April and the beginning of May have been the busiest since working at KnowBe4. I’ve flown around 15-16k miles in the last month or so and been super busy at conferences and with webinars. It’s been awesome but has left little time for blogging. I’ll recap a little bit of what I’ve been up to here.
GMIS Conference in Brandon Mississippi –
This was a fun conference where I actually got to set up a tabletop and talk to folks about social engineering, ransomware and compliance issues.
InfoSec World 2017 in Chapions Gate, Florida-
I had to make a run for the airport at the end of the GMIS conference to get here on time. I landed in Tampa after midnight and still had to drive to Champions Gate, Fl. It was about an hour drive in the middle of the night, only to get up for an early presentation the next morning. I was surprised at the size of the crowd that early on the last day, but they were very interactive and we had a good session. I kinda messed up on the time (I blame the sleep deprivation) and ended a little early, but spent the time afterword chatting with some folks from the preso and answering questions while the hotel staff cleared the room. I’ve got to tell you, those folks were in the room and stacking chairs quicker than I could have imagined after I stopped speaking. I reasonably sure everyone was allowed to stand before they took their chair and stacked it, but I could be wrong. 🙂
ISSW (InfoSec Southwest) in Austin –
This was a really fun show and was VERY well-organized. As a speaker it is wonderful when the organizers keep in touch as you get close to the event. The ISSW staff was awesome here! I got to sit in some great sessions before and after mine. The quality was certainly there. This was more of a “hacker” convention than some of the more corporate ones, and it was great. I had an impromptu laughable moment as while presenting, my youngest made a purchase request from iTunes. This is a family account, so it popped up on the screen. Not the screen with the speaker notes of course, but rather THE screen. The big one. With my full-screen preso going in all it’s glory. Did you know that if this happens, you can’t just mouse over and click the notification to close it? Nope. It seems you have to stop the presentation to do it. I wasn’t going to do that so the audience and I had a quick laugh about my daughters desire to purchase the Hamilton soundtrack (which we already own) and moved on with the presentation, purchase request hovering in the corner.
It made for a laugh and was memorable. I also did something here I don’t usually do. I added audio to my presentation. If you have never checked out “Lenny” on YouTube, I recommend it for a laugh. “Lenny” is a series of automated voice prompts meant to mess with telemarketers and/or scammers. It’s simply brilliant. It is.
IP Vision Conference in St. Louis –
From ISSW, I had to head to the airport in hurry to make a flight to St. Louis for the IP Vision conference which was a neat twist on the education angle. There were 60 session attendees at 6 tables and 2 people representing a different topic. The attendees were from rural telcos and myself an a coworker, Ray, had the security topics. We sat at each table for about 30 minutes and answered questions on our topic, then moved to another table. It was pretty cool how it all went. At the end, we did a summary presentation of the questions and hot issues. Very cool indeed for the attendees. My only issue was the Pwn-o-matic station set up for the conference, but I see these more and more often. Folks, don’t plug your phone in to random USB ports. Really, just don’t.
IAMCP meeting in Tampa –
Once again I found myself making a beeline for the airport and arriving back in Tampa at about midnight, only to speak the next day. This time it was a an IAMCP (International Association of Microsoft Channel Partners) meeting in Tampa. It was a small group and I spoke about ransomware. This was very interactive and although we went a little over on time, everyone was OK with that because it was heavy on discussion and they were learning.
Tech Buzz in Tampa –
This was another really nice, small, intimate talk. I had a little tabletop set up and got to do a panel talk for a number of resellers. The irony was, it was myself, an Apple rep and a Microsoft rep. I got to sit between them on the panel. I’m still not sure if it was because I was the security guy or not, but either way, it went really well and was fun. I really do like these small event were I can talk to folks about their specific concerns afterword. Helping others is what makes my job so great!
Spiceworks Expert Round Table: Multi-Layered Security Webinar
The day after Tech Buzz, I was honored to be a part of a live video webinar with Malwarebytes, Varonis, AlienVault, and Kaspersky. It was a ton of fun and my first live video webinar. Because the room I usually do webinars in (affectionately known as “The Cave”) is not really conducive to video webinars due to the egg crate foam all over the room for sound deadening, I used an empty office. We are mostly an open floor plan, so quiet places are limited. When we do these sorts of webinars, we dial in early to make sure everything is working and the connection is strong. I decided to mess them a bit, put on a hoodie and a printed Mr. Robot mask and that’s how I introduced myself to the group. It was all downhill from there. The ice was broken and the laughs came easy, leading to a great webinar.
