Podcasts about appsec usa

**SEASON 2** In this episode, Abhay shares about his infosec journey and how he was introduced to it? He also talks about his current work, his experience of running an infosec company, the communities he is associated with and advice for people starting out & in the infosec industry. We have introduced rapid round questions this season. Tune into the episode to learn more!! Speaker Intro - Abhay Bhargav is the Founder & Chief Research Officer of AppSecEngineer, an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security and DevSecOps. AppSecEngineer delivers hands-on security skills that companies are actually looking for. Abhay started his career as a breaker of apps, in pentesting and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps. He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world's first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, he is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security. He has contributed to pioneering work in the Vulnerability Management space, being the architect of a leading Vulnerability Management and Correlation Product, Orchestron. Abhay is also committed to Open-Source and has developed the first-ever Threat Modeling solution at the crossroads of Agile and DevSecOps, called ThreatPlaybook. Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on. He's authored two international publications on Java Security and PCI Compliance as well. You can reach out to him on, Twitter - @abhaybhargav LinkedIn - Abhay Bhargav AppSecEngineer Website - https://www.appsecengineer.com/ Follow "Stories of Infosec Journeys" podcast on LinkedIn - Stories of Infosec Journeys Twitter - @InfosecJourneys Instagram & Facebook - @storiesofinfosecjourneys Kindly rate the podcast on Spotify and leave a review on Apple podcast.

This modern SDLC has really exacerbated the fractured relationship between developers and security. Often security is frustrated that developers cannot deliver on their laundry list of asks, and in turn, developers are sick of the legacy application security ways that slow down progress. To scale at the speed of DevOps, organizations have to eliminate this friction and improve the relationship between developers and security. Our guest today is Allan Swanepoel and during this episode, he'll teach us exactly how we can do that by bringing the power of automation to your application security program. Allan has a deep understanding of both sides of this issue — for many years he was on the development side before moving over to security after observing the lack of automation that existed in security workflows and processes. Topics discussed in this episode: Why organizations need to embrace a policy-driven prioritization approach to managing security. Why eliminating the friction between developers and security begins with culture. How security teams can get developers to adopt and use security tools. Why organizations hiring security engineers only to have them handling things like Jira tickets is a tremendous waste of talent and resources. How to build an automation mindset within your security team. How security teams can balance automating key workflows with the normal day to day fires. Security lessons from Allan's time focused on infrastructure-as-code and infrastructure automation. Additional resources: Lessons from integrating third party library scanning in DevOps workflow - AppSecUSA 2018 (Keynote that Harshil referenced in the episode).

I know Vandana from her OWASP Bangalore chapter days. I always associated her name with OWASP since that is how I know her. I met her briefly during OWASP's AppSec USA 2018. She is part of various InfoSec activities and has influenced the industry in multiple ways.

There are numerous methods available to uncover and identify operational weaknesses and functional vulnerabilities in both software applications and hardware systems. One manner in particular—running a bug bounty—has become one of the more popular methods in recent years as it can quickly scale to the scope of the environment being evaluated [covering breadth] while also matching expert researchers to specific functional areas of the operational environment to ensure the most covert weaknesses are exposed [encompassing depth]. As with most vulnerability testing methods, the goal is to find and fix these issues before a bad actor does it on the company's behalf. Bug bounties—well, application security overall—is a topic near and dear to my heart. I've helped write craft one of the early bug bounty reports, hosted many podcasts and webcasts on this topic, and I’ve even lead a panel at AppSec USA. One more sign that I am deep into this topic area is that I often make this joke (which isn't laughable I suppose): “ Every company is running a bug bounty; many don’t know it and don’t have a formal disclosure process in place. — Sean Martin With this mindset and background in place, you'll understand why I was excited for two things happening during this year's Hacker Summer Camp excursion: 1) An opportunity to meet—in person—someone leading the bug bounty charge for quite some time: Kymberlee Price, Principal Security PM Manager - Microsoft Security Response Center's Community Programs 2) To explore and discuss the dedicated Bug Bounty micro-summit during Black Hat USA 2019 Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again). I loved this having conversation and hearing Kymberlee's story. Now it's your turn to hear it. Have a listen. ________ We'd like to thank our conference coverage sponsors for their support. Be sure to visit their directory pages on ITSPmagazine to learn more about them. - Reversing Labs: https://www.itspmagazine.com/company-directory/reversing-labs - Bugcrowd: https://www.itspmagazine.com/company-directory/bugcrowd - STEALTHbits: https://www.itspmagazine.com/company-directory/stealthbits - RiskSense: https://www.itspmagazine.com/company-directory/risksense ________ Want more from Hacker Summer Camp 2019 in Las Vegas? Follow all of our coverage here: https://www.itspmagazine.com/black-hat-2019-and-defcon-27-event-coverage-las-vegas-usa-news-and-podcasts Looking for more conversations from Las Vegas? You can find those here: https://itspmagazine.com/itsp-chronicles/chats-on-the-road-to-hacker-summer-camp-black-hat-and-def-con-las-vegas-2019

