission BBQ. We said it was, then she proceeded to tell us all about the menu and how they make their BBQ.
Once our order was ready, the lady behind the counter asked us if it was our first time at Mission BBQ. We said it was, then she proceeded to tell us all about the sauces and how to help ourselves.
After we sat down to eat, another lady came by our table three or four times to make sure we had everything we needed. She cleared our table for us too (even though this was a self-service joint).
The service was exceptional, so I rate it a 10. The food was good too, the best being the jalapeno cheddar sausage.
Redd’s BBQ – Overall: 7.25
- Atmosphere – 8
- Service – 5
- Portion/Value – 9
- Taste – 7
After almost 24 hours without BBQ, we made the drive from Harrisburg to Carlisle on Wednesday night. We enjoyed some good (again, not great) BBQ at Redd’s BBQ. The atmosphere was pretty good and the portions were large. Service was so-so; the waitresses spent more time chatting with each other than they did helping their customers. Overall, this was good BBQ and it was worth the drive.
Shakedown BBQ – Overall: N/A
- Atmosphere – N/A
- Service – N/A
- Portion/Value – N/A
- Taste – N/A
The disappointment of our BBQ adventure came when we made the drive out to Grantville only to find the Shakedown BBQ was closed. This was one place that came most recommended from the people we talked to at BSides. Before making the drive, we confirmed that the place would be open, both online and through a friend of the owner. They were supposed to open at 11am on Thursday, and we got there at 11:15. A paper plate was hung on the front door saying they were closed. Ugh.
Divine Swine – Overall: 8.5 – #S2Roadshow Week 1 Champ
- Atmosphere – 7
- Service – 8
- Portion/Value – 10
- Taste – 9
After the Shakedown BBQ disappointment, we swung over to Manheim, where we found Divine Swine. This place takes the crown as the #S2Roadshow Week 1 BBQ Champ. The best tasting BBQ we had on the trip and huge portions. If you’re in the area, you have to visit this place!
Maybe we’re BBQ snobs, maybe not. One thing is certain, we enjoyed all of the BBQ we ate, and we’re pumped for next week’s adventures.
Next Week’s #S2Roadshow
I’ll be heading to Orange County, California. I’m speaking to the fine folks at the Orange County Chapter of ISACA on Tuesday. I’ve got a bunch of great meetings on Wednesday and Thursday with some potential partners and other security folks. If you’re in the area, let’s hook up. We can talk security and grab some BBQ. If you’ve got some BBQ recommendations, let me have ‘em!
John will be in Madison, Wisconsin speaking at an event hosted by Applied Tech. He’s going to be joined by Steve Krause, SecurityStudio’s Partner Manager. If you’re in that area, go hang out with John. I think he’s funner than I am.