Kiwicon report - security conference turns ten
Kiwicon is Christmas for the information security (infosec) community. This year, a jolly Metlstorm (Adam Boileau) guided us through two days of infosec bliss including: unique security talks, physical & digital security challenges, fire, lasers, alien abductions, and an acapella rendition of Badger badger badger.
The Crüe (the group of friends who organize Kiwicon) have spent the last 10 years building a truly epic conference. What started 10 years ago as a few speakers and about 80 attendees in a university lecture theatre now fills the Michael Fowler Centre with well over 2000 infosec enthusiasts.
There are a few things that truly set Kiwicon apart:
- The energy and enthusiasm of the Crüe & volns (volunteers)
- The single track format so there is no concern about missing talks
- No vendor talks
- An incredibly friendly & inclusive environment (helped by a strong code of conduct & the Crüe's demonstrable willingness to stand up and enforce it)
This was my third year at Kiwicon. Every year I'm impressed at the breadth of topics and depth of knowledge presented, but this year the selection of talks was truly staggering. Talks like: subverting RFID building access cards, how internal security teams deal with international breaches, revealing 0day exploits (unpatched vulnerabilities), pushing the boundaries of what you can do with Docker, how your security team should be engaging with your developers, using radiation to break electronics, a brief but hilarious history of lock picking, subverting and breaking machine learning systems, remotely triggering those "push to exit" buttons, how Google defends their infrastructure at scale, and more. Much much more.
There was far too much incredible content to dig in with any depth here (I couldn't even list them all in the previous paragraph!). If you're keen to learn a bit more, I highly recommend checking out #kiwicon on Twitter for good discussion or you can review my Kiwicon live tweeting here. Obligatory warning: it's one long string of tweets. Extremely comprehensive and very, very long.
Even with all of the awesomeness, there was one talk that really hit me as having biggest impact for NZ tech professionals: New Zealand is finally getting a Computer Emergency Response Team (CERT)!! Having a CERT will be a big step forward for security in New Zealand and serve as a hub to organize & advise those involved in security incidents. If you're wondering why this is important, just look at the critical role CERT played in security expert Troy Hunt's disclosure of the Red Cross Blood Service data leak in Australia.
But really, the best thing about Kiwicon isn't the show, or the talks, or the events. But rather the diverse and phenomenally skilled people, and the atmosphere where you can stop and chat with anyone you meet. You learn a lot by listening to the talks, but you learn MUCH MORE when you later discuss these issues with a diverse group of other talented people. THAT, my friends, is the real value of Kiwicon.The talks serve as the impetus, but it's the discussions they create and personal connections that result that create a lasting impact.
Finally, let's address the elephant in the room. Much to everyone's dismay we learned that there would not be a Kiwicon 11. The Crüe is taking a well deserved year off before deciding what to do next. Word is that Kiwicon may rise again, but perhaps with a different format. I look forward to seeing what other cons are spawned in its absence and what Kiwicon might become in the future. In the meantime I'm pitching "@jpdanner's awesome craft beer and maybe some security con" (wordmark pending).
Be good to each other.
Jason is Co-Founder & Chief Beer Officer at Aerorock, managed IT services with legendary support
You must be logged in in order to post comments. Log In