This is my first post so why not blog about the unbelievable experience that was BSides Detroit.
A little back-story
About two years ago after seeing the photos and hearing the buzz from the first BSides event in Las Vegas and then watching cities like Boston and Austin fall in line with BSides events of their own I thought it would be an amazing event for an area (Detroit) that doesn't have anything like that anymore, yet I felt we had a large and growing IT and InfoSec community. So I reached out to a few people on twitter and on the BSides mailing list. I was put in contact with @securelexicon and while he had interest at that time his work schedule was one that wouldn't allow him to really plan and help out.
I was slightly discouraged because I didn't really know any local people in the InfoSec industry. I had been doing IT admin work for years but I had only done InfoSec for the last three years and I really knew no one. It was only recently that I had found twitter and the large and growing community there. So at that time I backed off of the idea of BSides Detroit. Work was crankin and I was going to training and I have two kids so it wasn't like I had a bunch of free time anyways.
Fast forward a year and some change and I start seeing talk of a BSides Detroit event (I think it was first referenced on HNN) So I got on the Security BSides mailing list and posed a question about BSides Detroit planning. It was there that someone pointed me at @hushedfeet. I contacted him and the whirlwind that is BSides Detroit began. Planning went fast and furious at that point (or so it seemed) We decided on a date and started the search for venues. At the time we all agreed that the Renaissance Center in downtown Detroit was about as symbolic of Detroit as one could get so we moved forward with that as our venue. This is where the difficulty comes in. Venues like the Renaissance Center are expensive but we thought that wouldn't be too much of an issue, but they wanted the money now, now, now. We are driven by sponsors so that the PARTICIPANTS get the most out of their time spent at an event like BSides so we didn't have our sponsorship monies squared away yet, but it was okay because at that time RenCen was flexible with us. They understood our plight. At about a month and a half out the sponsors were falling in line, the CFP submissions were coming it (not as fast as Kyle or myself would have probably liked, but what can you do?) and it seemed like everything was going to work out. My stress level was pretty normal.
4 Weeks Away
This is where it started to get crazy and stressful. I'm talking with our contact at the RenCen and she all of s sudden is interested in exactly what type of event this is that we are throwing. I explain it is a conference for information security professionals. She seems OK. She then asks if we have a website. Why yes, yes we do have a website. She asks for me to send her the links, which I do. Ten to fifteen minutes later I have a voice mail on my cell. It's her, she's flabbergasted and stammering on about how there is a "person in the logo with a gun and this person is telling you to come with him or else" Her words, honest. I explain that it is a satirical play on the whole RoboCop statue issue that was prevalent in the local news for the last 6 months. She has no idea what I am talking about and all she can say is we can NOT have that kind of event at our venue. I ask her about changing the logo. She says its too late. I politely say ok, and hang up. Then I called Kyle and proceeded to freak out on his voice mail. After not hearing from him right away I hit him up on IM which was our primary method of communication during the planning process. He got back to me pretty quickly but I don't think it sunk it what I was saying because he was going on and on about different things and options for food, etc. Finally I straight up said it. The RenCen had backed out on us with 4 weeks to go before the conference. After some initial WTF moments Kyle said he would call her. He explains to her what BSides is all about, how the logo is a joke, and she holds firm. There was no way they would do business with us. So Kyle spoke to Mike Dahn from the Security BSides organization and he gives it a go with this very unhelpful woman. At one point she said to Mike something along the lines of how "We live in a post 9-11 world" blah, blah, blah. I believe it was at this point that Mike realized that she wasn't one to be reasoned with. We were moving on.
Finding a new venue....T-minus 3 weeks
I started to solicit quotes for use of various venues around Detroit. The Masonic Temple, The Magic Bag and the Majestic to name a few. They came back pretty quick with quotes for what we could do. All pretty expensive and needing to know RIGHT NOW if we were going to do an event in 3 weeks at their place. But I kept thinking about the two Detroit hackerspaces. One is in Ferndale and is called i3 Detroit. I had never been in there but someone I knew had and they didn't think it had the room to support our conference, not to mention the location wasn't inside of the Detroit city limits. Not a deal breaker but we still wanted to be a Detroit affair. The other one was OmniCorp Detroit. OCD is in the Eastern Market part of Detroit. Eastern Market is like a giant Farmers market on steroids. More produce and food stuffs than you can shake your fist at on a Saturday all surrounded by restaurants, warehouses, meat packing plants and food distribution centers. It is a amazing piece of Detroit that everyone should see if they are in the area. So I contacted OmniCorp and they seemed a little interested but kinda scared at what we were trying to bring to them. Kyle and I decided we needed to see the space but we couldn't get down there at the same time so I went one day and Kyle came down the next. This is when we both fell in love with what OCD had to offer. It just seemed so authentic and genuinely Detroit. We after-all are a city of "makers" and "hackers" if you look at our histroy. To Kyle and I this was going to make the event so much better than it ever could have been if it was at a place like the Ren Cen. We decided this was what we wanted so we told OCD this. They were especially hesitant because the event was 3 weeks away, and who could blame them? So Kyle and I worked to calm those fears and tried lay out what exactly BSides was all about. When you think about it the two things (BSides and OmniCorp) are so very similar. The collective at OmniCorp voted and decided that they would allow us to hold the event there. (YAY! and a sigh of relief on my part!) On to the event day.....
BSides Detroit!
