BSides Austin 2018

If there is such as skills gap for information security professionals then why are some professionals having trouble finding work? It takes more than technical, red team or blue team skills to get a job; many companies need to find the "right match" that fits in with their culture and can deliver true business value.

This presentation will provide tips on improving your job search techniques. It will present information from a business perspective on how to improve your "soft" skills so that you may more effectively communicate your qualifications to a hiring manager. It will also recommend what to do--and not do--to separate yourself from other candidates.

We live our lives in a gadget-orientated age which provides convenience that borders on magical. However, these magical times are not always filled with awe-inspiring wizardry, as we very rarely pull back the curtain to reveal what is there. A quick glimpse of the modern world shows us that a wide range of benign tools and situations can be weaponized.

Join Aaron Crawford of Insider Security Agency as he leads a discussion about the process of operational security regarding the weaponizing of everyday devices found around the office or at conferences. Learn how common devices and scenarios are weaponized by attackers. Having successfully conducted red team engagements on nearly every continent, Aaron demonstrates that it is easier to think inside the box for the win. At no other time is this more evident than this talk as Aaron unveils an entirely new and unstoppable attack vector.

The EU's General Data Protection Regulation (GDPR) is coming into force this May, with a comprehensive approach to protecting the privacy of European consumers and employees. With its global (!) reach and potential fines of up to twenty (20) million Euros or more, multinational organizations advertising services to (or otherwise profiling) Europeans are scrambling to become compliant. We will provide a high-level overview of the regulation, and then dive into details on the embedded user rights and "Privacy by Design" criteria.

Attendees will acquire a practical understanding of the principles that inform how users' personal information should be managed in accordance with norms that are becoming more prominent in compliance frameworks across the world.

osquery is an open-source endpoint-solution that is gaining a lot of traction. In this talk, we want to share our experience deploying osquery to a fleet of over 35,000 endpoints. In addition, we discuss the trials and tribulations of managing that deployment, getting Kolide (endpoint management) up and running, as well as writing all of this great data to an AWS Kinesis stream.