On this episode, Chris is joined by Josh Grossman, Avi Douglen, and Ofer Maor at AppSec USA. They discuss the AppSec group in Israel and a few important talks you should watch from AppSec USA this year. You can find Josh on Twitter @JoshCGrossman You can find Avi on Twitter @sec_tigger You can find Ofer [...] The post AppSec in Israel and Three Talks to watch from AppSec USA(S04E23) appeared first on Security Journey Podcasts.

On this week, we listen in on the #AppSecUSA talk by Chris about Security Culture Hacking. You can find Chris on Twitter @edgeroute     The post Security Culture Hacking: Disrupting the Security Status Quo (S04E20) appeared first on Security Journey Podcasts.

On this episode, Chris is at AppSec USA and is joined by Swaroop to talk about iGoat. They discuss how iGoat relates to WebGoat and how they can be used for pen testing. You can find Swaroop on Twitter @swaroopsy The post iGoat and iOS Mobile Pen Testing (S04E16) appeared first on Security Journey Podcasts.

On this weeks episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA. We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in depth than ever before on the show, and we hope you enjoy! Rate us on iTunes and provide a positive comment, please! The post Threat Modeling (S02E15) – Application Security PodCast appeared first on Security Journey Podcasts.

Robert and I try a new format talking about a few topics per episode. We talk about changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing. We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates. The post Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10) – Application Security PodCast appeared first on Security Journey Podcasts.

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is one of the most used projects at OWASP. With the current team headed by Bruce Mayhew, Nanne Baars and Jason White, work is moving forward on the creation of new content for creating training lessons for application security. I talked with Bruce and team about what they've done with the latest update and what they hope to accomplish in the coming year.

The OWASP ModSecurity Core Rule Set Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application. Chaim Sanders,Ryan Barnett, Christian Folini and Walter Hop are the team coordinating the project. During 2016 AppSec USA, I spoke with Chaim about the purpose of the project, the work work done in the past year, the upcoming release and what the team hopes to accomplish in 2017. https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

OWASP Global Board Member Matt Konda discuss with host Kevin Greene what to expect from this year’s AppSec USA conference.

From October 11 - 14, 2016, appsec professionals from around the world will gather in Washington DC to participate in one of this year's main OWASP events, AppSec USA 2016. In this broadcast, I speak with three organizers of the event (Andrew Weidenhamer, Mike McCabe, Patrick Cooley )to get insight as to what to anticipate at the conference, the unique qualities of an AppSec USA event, and a sneak peek at the sessions that will be given over the 4 day event.

