Have SCADAs — will travel!

Hi everyone!

Long time listener, first time blogger.  First, I want to thank Cap’n Dave for inviting shoving me aboard the Black Pearl and making me a part of the Liquidmatrix band of pirates.  I am honored!

I wanted to go to Hacker Summer Camp last year, but I wasn’t sure how to make it work…since I am just a SCADA Engineer, not a pentester or infosec rockstar.  This year, our very own James put together what I thought was going to be a shoe-in SCADA panel for Blackhat or DEF CON….and….we were wrong.  I thought I wouldn’t be going again this year until James asked me to be a Blackhat Speaker Proctor – AKA “The James Gang”.  I found out that I had been given 5 talks, 3 of which were SCADA talks.  It just so happened that my wife, Shannon, was accepted as a speaker at BSidesLV and as a contestant at DEF CON Social Engineering CTF.  So…I was going to Las Vegas for sure.  Have SCADAs — will travel!

 

Blackhat

As a speaker proctor, I had to show up the day before the Blackhat briefings for our Proctor Team meeting with James, then attend the VIP party to mingle with the speakers.  The party was great and I finally got to put some faces with names.  I was scheduled to work the 2nd day of the Briefings.  Being a speaker proctor is a sometimes tough job, but it was helpful that I knew several of the speakers.  James put it best – “Speakers are special snowflakes, BH is a blizzard, Proctors are snowplows.”  My speakers did well, so I didn’t have to plow them too bad.  I didn’t see any other presentations, but I did get to meet a lot of smart and cool people…especially my speakers and fellow proctors.

 

BSidesLV

BSides is near and dear to my heart.  I heard about BSides in late 2010 or so…and felt compelled to start BSidesJackson in Mississippi last year.  I was excited to go to “the mothership”, but when we got there…it didn’t feel like a mothership, but more like a family.  I was attending as my wife’s Plus One.  I attended the 1st Day of BSides…and it was awesome to see so many people I had met before or for the first time (even though I knew a lot through twitter).  I attended only two talks, Kati Rodzon’s and my wife’s of course – both were outstanding and gave a glimpse into the way humans work and how they are vulnerable.  The rest of my time there was in the hallway.  I had such a great time.  I was expecting more people, but it felt pretty nice.  The pool party took the cake though.  I actually stayed till they kicked us out at 4AM…I don’t think I’ve ever been to an all-night party before.  The conversations were amazing!

 

DEF CON 21

Well…I had heard many stories of DEF CON and what to expect, but I was pleasantly surprised.  I expected a lot more black t-shirts and  almost no women or kids…but I was proven wrong.  There was something for everyone to do, and I wished I had more time to try it all…especially the hardware hacking village as I had been given 2 circuit boards while standing in taxi lines.  So many smart people doing very cool things.  I attended EFF The Summit with Shannon who was a VIP and mingled with all the infosec rockstars raising money for electronic freedoms.  I only saw one talk, The Fail Panel, which was a riot and it raised money for a worthy cause.  The other times I was in the hallway or at the SECTF village cheering my wife and her friends on.  The women kicked butt this year.  I was also glad I got to check Hacker Pyramid (Jack Daniel recruited Shannon to play, but they didn’t win) and Hacker Jeopardy off the list.  I did bring my Raspberry Pi + PiFace RTU with openDNP3 – an open source DNP3 stack for SCADA, but was really disappointed when I didn’t find anyone that had time for me to demo it.  I could have sworn that everybody at DEF CON was a SCADA expert hacker (tongue firmly planted in cheek).

 

The Community

The infosec community is strong and has many very smart and passionate people.  I got to witness this first-hand at all 3 conferences.  Some moments, people really pulled together to do something great as a team.  In others, people got to see old friends and make new ones.  Some moments felt like family with tears and joyous laughter.  I am glad to have been welcomed into this community by not only Dave, James and Jackie, but the others as well…you know who you are…you too, Dr. Krypt3ia.

 

What’s next?  Bigger and better things.  Looking forward to getting to know y’all a bit better.  Patrick Miller, Jack Whitsitt, and I should have lots of SCADAs for James to talk/grumble about, starting with the EnergySec Summit next month….so stay tuned.

 

Chris Sistrunk, PE

@chrissistrunk