One slight issue occurred during this however. When you are a participant in things like this, it is a good thing to mute yourself when you aren’t talking and communicate with the group via chat. This is done to reduce background noise and make things less distracting. About half way through, a train passed our building. You see, we are VERY close to a train track here. Like VERY, VERY close and since we are in downtown Clearwater, there are a lot of streets the train crosses. Each time it comes to a street, it blows it’s horn. That horn is loud! It doesn’t happen often, but this time it happened right in the middle of the webinar. I was furiously typing in the chatbox, while trying not to LOOK like I wasn’t typing (this was live video after all) telling them not to call on me for anything. Guess what… They called on me. I was lucky enough that the train had moved along enough that I was able to answer and re-mute before it blew it’s horn again. Fun times.
TechPulse Florida in Orlando
After the webinar, I hopped in the car and headed to Orlando for TechPulse. This was a nice conference put on by Verteks Consulting at the Orlando World Center. That resort is amazing. I spent the day hanging out with one of our reseller reps at our little booth and doing one presentation on ransomware. The booth next to us was occupied by Watchguard, which is where we first met up with Ransombear. This terrifying little fuzzball is made from the things that haunt the minds of children on dark, stormy nights. Whomever came up with these is a very disturbed soul.
OPTA Conference in Columbus
3 short days later I found myself in Columbus, OH for the Ohio Public Transportation Association show. I’ve never been to anything like this, but it was pretty cool seeing the various types of busses and related systems (things like camera systems) on display. Here in the Tampa area we have something called the “Jolly Trolley” and I got to see some of those in their generic form.
My booth was next to a company that was a leader in seating. I learned more about bus/mass transit seating than I thought there was. I’m not sure if that will trigger a resume update with the new knowledge, but it might come in handy in some trivia some day.
On a side note, I spotted yet another one of those pwn-o-matics at this show. Ironically I had just warned folks about this in the session I spoke at. Seriously folks, if you see one of these, think twice before plugging in to it. Who knows what lurks behind the scenes. If you find yourself in situations where you are having to use things like this, invest in a power bank, or if at all possible, try something like this USB Condom.
I hit the airport and headed back to Tampa after the OPTA show and spent the next few days doing a webinar-a-palooza. It was 4 webinars in 3 days. I like doing panel-type webinars that involve discussion with other folks a lot more than just presentation type webinars, both kinds serve a purpose. Again, my job satisfaction comes from teaching folks how to protect against scams and ransomware. I love doing this regardless of the format it’s presented in.
BSides Back to Back – Austin then Knoxville
It’s not secret that I am a big supporter of the BSides conferences. I love the low cost and high quality of the events. After the insanity of April, I had some time to catch up on some things, then it was off to BSides Austin where I spoke from 3-4pm, followed the next day by BSides Knoxville where I spoke at 9am. That’s 2 sessions in 17 hours, 900 miles apart. I won’t get in to the logistics of that, but it was pretty wild and hectic, and totally worth it. Both events were awesome and demonstrated how varied they can be. Austin was in a nice learning center with lecture halls where Knoxville was in a bar… starting at 9am. Both events were AWESOME, just starkly different. It’s another reason I love supporting BSides. These were worthy of pics so you can see the difference. 🙂
I also want to say that, the folks in Austin did the charging station thing right! I was super happy to see these lockers that allowed you to secure whatever it was that you were charging, and the locker supplied an AC power plug as opposed to a USB cable hanging out of who-knows-where. Kudos for doing this right!
So, having written over 1800 words now, I’m going to call this update complete. I’m heading to BSides Detroit tomorrow morning and a conference in New Paltz, NY on Monday and will hopefully have some time to do some updates in between. Thanks for reading!
If you enjoyed this blog, please subscribe in the top-right of the page and as always, comments are welcome!
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in InfoSec