In this episode, Jim Manico turns the tables on me for for his 100th podcast. He digs into my past, asks about my motivations for participating in OWASP, inquires on what I hope to accomplish through the series and how DevOps and security can be part of a single conversation when it comes to the software supply chain. Mark Miller is the Senior Storyteller and Developer Evangelist for Sonatype. He is the curator of TheNexus Community Project, while participating in DevOps and security conferences as a frequent panel host. He recently helped build the DevOps track for RSAC Conference 2016, InfoSec Europe 2016 and is working on the DevOps track for AppSecUSA 2016, this fall in Washington, DC. Mark's most recent project is "An Innovator's Journey to DevOps", a series of interviews and profiles highlighting important people and DevOps projects that deserve more exposure. You can listen to that series at www.sonatype.com/devops-an-innova…journey-sonatype

There's been a lot of discussion around the OWASP Benchmark Project since it's latest release. Jeff Williams wrote an article and then received a response from Chris Wysopal at Veracode. I was able to catch up with Dave Wichers, OWASP Project Lead, during AppSecUSA 2015 in San Francisco. I had Dave talk me through the project and what its intentions are. Resources: OWASP Benchmark Project https://www.owasp.org/index.php/Benchmark Why it's Insane to Trust Static Analysis http://www.darkreading.com/vulnerabilities---threats/why-its-insane-to-trust-static-analysis/a/d-id/1322274? No One Technology is a Silver Bullet https://www.veracode.com/blog/2015/09/no-one-technology-silver-bullet

The Security Shepherd Project is a mobile web application training platform for penetration testing. It covers the OWASP Top 10 risks from both the mobile and web projects. This recording was made at AppSecUSA 2015 during the Project Summit.

When I was at AppSecUSA 2015 in San Francisco, I was standing in the hallway talking with Matt Tesauro, Shannon Lietz and Jez Humble. We decide that our discussion was interesting enough to continue, so we grab a room and just started talking. Heads up: There are basic audio problems with the recording, such as some background hiss and some high frequency whining (not from us, from the lights overhead!). It was an interesting discussion about real world scenarios that the three have seen in different environments, with solutions for those issues. There's an important summary that starts at 34 minutes where each of them specifies the most important things they'd like you to take away from the discussion.

This year's AppSec USA Conference will be held in San Francisco, September 22 - 25. I spoke with Ben Hagen and Michael Coates, organizers of the event, to see how the planning is going and what will be special about this event. https://2015.appsecusa.org/

During a meeting at AppSec USA 2014 in Denver, the SWAMP team presented its case for working with OWASP to support a marketplace for security tools. I sat down with Kevin E. Greene from DHS S&T, Cybersecurity Division to talk about what SWAMP is an how OWASP and its various projects might become involved. About Kevin E. Greene Software Assurance Program Manager responsible for oversight and management of research and development projects focused on improving the testing, analysis, and evaluation techniques used in software quality assurance tools. In addition, responsible for building a Software Assurance Marketplace (SWAMP) which will provide continuous software assurance services. The SWAMP (www.cosalab.org) will serve as a national marketplace that will provide a collaborative research infrastructure to advance improvements in software development activities, as well as improvements in software quality assurance tools in the area of precision, soundness, and scalability.

I was able to get a quick update from Damon, Matt, Eoin and Martin this week at AppSec USA 2014 Denver. They each have a different perspective on what is going with OWASP in different parts of the world. Have a listen...

We talk to Marisa Fagan from Bugcrowd about the upcoming "Bug Bash" events at OWASP AppSec USA and BruCON More information about the AppSec USA 2014 "Bug Bash" can be found here --> https://2014.appsecusa.org/2014/speaker/bugbash/ More information about the BruCON "Bug Bash" can be found here --> http://2014.brucon.org/index.php/The_Bug_Bash

Mark Arnold helps run a very successful OWASP chapter in Boston. In this extended discussion, I talk with Mark about why the chapter is doing so well, what lessons others could learn from his chapter's success and what he would like to see happen to gain a broader audience for the group. About Mark Arnold Mark Arnold is Director of Information Security for PTC, a global leader helping companies achieve and sustain service and product advantage. He has served in various security roles and capacities across multiple industries and as a security consultant. Mark continues to provide leadership by serving on a mix of technology (OWASP Boston, Risk I/O/CISO Advisor) and community boards. He helped launch the Boston Application Security Conference, an OWASP event, as a way to promote application security to local area college/university and secondary school students. Mark advocates bridging the digital and technical divide, supporting various STEM initiatives and encouraging increased minority and gender representation in the security field and its disciplines. He holds a BSEE from Stanford University, MDiv from Princeton Seminary, AM/PhD degrees from Harvard University, and industry certifications.

