One of the most amazing benefits of working at Highgroove is the yearly conference requirement. You are required to go to a conference of your choosing–on the company’s dime–and report back with what you learned. What’s even more amazing is that the conference you choose doesn’t have to be something Ruby-centric or Railsy (though we do love those conferences too). Read on to see how I conned the company into letting me attend two conferences during my yearly outing in NYC.
Summercon is a fascinating security conference. It is a study in contrasts when compared to larger well-known conferences such as Blackhat, Defcon, or even CanSecWest, ReCon, or the bevy of new conferences that have sprung up in the past few years. The main difference between Summercon and the others is its size. Hosted at Littlefield NYC in Park Slope, Brooklyn, the conference has one track, with few but very carefully chosen speakers, and fewer than 200 attendees. The Littlefield is a concert space, not a conference space, and that small difference makes the event feel like a get-together with some of the smartest researchers in the field, instead of a capital-C “Conference.” Big conferences with a focus on multiple tracks, trainings, and networking events can be great, but many of us learn more when the emphasis is on talking with peers, instead of sitting and listening to experts.
The speakers at Summercon are very carefully chosen and the topics are of a highly technical nature, often with a focus on offensive technologies rather than defensive ones, and in particular the low-level details of offensive tools used in computer security today. Highlights of Friday’s round were Jon Oberheide and Charlie Miller’s talk on Google’s Bouncer program, a system of vetting Android applications before they hit the store, and Dr. Raid and Aaron Portnoy’s discussion of their new plugin for IDA Pro that makes reverse engineering a much less painful process. The talks were not only hilarious, but they also showed brilliant research and methodology or great engineering. In many ways, Summercon feels like two straight days of Highgroove tech talks, and to be honest, that sounds like a load of fun!
Then I cheated. I went to another conference while I was in NYC. Loren Norman of MailChimp was in town to attend Barcamp NYC, and he turned me onto this entirely different event. BarCamps are “un-conferences,” meaning that attendees choose topics and self-organize what effectively become working groups on the selected subjects. I helped organize a security group with topics ranging from cloud security to hacker methodologies to how we secure our own particular stacks on various projects. A track on code review was then proposed, and most of the attendees from the security group found themselves there as well. The code-review session was a fascinating chat in which we discussed tools and methodologies for review, as well as our motivations for reviewing. I was surprised to see that even those working in “enterprise” environments using large, heavyweight design process were interested in integrating a simple code-review process–a step in the right direction, I think.
The sponsors at BarCampNYC were extremely generous, providing breakfast, lunch, and a pre-party–and, as a side effect, a fantastic opportunity to meet like-minded developers in a variety of fields. I met many people who call themselves founders but are also lead developers, CTOs, CFOs, and office managers all rolled into one. As someone who is strictly a developer, meeting such driven and interesting people always motivates me to hone my craft and expand my skill set.
Thanks to Summercon’s leisurely Saturday schedule, I was able to duck out of BarCampNYC and arrive only a little late back at Summercon. That day, there was a great talk on very low-level radio hacking from Travis Goodspeed, as well as an amazing presentation by Alex Sotirov on the cryptographic attacks on the Microsoft Update service used in the recently discovered Flame worm.
While these topics are pretty far from Ruby and Rails, web-based API development, and our other specialties at Highgroove, the way we think about engineering is not far from the ways that security researchers think about building and breaking robust systems. If anything, the slight difference in domains forces a non-expert to think just far enough beyond their comfort zone to learn more than if they were talking to a peer on matters about which they are completely comfortable. Summercon and BarCampNYC are both fantastic events because the attendees put so much into making them great!
When choosing your conferences what do you look for? How do you make the most of your conference outings?
Image credit: apreche