To be honest the next two days flew by. Some highlights of day one were Mark Stanislav's talk about his experience reporting vulnerabilities (highly entertaining) and Brett Cunningham, Jack Crook, and Matt Sabourin's talk about Intelligent Fuzzy Hashing.
Then something amazing happened. We had two speakers not show up. Normally this wouldn't be amazing but what happened during this period where we were scrambling with how were were going to fill up those two hours was. Dug Song came up and started what can only be described as a fireside chat that started out about why people in infosec choose the good side instead of the always more lucrative bad side and from there the chat just morphed into its own animal. People were passing the mic around the room and engaging themselves in a conversation about what we could do to make the community better and ultimately what we could do to make the local InfoSec community better. To me this was a beautiful thing because, as Dug had said earlier, for a long time in Michigan he had felt cut off from this industry that we all so love (much like a abuse victim loves their abuser sometimes I might add) Ultimately what came out of this session was a much greater sense of local "community" and a great new IRC channel on Freenode called #MiSec for Michigan Security professionals to have a place to visit when they can't always make the ArbSec meetings or the local 2600 chapter meetings. After Dug's fireside chat the crowd broke up and some headed home. A few of us grabbed a beer from the guys at OCD (PBR and Oberon's in the fridge rock BTW) and we decided to get some local eastern market pizza. Mikey G from OCD suggested Supino's and it did not disappoint. Dug said he would pick up the tab for the pizzas which was awesome and we walked across the vacant market to pick up the pies. If you haven't had Supino's in Eastern Market I suggest you try it out. Possibly some of the best thin pizza I have ever had. Simply amazing and authentic tasting. Just great stuff.
At that point I rolled outta there to head home and to drop off the left over sandwiches to a local homeless shelter. I pulled up at the shelter and there was only about 6-8 people milling about so I asked if they wanted some box lunches. They took about 12 - 15 of them and I headed on home for the night. I was exhausted.
Day two came and we had another two speakers not show. One got detained at O'hare for having lockpicks, the other had his flight cancelled. We moved some speakers around, made the best of it. Rafal Los was on the dock for the second hour and he was gracious enough to move up a bit into the empty speaker slot. Then the Mic decided to take a dump. It was an epic failure as far as Mics go, but Raf was game and he moved along at one point even using an old wired stand mic with a bad cable for most of his preso. I frantically worked on getting the wireless mic back in working order. (I'm not a A/V guy mind you I just play one at BSides Detroit.) The shure wireless mic takes two 9-volt batteries. One in the Mic and one in the wireless receiver. It seemed that I could never get a good combination of batteries for a good 35 minutes and I had what I thought were about 7 good batteries in my A/V bag. Turns out there were about 3 good ones, 1 semi good one, and 3 bad ones. Raf had about 5 minutes left in his preso when we handed him the wireless shure mic back. In the room it wasn't so bad but the live stream was pretty tough to watch I'm told.
We broke for lunch and sent the participants out into the crowded farmers market to grab some food. We waited a little longer for the lunch crowd to get back because of how busy the market was and that worked out fine because one of the two speakers that didn't show was supposed to go on right after lunch. Instead Jon Oberheide agreed to move up a bit and start his talk a little bit early. I assisted him in locating a fresh PBR and away he went. All I have to say after seeing his "Don't Root Robots" talk is holy crap that dude is crazy smart. @mwjcomputing and I were marveling at how listening to Jon talk makes us feel like we need to go out and learn something to better our skills.
After Jon gave his talk my Co-organizer Kyle got up to give his "Ain't Your Average Blacklist: Catching Synners" talk. Kyle has never presented at a conference but he did fantastic. His talk was interactive and interesting and gives some great thought into how we can visualize a problem like spam. And exactly how he was able to do that. As usual I was running around the venue doing things but I will be reviewing his slides and watching the video over to take it all in....At this point we started the lighting talks section and one guy, whose name escapes me right now, came up and gave a very interesting talk about using a laser to determine what keys are pressed on a keyboard while you are typing. A very interesting talk. After that we all sat around and talked about what we learned from planning and organizing this event and I think we will have this discussion multiple times in the next few months. There were many areas where we can do better and make this a better event, and there are areas where we did a good job. We will work on all of those and work to include more people in the planning process to alleviate some of the stress on Kyle and I and to make this event a great one here in Detroit.
I would be remiss if I didn't mention the awesome Lockpick village the Ann Arbor and Detroit Toool groups put on. It seemed like they always had the tables mostly full for everything @rattis and @bitserve was showing them. And they were constantly teaching people how to pick their first lock. As a locksport enthusiast I love seeing new people get interested in picking locks. A great job by those two guys for getting it all running smoothly and for teaching people how much locks can SUCK!
Big, Big, Big thanks has to go out to our awesome sponsors Arbor Networks, Qualys and Baraccuda Networks! Without these companies supporting what BSides does there is no BSides Detroit. Please take some time to talk to these companies. They are great people! I have to thank my Co-organizer Kyle for putting up with my constant nagging over IM and for all the volunteers and participants. Without you guys this event doesn't happen. You all are the best.
Also a big thanks goes to Omni Corp Detroit and the people within that made the event possible. Mikey G for helping us with whatever we needed. Jeff Sturges for creating such a wonderful and inviting space. @Infosec_rouge said it best when he said in his blog post here that OCD really is a diamond in the rough of Detroit. Thanks for having us guys! Keep giving the hackers a great place to do their thing!
So I think I have rambled on enough. I hope to see everyone in #MiSec, hopefully at GrrCon, and at next years iteration of BSides Detroit wherever that may be!