"I am a developer and one of the things I hate are code reviews." -- Larry Conklin Larry Conklin is a developer and as a developer, he HATES code reviews. Because of this, he now heads the OWASP "Code Review Book" project which is creating a definitive guideline that allows companies to proceed with code reviews based upon technical facts, not emotions or intuition. I spoke with Larry at AppSec USA 2014. Dennis Groves was also there, so you'll hear him interject with a question in the middle of the program. About Larry Conklin Larry Conklin's current emphasis is in Microsoft .NET technologies including C#, VB.NET, and SQL Server. Recent project experiences include converting legacy VB software to .NET, creating and maintaining operational support web sites to help QuikTrip manage it’s 600+ stores

"For an organization to really mature around application security, they need to be building security into their software from day one." -- Jim Manico Jim Manico started the OWASP podcast series in 2008. In that time, he has recorded close to 100 interviews to keep the community updated on the lastest project development within OWASP. As Jim reaches his 100th episode, he reminisces about how the series was started, what his original vision was and what he's going to do now that he has passed the reins over and moves on to other projects. We start with a question about the origins of the project and how it grew. "It's easy to talk about to talk about the 'purity' of software development, but managing a fleet of already insecure apps is an equally difficult problem." -- Jim Manico About Jim Manico Jim Manico wasl elected as an OWASP Global Board Member as of January 1, 2013. He been an active member of OWASP since 2008. He is the VP of Security Architecture at WhiteHat Security. Jim's main passion at OWASP is supporting projects that help developers write secure code.

"There are a lot of security flaws in websites like Facebook and WordPress applications. Most of those flaws are because the developers first create the application and then consider the security." -- Abbas Naderi PHP is one of the most used programming languages for the web. The problem with PHP has always been that it's easy to get started programming with PHP, but that's also one of its biggest flaws when considering application security. Abbas Naderi leads the OWASP PHP Security Project, which is a sample framework to demonstrate proper usage of the tools and libraries, as well as providing guidelines for new PHP projects. In this segment of OWASP 24/7, I talk with Abbas about the PHPSEC project as well as one of his other project, RBAC. About Abbas Naderi Abbas Naderi Afooshteh is a renowned security expert in the middle east, he has ranked first in many national and global CTFs and has been in the field for more than 8 years. He is the current Iran Chapter Leader at OWASP, and has 5 years of activity in OWASP resulting in many projects such as OWASP RBAC Project, OWASP PHP Security Project, OWASP WebGoatPHP Project and etc. He has participated in many other projects such as Cheat Sheets and ESAPI. Abbas has studied software engineering and information technology in his BS and MS and is now going to CMU to study Information Security for MS+PhD. He spends many hours daily leading OWASP projects and mentoring new enthusiastics that join projects, as well as shaping bright ideas into OWASP projects.More can be found at https://abiusx.com/cv

"You can't automate all tests. There are a lot of things you can't find automatically. You have to have somebody who knows what they are looking for." -- Simon Bennetts In today's segment, I talk with Simon Bennetts, project lead for the OWASP Zed Attack Proxy Project or "ZAP" for short. Simon is working on a user friendly tool for integrated penetration testing of web applications. Our discussion took place at AppSec USA 2013. We begin with an overview of the ZAP project and talk about how it came about. About Simon Bennetts Simon Bennetts (a.k.a. Psiinon) has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them. He works for Mozilla as part of their Security Team. Some of the projects Simon works on: -- OWASP Zed Attack Proxy project lead -- OWASP Vulnerable Web Applications Directory Project joint project lead -- Mozilla Zest project lead -- Mozilla Plug-n-Hack joint project lead -- Bodge It Store project lead -- OWASP Web Application Security Testing Cheat Sheet joint author -- OWASP AppSensor contributor -- wavsep contributor -- OWASP Data Exchange Format project lead (currently inactive)

