BlackHat | DefCon 2013 – The SecBarbie Backup Buddies

July 26, 2013


In the past years there has been a great deal of attention paid to the treatment and incidents involving females at conferences. Instead of just addressing problems after the fact, this is my attempted answer to speaking to potential issues and offering at least somewhat of a solution.

I truly love this community and the amazing experience that the conferences can be, and I want to do my part to ensuring everyone (from industry to journalists and everyone in-between) has the most positive experience that they can.

For the 2013 week of BlackHat + DEFCON, I am offering up my time and efforts to help. If you are or you know someone, especially (but not only) female, who is new to the conferences or might need a friendly hand, give them this number:


I have setup this to contact me via voice and text during the conference so I can help assist people who find themselves uncomfortable, need a friend to talk to about something that happened, are in a situation that is turning bad that need some assistance, or need some first-time attendee guidance. Anyone who reaches out will have their information kept confidential and not shared unless the individual wishes for me to speak on their behalf.

If for some reason I can’t get to you personally, I will respond with a trusted helping hand to help you as much as possible.

This number is not:

  • A party-info line. I can’t get you into parties.
  • A general conference information line. Google and conference staffs are there for you for general info.
  • A phishing expedition.
  •  1-900-CHATROOM.
  • “I just wanted to see what’s up”

This number is for situations such as:

  • I need help with or someone to talk to in confidence about an inappropriate situation that is developing or has occurred.
  • It’s my first conference and I feel absolutely alone or am having an absolutely horrid experience.

We’ll see how this experience goes this year, and I may expand this to other conferences if positive. Please don’t be “that guy/girl” who abuses the number or thinks it’s funny to crank call. Go crank call rooms at the Rio instead ;) .

If you are trusting, friendly, and want to help others, send an email to backups at

DJ Stuff

DJ SET: 312 Conference Mix 2013

July 17, 2013
[soundcloud url="" params="auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true" width="100%" height="450" iframe="true" /]

Something from the pre-Security Summer Camp 2013

InfoSec Issues

Healthcare security – My recent experience

March 16, 2013

There is always human error, and I’m sure that this is not uncommon in hand written charts, but here is a disturbing fact. When I recently went to my doctor, she was going over my past vital stats from past charts from other appointments with me. She mentioned one particular date from last summer that I KNEW that I was never there, it was  the day of my mother’s funeral, so I have full confidence what I was doing that day.

To make matters a bit worse, and this is pure human error, when my doctor left the room, she did not log out of the system. All my information was left up on the screen, I had every opportunity to play with the information if I so desired (or other people’s information for that matter). Being as I do not care to have my healthcare information tampered with, I locked the screen for her.

We have so very far to go, but it does beg the question…. What else is not accurate?


SecBarbie’s 5 Simple Rules for Black Hat / Defcon 2012

July 23, 2012

1. Don’t be a disrespectful! (this is a place for all of us to converge and share ideas/thoughts/research/make the world a little bit better!

2. It’s Vegas, know where you are traveling to! (It’s called SinCity for a reason… these conferences are not being held at Disney World! Be prepared for scantily clad women, and guys being ‘guys’ so-to-speak …. Even when the women are attendees of the con. *more about this below).

3. Remember that there is always a support system, if things are out of hand, look for a conference staff (Blackhat shirts, Goons, whomever). (People who work the conference know how to get you in touch with the right people to help!)

4. Don’t leave your drink anywhere! (This is common-sense for nightlife, but just needs to be said!)

5. ALWAYS be in control of yourself! (You ARE in control of your consumption, remember to know your limits… hydrate, and have fun!)

*In regards to ” guys being ‘guys’ so-to-speak …. Even when the women are attendees of the con” – I am not condoning disrespectful behavior, but some people in the community are just downright making it hard for others!

Disagree at-will, but here are my beefs:

  • Looking sexy isn’t a crime, nor is it an invitation for unwanted (UNWANTED DEFINED: advances in which people have already told you to chill out and/or grab-ass with people you do not have that type of relationship with!) advances.
  • One person’s opinion of inappropriate or appropriate is not the others!
  • There are some women who make it hard for all women (re: Sales women without scruples/class, scene wh*R3s, etc)!
  • Everyone in the hacker/security community are vastly different in tolerance levels/social graces/etc…. We cannot judge them all the same!

NOTE ABOUT RED-CARD ISSUE: I have done a few gender panels, and I agree that there needs to be change, but I fear that that this will make it into a game, and it is not going to solve anything. I submitted (with the help of a lot of females in the industry) Gender talks to quite a few major conferences and the conferences are not ready to discuss this yet. In my opinion, that is where it needs to start. It doesn’t need to be me, but it needs to be a voice of a cross-section of  women in the space to start the bigger conversation! Special thanks goes out to everyone on the #FAIL panel at Defcon, as they always try to help!


Gender Issues

It all started with a Pillow Fight….

