Recently, I attended my first dedicated security conference – LASCON 2017.  I have been passionate about security for a number of years, but never had the time (or rather never made the time) to attend any related conferences.

The conference was held at the Norris Conference Center in Austin which is a nice venue with plenty of room for a conference of this size.

The short version is that I would highly recommend attending one of these conferences.  There are many local security conferences, the most common you will find are the BSides conferences that occur all over the world and are locally organized.  These conferences are not just for those who work primarily with a focus on InfoSec.  There is a lot of information that is applicable to software developers as well.

DevOps is a popular topic now days so it isn’t a surprise that there were many sessions related to this. I attended a session that discussed injected security reviews into the DevOps process.  I thought there were many good ideas and the Q&A was relevant to both admins and developers.  Some in the room were clearly managers of developers looking to inject security into there own workflows for development.

Another development related presentation that I attended had to do with dynamic versus static code analysis and how each can help uncover vulnerabilities in application code.

Other sessions that I attended discussed topics such as securing a Raspberry Pi home monitoring solution, social engineering with Facebook, and few sessions on Information Security Risk Assessment which is something that I have participated in on several occasions with clients.

The second day of the conference I decided to participate in the badge challenge.  This is sort of simple version of a CTF (capture the flag) challenge that is popular at InfoSec conferences. The challenge involved decoded a message on the back of the conference badges that led to the challenge of adding your name to a list on a web page.  I managed to finish with less than two hours to go until the end of the conference and was awarded with a nice LASCON 2017 challenge coin. I would definitely participate in another such challenge when I get the chance to do so.


There is a local Houston security conference that occurs every year or so called HOU.SEC.CON.  The next HOU.SEC.CON will be March 23, 2017.  

I have been wanting to make it for a few years but it seems like I always have a conflict.  This year, however, I will be able to make it and I am looking forward to it.

If you are interested in infosec and will be in the area, you should check it out.