Michael Coates has a vision: smart applications that come to their own defense. "We need to get to that point where we realize that our apps are in a military zone, they are being attacked all the time." -- Michael Coates In this segment of OWASP 24/7, I speak with Michael Coates, Chairman of the OWASP Board and the founder of the AppSensor Project. Michael's contention is that applications should be smarter, that an app should "know" when it is being attacked and have a proactive, built-in response. We discuss the AppSensor project in depth: what is it, why was it created. We start our discussion with the background and reasoning behind the project. "The real damage is when they know how your application works. They attack your business logic. They do things to violate the custom aspects of your application." -- Michael Coates About Michael Coates Michael Coates is the Chairman of the OWASP board. In addition, he is the creator of OWASP AppSensor, a project dedicated to creating attack aware applications that leverage real time detection and response capabilities. Michael is also the Director of Product Security at Shape Security, a Silicon Valley startup developing an entirely new type of web security product to protect web sites against modern attacks. Previously, Michael was the Director of Security Assurance at Mozilla where he founded and grew the Security Assurance and Web Security programs to 25 people. Throughout Michael's career he has advised major corporations and governments on secure architecture and software security. He’s also performed hundreds of technical security assessments for financial, enterprise, and cellular customers worldwide. Michael also maintains a security blog at michael-coates.blogspot.com Michael holds a Master of Science degree in Computer, Information and Network Security from DePaul University and a Bachelor of Science degree in Computer Science from the University of Illinois at Urbana-Champaign.

"The CISCO Guide provides guidance and visibility to CISOs on how to initiate an application security program, how to make the business case, how to manage the risks of applications and how to measure the those risks. The guide is structured as a journey, because application security is not a destination, it is a journey." Marco Marona Marco Marona, is the coordinator of the OWASP Application Security Guide For CISOs Project and Tobias Gondrom is the project lead for the OWASP CISO Survey. They have combined resources to provide us when a CISO framework for implementing an application security program. During our discussion at AppSec USA 2013, we talked about the origin of the projects and how they can be used to make a business case for application security. "If you have a security strategy that is about a two year time frame, you have a higher chance of increasing your application security investments.The question is then, 'How do you write that strategy?' That question is answered in the CISO Guide." -- Tobias Gondrom I start by asking Marco about the purpose of the CISO Guide.

Last week at AppSec USA in New York City (November 20, 2013), I moderated a panel with Jeff Williams and Ryan Berg talking about the latest addition to the OWASP Top 10, Using Components with Known Vulnerabilities. This is the full recording of that session.

Many people in the OWASP community don't know Dennis Groves... and that's a surprise since he is one of the co-founders of the movement. I was able to catch up with Dennis at AppSec USA in New York City (November 19, 2013) and we had an interesting discussion about the beginnings of OWASP and what he sees in the future. Highlights of our Discussion * The event that triggered the inspiration for OWASP * The original purpose of OWASP * The use of OWASP as a de facto standard * Future vision for OWASP * The dilemma of community obligation About Dennis Groves Dennis Groves's work focuses on a multidisciplinary approach to risk management. He is particularly interested in risk, randomness, and uncertainty. He holds an MSc in Information Security from the University of Royal Holloway where his thesis received a distinction. He is currently a UK expert for the UK mirror of ISO subcommittee 27, IT Security Techniques, working group 4, Security Controls and Services at the British Standards Institute. He is most well known for co-founding OWASP. His contributions to OWASP include the ‘OWASP Guide (v1)’ downloaded over 2 million times; now a reference document in the PCI DSS standard, and the de-facto standard for securing web applications. He is a thought leader in the web application security space, where he has spent the last decade of his career. Dennis Groves has been an Security Architect, Ethical Hacker, Web Application Security Consultant, IT Security Consultant, System Administrator, Network Administrator, and a Software Engineer. He has taught various courses on information security and is best known for his ability to bring fresh insight to difficult security problems. Specialties:Risk Management, Threat Modeling, Security Architecture, Application Security, and "the big picture".