February 9, 2012


At least the friendships did, and through the conversations over on the BSides threads that have been going on for sometime now, the direction has changed to history. Even though there has been much controversy around BSides, it is time that it moves forward with the ideas and principles that it was set out with. One of the ideas of BSides was being the opportunity to get talks/presentations to the public that the “big-box” conferences would never accept.

In 2009 for DefCon 17 a group of us girls (Ladies, Women, whatever makes you happy to be called… I prefer girls in this context) were planning a “Sec-y Pillowfight” to support EFF. What a mess this became as it brought into question how we view females and especially how females are treated and viewed in the InfoSec field. It was because of the first BSidesLV being planned that the idea of a panel discussion (Feathers will fly Panel! – Professional Image and Gender Issues for Women in Security) about the Pillowfight and the gender issues around it came to be. I knew a few of the people already that were going to be on the panel, like Jennifer Jabbusch @jjx and Stacy Thayer @StacyThayer,  but it was because of the collaboration that I became friends with four other incredible women in information security (Leigh HoneywellLeigh HollowellNicolle Neulist, and Magen Hughes)! The idea sharing and discussions have lasted far past the first panel, and well into today.

This is what SecurityBSides is to me. SecurityBSides is an opportunity to share ideas, have open dialogue with presenters during presentations, bring about new ideas, and foster lifelong friendships (professional and otherwise).

The idea of BSides will live far beyond the brand because the entire community is what creates the heartbeat of BSides. Yet, I would prefer the brand heal, as it is very special to a lot of us.


Security Summer-Camp – Part 1: The Talks

July 23, 2010

SecBarbie’s talk picks of the week:

Black Hat

Wednesday 1:45pm – 3pm

Augustus 1 & 2

Barnaby Jack – Jackpotting Automated Teller Machines Redux!

Wednesday 3:15pm – 4:30pm


Dan Kaminsky – Black Ops Of Fundamental Defense: Web Edition

Wednesday 4:45pm – 6pm

Augustus 5 & 6

Fyodor – Mastering the Nmap Scripting Engine

Milano 5 – 8

Alex Hutton / Allison Miller – Ushering in the Post-GRC World: Applied Threat Modeling

Thursday 10am – 11am

Augustus 3 & 4

Chris Hoff – Cloudinomicon: Idepotent Infrastructure, Survivable Systems & Bringing   Sexy Back to Information Centricity

Thursday 11:15am – 12:30pm


Cesar Cerrudo – Token Kidnapping’s Revenge

Forum 25

Lee Kushner, Mike Murray   –  Your Career = Your Business

Milano 5 – 8

Tiffany Rad – The DMCA & ACTA vs. Academic & Professional Research: How Misuse   of this Intellectual Property Legislation Chills Research, Disclosure and   Innovation

Thursday 3:15pm – 4:30pm

Milano 1 – 4

Samy Kamkar – How I met your girlfriend

Wednesday also has the Cloud Security Alliance Summit with some pretty amazing, insightful, and wicked cool folks such as:

Chris Hoff   –   Cloudersize Keynote

Josh Pennell   –   Hacking the Hypervisor 2010

Steve Riley   –   Security and compliance in the Amazon cloud


Security BSides – Las Vegas 2010

I can’t even begin to pick the Security BSides talks (special mention to the InfoSec Mentor Panel that I’ll be on Wednesday at 6pm) as I would whole-heartedly endorse all of them. Bravo to the talk selection guys! So, here is the BSides Schedule:


On The Keys



10:00 AM David Rook Injecting Simplicity not SQL Daniel Molina Top 10 Things IT is Doing to Enable CyberCrime
11:00 AM Ryan Linn Multi-Player MetaSploit Will Gragido Through the rabbit hole: An Expose of Darknets and the Onion Routed Underground
12:00 PM Christopher E. Pogue Sniper Forensics Gene Kim Mobilizing the PCI Resistance: Lessons Learned From Fighting Prior Wars (SOX-404)
01:00 PM Chris Lytle, 

Leigh Hollowell

CCDC Andrew Hay, 

Chris Nickerson

Building Bridges –  Forcing Hackers and Business to Hug it Out
02:00 PM Sean-Paul Correll, 

