bSidesLondon is approaching fast!

Time flies when you have fun (or if you are absolutely buried in work) and nothing proves that better then the realization that bSidesLondon arrives in less then three weeks from now. There are still lots of things to do to ensure it will be a great day for everyone involved but, knock on wood, so far it’s looking very good. Matt, Iggy, Mital and everyone else is doing a fantastic job pulling the strings and making sure pieces are falling in place (rarely having to use a hammer to make the puzzle obey). Speakers are feverishly finalizing the last bits of their presentations (well, assumption my part but you’re doing that in time, right? Right?) and participants – or shall i say future speakers & volunteers – are busy with travel preparations.

There are a few things that deserve special mention and i wouldn’t do Iggy’s reminder justice by merely rephrasing it so i simply repeat the main points below.

1.      Tickets! Yes sorry to bang on but as you know we have a large and restless waiting list, so if you are not coming let me know ASAP. Please don’t think you can just give your ticket to someone else as we need your contact details in the entrance list.

2.      Did I say Tickets?? Fine you may not want to cancel the whole day BUT if you know you are only coming for part of the day TELL us!  Space is in such demand that we could issue you a ½ day ticket and allow someone else in the other half of the day.

3.      Track 3 (the unconference track) has been added to ensure that even if the scheduled talks don’t hit your “infosec spot” you can use this session as you wish. There will be a notice of “Chatham House Rules Apply” if you so wish to use it, after all BSides is organic. Bookable in blocks of 30 minutes, it fits 20-25 people for those cosy spontaneous talks.

4.      Food&drink. We will be providing coffee/tea and water through the day. Lunch and other solids will be provided during scheduled breaks. The venue has asked us to ensure you do not consume your own food or drink in the premises and NO ALCOHOL. There are plenty of bars, cafes etc nearby if what we offer is not to your taste.

5.      Video recording and photographs: with the exception of Track 3 GALAXIANS room all other areas and talks will be both recorded and photographed. These digital recordings will be published and used for Security B-Sides promotions, educational streams and will be published in multiple mirrors so others can enjoy at a later stage. Consider this email your notification, as your acceptance of the ticket assumes your consent for these recordings to be used. IF you do not wish to be filmed, must let you us know in advance or wear a big paperbag on your head so we can easily identify you and erase you from any recordings.

6.      Sponsors and benefactors always needed. My dear colleagues as you know, while this event is free, the UK isn’t, so if you or your company can support this type of gathering then DO contact us! You don’t have to be super rich to get some sponsorship package going. The infosec community needs everyone to participate and collaborate and Matt is waiting to hear from you.

7.      CPEs. Scheduled tracks allow for you to crank up to 6 CPEs but as you know these can be audited so we will provide a PDF form on the website and the wiki for you to download, print and bring. We will be happy to sign off the sessions you attend BUT is all up to you.

8.      Travelling from Infosecurity Europe (SW5 9TA) to BSidesLondon (EC1V 7DP) and vice versa.  Many of you requested help so here it is. Nearest Tube Station to the venue: BARBICAN nearest to InfoSec: EARL’S COURT.

·         Get the green DISTRICT LINE (towards High St Kensington or Edgware Rd)
·         Change to yellow CIRCLE LINE or maroon HAMMERSMITH & CITY LINE and
·         get off at BARBICAN then walk to venue (or if you are lazy like me) catch bus 4 or 56 from stop BA and alight at “Clerkenwell Rd/Great Sutton St Stop BT.

9.      After party… we’ll keep you wondering for a little longer 🙂

There you go, please make sure you contact the team at bSidesLondon if you have any questions. As for point 8, public transportation, i thought i’d mention that the venue is easily reachable by foot from Farringdon Station or Old Street Station as well if that is more convenient for your travel connections. Won’t take much longer than about 10 minutes if you are not opposed to a little march. You’ll pass a couple coffee shops, restaurants and groceries stores too.

Don’t forget to have a look at the running order for the day and plan ahead what you’d like to see!


Yes, as Iggy said in point 7 – this curious species is always needed and welcome. When i sat at my desk the other day and looked at the bSidesLondon website i asked myself – hey, that’s an interesting logo, wonder what those guys are about – and it occurred to me that others might be wondering about our fabulous sponsors as well. So here you go, a quick overview that satisfied my curiousness at least.


AlienVault What they say about themselves: “AlienVault provides the SIEM technology for more than half of all SIEM users. A focus on delivering quality solutions to the most challenging aspects of Information Security Management drives the AlienVault team to continually improve on the success of AlienVault Unified SIEM.” 

Probably best known for their excellent OSSIM community edition. Their cloud based SIEM looks like it’s worth a try too.


Astaro What they say about themselves: “With over 56,000 installations, Astaro protects business, school and government networks against IT security threats. The award-winning Astaro Security Gateway combines the latest technologies in one easy-to-use solution, providing complete protection for your headquarters, data centers and branch offices” 

These guys have great security gateway solutions. I’ve tried their free edition a few years back and was quite pleased.


DigitalPersona What they say about themselves: “DigitalPersona, Inc. is a global provider of endpoint protection solutions and biometric authentication products that make strong security simple, practical and affordable for businesses of all sizes.” 

