InfoSec 101 - Part One: Networking, Conferences, and Meet-Ups

Credit: https://medium.com/pluralsight/the-ultimate-list-of-information-security-conferences-in-2018-ebe7fcf3bd71

(If you’re wondering where the previous part is, click here!)

Do you enjoy socialising? Learning something new? Having the occasional drink, or getting free stuff (swag)? Well, you’ve come to the right place. Generally within this industry, it is about what you know, but being acquainted the right people goes a long way too. This may be the case when you’re trying to find a job, sharing experiences and findings, or getting support from your colleagues. There’s no better way to facilitate this than attending networking events.

There are two main types of events where you’re able to meet new people, and grow as a professional by way of networking, or becoming more educated on a particular topic:

• Conferences — these are usually two or three day events that host presentations and workshops covering a wide range of fields within the industry; that being said, there are conferences too that focus on a specific field of interest. Conferences tend to exhibit their sponsors and other vendors who help support the event.
• Meet-Ups — local meet-ups are smaller affairs, in regards to the number of people who attend, and what is presented to its audience. Each event focuses on one aspect of security that the researcher or professional is knowledgeable on, and there is time afterwards to network with those in the community that have varying levels of experience.

My recommendation here is to not waste these opportunities to meet new people. Initially, I too felt very uncomfortable approaching complete strangers in the hope that I could simply introduce myself and get to know others. But with experience, it will only get easier and it will benefit your career.
Secondly, remember to always be considerate and welcoming to those you speak to. These events serve the purpose of bringing this community together in an enlightening and collaborative way, so don’t ruin the experience for someone else.

A quick note before I go through some of these events: they are specific to my own experiences, and as such will be highly Australia-focused. I have, however, added international meet-ups and conferences that have crossed my radar.

Conferences (within Australia):

• BSides Canberra: two-day conference that is the cheapest to attend nationally, and you’re able to participate in CTFs, lock picking and hardware hacking villages, and watch the presentations.
  There is also a BSides Perth, Brisbane, and Melbourne; view here.
• Crikey Con: two-day conference in Brisbane where excess profits are donated to local charities. Their CTF is the most variant form of a challenge I’ve participated in, so you’ll have the chance to meet people with a wide range of skills (I’ll go through what a CTF is in later instalments).
• OzSecCon: this is one of the only conferences within the country that I know of that focuses on physical security. There are talks, professional training, workshops, and competitions on lock picking, evidence tampering, and much much more.
• Cyber Conference: amalgamating the AISA and ACSC conferences, is a three day con held in Melbourne which invites a wide range of delegates, not just from the security industry.

Conferences (overseas):

• DEF CON (Las Vegas): the world’s largest hacker conference. This four day event cannot be summarised within four sentences, so take a look at the website and feel free to ask any questions that you may have.
• BSides (Internationally): the full list of BSides conferences globally can be found on their home page.
• Other notables include: Black Hat (US), KiwiCon (New Zealand), Chaos Computer Club (Germany), RSA (US and Japan).
• For the most comprehensive list of international conferences I’ve seen, check out https://infosec-conferences.com/, and also the credit tag of this articles image has an incredible catalogue of US-based conferences amongst others: https://medium.com/pluralsight/the-ultimate-list-of-information-security-conferences-in-2018-ebe7fcf3bd71.

Meet-Ups:

• SecTalks (Sydney): as one of the volunteers for this meet-up, sure, I’m biased, but this is an awesome group to join. Meet-ups are held every second Tuesday of the month, that covers a wide range of topics, workshops, and CTFs. SecTalks has a global presence, so be sure to check out the their website for a full list.
• DC011612 (Sydney): this DEF CON group meets once a month too, usually on a Thursday. With a much more casual vibe, you can come in, grab a slice of pizza, and be a part of security related discussions, workshops, or even a different style of CTF like Trace Lab’s Missing Persons.
• DEF CON Groups: for international groups, and for US-based groups.
• CryptoAustralia Digital Self-Defence and Privacy: this is a group dedicated to helping users embrace their right to privacy, and demonstrating how to maintain safe practices while being online.
• OWASP Application Security: this meet-up is focused on application and web security, and devops (which ties development of software/applications and operations, both requiring security from the get-go).

Some other groups that may be of interest:

• SANS Community Nights: SANS Institute, known for its security training courses, also hold regular (free!) community nights globally which consists of one presentation, and the rest of the time allocated towards networking.
• Australian Women in Security Network: all genders are welcome here nationally to connect with other security professionals of all backgrounds, careers, qualifications, and age, to inspire, learn, and support those within the industry. Take a look at their website for all Australian locations.
• Women in Security and Technology (WIST): WIST is a community driven group that aims to support women in the infosec industry across five countries. Check out their meet-up page for any events near you, and there is also good coverage on their Twitter profile.

Once you start attending events like these, it’s astounding how quickly you’ll learn about other meet-ups in your area, see similar faces, or hear different about experiences that make you reflect on your own journey in this industry.

Check out Part Two of this series here!