Luis Corrons

Catch That Butterfly: Stopping Mariposa in its Tracks and Revealing a Growing Underground Network of Amateur Hackers Vik Phatak ExploitHub: Arming the Pen Testers to Plug the Holes
03:00 PM Dave Kennedy (Rel1K) SET 0.6 release with special PHUKD Key Paul Judge, David Maynor The Dark side of Twitter, Measuring and Analyzing Malicious Activity on Twitter
04:00 PM frank^2 Fuck Tools, Do It yourself Jerk Grecs Infosec Communities for Career Success: Understanding, Participating, and Cooking One Up
05:00 PM Jabra Joseph Sokoly Infosec Young and Restless
06:00 PM Jim MacLeod Stupid IP Tables Tricks INFOSEC Mentoring, Mentee-ing Panel
10:00 AM Jimmy Shah Mobile Hackery Josh Corman, Dennis Fisher, HD Moore, Jack Daniel InfoSec Speed Debates
11:00 AM Egyp7 Beyond r57 Chris Sumner Social Network Special Ops
12:00 PM HDM Fun with VxWorks Frank Breedijk, Ian Southam The road to hell is paved with best practices
01:00 PM Davi Ottenheimer Keypad Bypass Hacks Bruce Potter How to Make Network Diagrams that Don’t Suck
02:00 PM Zach Lanier It Melts In Your Hand: An Overview of Security (Failures) In Mobile Applications Eric Smith Roman Profiles : The 6 Mistakes of
03:00 PM Ray Kelly A mechanics view of SQL injection ValSmith Social Engineering the CFP Process
04:00 PM Moxie Marlinspike How technology killed my heroes, and why they will never be born again Chris Roberts Planes, Trains and Automobiles: (OK, Cars and Buses)
05:00 PM Jason Ross Who Owns the Internet? AKA: Where did all that cyberspace go? Andre Gironda App Assessments Reloaded


DefCon 18

Friday 1pm – 2pm

Track 4

Dennis Brown – How Hackers Won the Zombie Apocalypse

Friday 2pm – 3pm

Track 3

Jim Rennie, Eric Rachner – Search & Seizure & Golfballs

Friday 3pm – 3:30pm

Track 5

Righter Kunkel – Air Traffic Control Insecurity 2.0


Friday 4pm – 5pm

Track 4

Tottenkoph – An Introduction to Virtual Graffiti

Friday 5pm – 6pm

Track 2

Sumit Siddharth – Hacking Oracle from Web Apps

Friday 6pm – 6:20pm

Track 5

Marisa Fagan – Be A MENTOR!

Friday 9pm – ???pm

Track 1

Hacker Jeopardy!!!!!!!      – Bring Booze!

Saturday 10am – 11am

Track 2

Jeremy Brown – Exploiting SCADA Systems

Saturday 10am – 11am

Track 4

Chris Paget – Extreme-range RFID Tracking

Saturday 11am – 12pm

Track 4

Barnaby Jack – Jackpotting Automated Teller Machines Redux!

Saturday 12pm – 1pm

Track 1

Nicholas Percoco, Christian Papathanasiou – “This is not the Droid you’re looking for..”

Saturday 1pm – 2pm

Track 1

frank^2 – Trolling Reverse-Engineers with Math: Ness…. It Hurts…

Saturday 3pm – 4pm

Track 2

James Arlen – SCADA and ICS for Security Experts: How to avoid Cyberduchery

Saturday 3pm – 4pm

Track 5

Garry Pejski – My Life as a Spyware Developer


Saturday 4pm – 5pm

Track 4

Jayson Street – Deceiving the Heavens to Cross the Sea: Using the 26 stratagems for Social Engineering


Saturday 5pm – 6pm

Track 4

Leigh Honeywell, follower – Physical Computing, Virtual Security: Adding the Arduino Microcontroller Development Environment to your security toolbox

Saturday 7pm – 9pm

Track 5

DefCon Security Jam III: Now in 3D?

Saturday 10pm – ??pm

Track 4

10,000 Cent Pyramid

Sunday 10am – 11am

Track 4

Mike Bailey – Web Services we just don’t need

Sunday 11am –  12pm

Track 2

Valsmith, Colin Ames, Anthony Lai – Balancing the Pwn Trade Deficit

Sunday 1pm –  2pm

Track 5, rvd, vyrus, no maam – ChaosVPN for Playing CTFs

Sunday 2pm –  3pm

Track 3

David Smith, Samuel Petreski – A new approach to forensic methodology – !!BUSTED!! Case Studies

Sunday 4pm –  5pm

Track 1

The Suggmeister – Social Networking Special Ops: Extending Data Visualization Tools for Faster Pwnage


Sunday 5pm –  6pm

Track 1

Justin Morehouse, Tony Flick – Getting Social with the Smart Grid

Sunday 6pm


Please reclaim all lost livers here!



If you are NOT going to be in the melt-your-face-off land of Las Vegas next week, you can follow all of the action and some of the parties via my live-conference feed on twitter.

General Blog

2012 – A letter to my InfoSec friends

January 10, 2010

As I blow the dust off of Security Sociability from a 2011 that included three posts I must apologize to all who check this site from time to time. 2011 was a year that prompted a great deal of change for a number of people who I call friends in the security industry, but for myself was a year of great reflection on the industry, career, and life in general. Without getting sappy on everyone, there was a great deal of fun and education that occurred throughout 2011, and new friendships forged!

So what’s new in 2012? I feel a great deal of change about to occur this year, with the beginning being the updated Security Conference list on this site. 2012 dates for conferences have been updated, as always additions will be added throughout the year as events unfold. Additionally, 2012 is the year of content for Security Sociability, vacation time is over for me! So let’s bring forth the new year!

As we all learn from the past and progress to our future, I employ you all to make a difference and reach out from the echo chamber!