On today's segment, we're going to take a different approach from our normal format. I was at the AppSec USA Conference in New York City last week and was asked to chair a panel for the game show "Wait, wait... don't pwn me!". This is the full recording of the session. As you listen, keep in mind, every situation described within the game is true. Let's start first with the introductions of Chris Eng, Josh Corman and Space Rogue.

In this segment, I talk with Tom Brennan, the organizer of AppSecUSA 2013 in New York City. The conversation centers around what's going on in New York, why Tom took on the project and what makes AppSec conferences special. About Tom Brannen Tom Brennan is volunteer to the OWASP Foundation since 2004 when he founded the New Jersey Chapter after serving on the Board of Directors for the FBI Infragard program in New Jersey. The NJ OWASP Chapter later merged with the New York City Chapter in 2006. Tom was appointed to the Global Board of Directors in 2007 by his peers and was re-elected by the membership in 2012 for another two year term. During his leadership of OWASP Foundation he has led many global and local initiatives for OWASP including governance, fund raising via conferences and membership and business marketing.

Episode 0x2F things happen Anyone else think that it would be nice if life had a bit of regularity? Upcoming this week... Lots of News Kittens Breaches SCADA / Cyber, cyber... etc. finishing it off with DERPs/Mailbag and And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Researcher's say Tor targeted by malware that phones home to the NSA... Or not maybe... Lavabit shuts down, cuts off nose to spite NSA's face Silent Circle follows suit Hitting The Panic Button Breaches wifi baby monitors a bit hackable (surprise!!!!) Visa's alert of possible data breach impacts Rivermark Credit Union members SCADA / Cyber, cyber... etc US promises not to spy on the German - will stay besties for eva until some pops the 99 red balloons (again) DERP Source: New York Times Website Hit by Cyber Attack IAB urges people to stop “Mozilla from hijacking the Internet” Mailbag Noob Advice? I just recently started listening to the podcast as I'm only now discovering the infosec field, so first off, I'd like to say thank you for making this resource freely available. Now for my question; I am an incoming college freshman (Computer Science) and am at a sort of crossroads. If I wanted to put myself in the best possible position for a successful career in the infosec field, is the military a viable option? I have the option of joining ROTC in school, and I would have to commit to this if I decided to peruse that path. My long term goal would be to work for an intelligence agency in the federal government. If I was to leave the military or not pursue federal work, do most private companies hire employees with active duty military experience? Or would remaining a civilian throughout school present me with more opportunities? -Shane Non-Noob Response The answer is absolutely. Active duty military is a plus when getting hired. I would suggest finding a profession that you like and can enjoy such as intelligence, networking, or information security jobs inside the service. I for one wouldn't be where I am today without the help of being in the military. Gave me the focus, experience, and opportunity to break through in the private sector. Dave Kennedy - SET, TrustedSec, Derbycon, Awesome Briefly -- NO ARGUING OR DISCUSSION ALLOWED Stay tuned for "The Myrcurial Fund" PoC||GTFO Hacking mifare cards Every Important Person In Bitcoin Just Got Subpoenaed By New York's Financial Regulator Liquidmatrix Staff Projects The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: Dave will be attending Derbycon, in Chicago, Hackfest in Quebec City and AppSecUSA in NY. James will be speaking at Derbycon and Hackfest in Quebec. James, Ben and Dave will be joined by Mike Rothman for SecTor 2013's return of the (canadian) fail panel. And Wil is going to be a dirty hippy out in the desert at Burning Man, but back and showered in time for BSidesTO and SecTor. Hackfest registration is open BSides Toronto!!!! Use discount code liquidmatrix-2013 to receive 10% off the registration price. Can't attend the full conference? Use code liquidmatrix-expo2013 to gain free access to the expo ($50 value).SecTor 2013 In Closing Word of the Week -- cyber-spatula Movie Review -- The Nutty Professor 2 everyday is CTF! go set up a team Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: the lost episode 2E was legen.... wait for it.... wait for it... wait for it... Creative Commons license: BY-NC-SA