Here's a list of the talks that I'm going to get myself along to at Blackhat and DEF CON this year, and why...
Kim is a phenomenal investigator and someone I consider to be "one of the good ones" when it comes to thorough, compelling, accurate journalism on the intersection between cybersecurity and international relations. Her book "Countdown To Zero-Day" is my go-to recommendation for newcomers trying to understand the role hacking plays in world order. This will be an amazing keynote.
If you've never seen Chris speak before, catching this one is worth it for that alone - His presentations are a masterclass in communication and leadership around inherently complex and thorny topics. I was fortunate to get to know Chris while working on the VDP aspects of #protect2020 (including a minor swag contribution) and I'm looking forward to hearing the note he'd like to strike for the Blackhat audience.
Dylan Ayrey and Whitney Merrill: Bug Hunters Dump User Data. Can They Keep it? Well They're Keeping it Anyway
Despite the slightly click-baity title, this talk will be an interesting elucidation of some of the issues around toxic data management in offensive security testing. Definitely something for hunters and bug bounty platforms to be thinking about, and an important issue to surface for all kinds of other "fix it by breaking it" companies as well.
Katie Mosouriss: Bug Bounty Evolution: Not Your Grandson's Bug Bounty
I've known and fought alongside @k8em0 for the role hackers play in securing the Internet for almost 10 years now, and have always admired her ability to see around corners in this space - I'm looking forward to hearing her share her thoughts on what comes next.
Lennert Wouters: Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal
Lennert is a hardware force-of-nature and SpaceX are a long-term Bugcrowd customer - This will be a fascinating unpacking of the convergence of satellite technology, consumer technology, and what the Internet itself is probably going to look like in 10 years time.
Jonathan Leitschuh: Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All
Jonathan is a relentless and systematic security researcher and this talk is a product of the time he spent under the Dan Kaminsky fellowship - Combine that with the Internet's sudden collective awareness of how challenging the F/OSS security problem is, and there will be a lot of gold in this talk as he lays out some of his potential solutions to the problem.
I've had a preview for this one and it's going to be a cracker. I've had the pleasure of getting to know Sick Codes over the past few years through The disclose.io Project and the community played a solid role in helping run these vulnerabilities to ground... plus it's Sick Codes' first time speaking in Vegas!
DEF CON Policy Department: https://defcon.org/html/defcon-30/dc-30-policy.html
Nuff' said... Check out the schedule and the setup - It's going to be amazing.
Leonard Bailey and Harley Geiger: Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research
Leonard and Harley are two people I have immense respect for and have learned a tonne from when it comes to the intersections between legislation, security research, and the safety of the Internet, and if the legalities around hacking interest or concern you, this will be a great talk to attend.
Trey Herr, Eric Mill, Harry Mourtos, Jack Cable: Return-Oriented Policy Making for Open Source and Software Security
This is one heckuva line-up and what I'm sure will be a robust and thought-provoking conversation.
Shoutout to the BSidesLV and Diana Initiative as well, the schedule changes for the week combined with a tonne of Bugcrowd commitments mean I'm a little more landlocked than normal this year, but I've heard there are a tonne of good talks at these events as well and encourage folks to check them out - At the very least I'll be swinging by both events to support and say hello :)
Of course, this is Vegas - and no plans survive first contact - but if you fail to plan you plan to fail, and these are my big rocks to fit into the schedule first... What talks are you getting psyched for? Tweet me at @caseyjohnellis!