I wasn’t familiar with this one before which might have to do with their focus on multifactor authentication and identity management. Interesting, especially considering RSA’s fubar of 2 factor authentication.


GFI What they say about themselves: “GFI Software provides a single source of web and mail security, archiving, backup and fax, networking and security software and hosted IT solutions for small to medium-sized enterprises (SMEs).” 

Lots of good software comes out of this company. Especially their Languard solution (also have a free version) was a great little lifesaver for me in the past. Now with extra awesomeness since they acquired Sunbelt Software.


Netwitness What they say about themselves: “NetWitness is a revolutionary network monitoring platform that provides enterprises a precise and actionable understanding of everything happening on the network. NetWitness solutions are deployed in customer environments to solve a wide range of challenging information security problems including: insider threats, zero-day exploits and targeted malware, advanced persistent threats, fraud, espionage, data leakage, and continuous monitoring of security controls.” 

I obviously like their free Netwitness Investigator product but they have more to offer than that. If i have some time i’d definitively like to give their Spectrum solutions a try and see what network based malware investigation has to offer.


RandomStorm What they say about themselves: “RandomStorm was formed in 2007 to provide a proactive vulnerability management service for companies and organisations that take network security seriously and need to demonstrate maximum due diligence in protecting personal and corporate information.” 

These guys seem to focus on threat and vulnerability management with half a leg in managed security services. Oh, and not to forget they are behind the Damn Vulnerable Web Application (DVWA) distribution.


Realex Payments What they say about themselves: “Realex Payments is a leading European online payment gateway, providing a range of payment processing services for businesses selling online.” 

Have to say payment gateway providers are not one of my main areas of knowledge but i can see why these guys would be big in security and i’m certainly glad they are considering one of their customers might handle my money 🙂



TrustWave What they say about themselves: “SpiderLabs is the advanced security team at Trustwave focused on application security, incident response, penetration testing, physical security and security research. The team has performed over a thousand incident investigations, thousands of penetration tests and hundreds of application security tests globally.” 

Well, what to say; SpiderLabs do have quite a reputation and if you’re looking for penetration testing or are just interested in their research go check it out.


StackOverflow What they say about themselves: “Stack Overflow is a programming Q & A site that’s free. Free to ask questions, free to answer questions, free to read, free to index, built with plain old HTML, no fake rot13 text on the home page, no scammy google-cloaking tactics, no salespeople, no JavaScript windows dropping down in front of the answer asking for $12.95 to go away.” 

A community driven site to help you finding answers to questions around development of code. Great resource even tho i’m not much of a programmer and rather be over at their ServerFault site.


Syngress What they say about themselves: “We are for professionals who want theoretical as well as tactical information on securing in the digital world. Whether you are complying with regulations, breaking or protecting a system, or analyzing a system and extracting evidence, we have high quality expert advice to make you better at what you do.” 

Not much to explain; everyone who ever so much as looked at a security related library/shop will remember their great publications. Go check their free e-booklets if you haven’t already.


Tiger Scheme What they say about themselves: “The TIGER Scheme provides a means of independently certifying the skills of vulnerability test (penetration test) engineers.Our qualifications and memberships are graduated and progressive, ranging from Associate Membership to the Senior Security Tester qualification which has been assessed by CESG as equivalent to the CHECK Team Leader Assault Course.” 

I had admittedly no idea what this is but i’m glad i spent a few minutes looking into it. I guess aspiring penetration testers, especially in the UK, could do worse then investigating what Tiger Scheme has to offer.


Tripwire What they say about themselves: “Tripwire IT solutions—take control of the IT infrastructure with visibility, intelligence and automationPersistent weaknesses in information technology systems put sensitive data at risk for theft, improper disclosure, loss of privacy and non-compliance with security policies and regulatory requirements. Organizations need assurance that security controls are in place and operating as intended to protect their IT infrastructure.” 

Tripwire is one of those companies which name is synonym with security. They’re big for their integrity solutions but they have loads of interesting things going on now, especially around compliance and virtualization.


upSploit What they say about themselves: “upSploit aims to bridge the gap between security researcher and vendor. By using our simple and easy to use Advisory Management Solution the researchers can be assured that the correct vendor is alerted to the problems found. Our policy is: Automated fair distribution.” 

Spawned out of the never-ending ‘coordinated disclosure’ discussion upSploit acts as an intermediate between people who want to report a vulnerability but don’t have the patience to deal with vendors. If I would find a vulnerability I’d probably look how these guys could help me.


Versprite What they say about themselves: “VerSprite was created to fill a void in the area of security consulting where most firms continued to sell security products and services based upon compliance fear factor techniques in lieu of value added services. We understand that value must serve as the cornerstone to any security investment and have since been committed to depicting information security as a value added component” 

I didn’t come across this information security consultancy before; they seem to be pretty much a one stop shop for anything information security services related.

Obviously i’d encourage you to venture off to some of the sponsors websites yourself for some exploration. These are all good companies, after all they are sponsoring at least one SecuritybSides event!

Finally – Just thought i’d make sure this is clear; all comments and views are my own. If you don’t like what i wrote about any of these companies or if you don’t like to see your companies logo here let me know.