Tuesday, February 09, 2010

2nd annual security blogger summit

last week i attended the 2nd annual security blogger summit put on by panda security in madrid, spain and i figure i ought to share my experience for the benefit of those who may wind up going next year. a handful of people may be aware that this is not the first time a vendor has offered to fly me somewhere for some event they're putting on, and some might wonder why i agreed this time when the last time i refused on the grounds of maintaining my rabid independence. the answer is pretty straight-forward - at the security blogger summit you are actively chastised for mentioning any vendor by name, and nobody would argue that the attendees of the previous one (such as bruce schneier or andy willingham, for example) are in any way in panda's pocket. also, opportunity rarely knocks twice. at any rate, on with my story.

my flight was to leave pearson international airport in toronto at around 7pm on tuesday, february 2, so i arrived at the airport at 4pm (i like to arrive early because you never know what's going to happen). at the very entrance of the passage way to the gates (before getting to security at all) there was a guy basically reminding people of security restrictions and asking everyone who passed whether they were carrying any liquids, gels, or pastes. i had toothpaste with me and apparently this was a problem because in spite of the fact that the tube was nearly empty and obviously flattened all the way down to the cap this security guard was more interested in the original capacity of the container because he thought it might be too big. thankfully he found the label that said 90ml and that was an acceptable size, but i still needed to put it in a clear plastic bag.

next up was the actual security checkpoint. i learned some valuable lessons here, like taking off my boots before going through the metal detector. unfortunately my boots weren't the only thing to set off the metal detector, the zipper of my pants did too. even the security guard's wand was set off by my zipper (just a standard zipper on a normal pair of jeans by the way, nothing fancy or unusual). this was the only airport i went through on the entire trip where the equipment was so sensitive that it was set off by my zipper so (thankfully) it was the only time i got a pat-down on the front of my pants (yes, i'm aware that sounds a lot like i got groped by airport security - perhaps it even qualifies as precisely that).

following that was the big wait, because in spite of the trouble i had getting through security, my early arrival meant i still had plenty of time. more time than i had even banked on, apparently, because the plane was 15 minutes late. that shouldn't be a problem except i don't have a direct flight to my final destination. it still shouldn't be a problem because there's supposed to be an hour between the arrival of the first plane and the departure of the second, and even with that 15 minutes removed that still leaves 45 minutes so i wasn't worried and i enjoyed watching movies on the 7 hour flight to paris. as an aside, this had been the first time in 7 years that i'd been on a plane so the tiny screens in the back of the seats was quite a novelty. unfortunately, when we landed, i was informed by the flight crew that i had missed my connection and would have to see customer support to get the next flight. so i wait in line, and wait, and wait some more, only to be told that no, the flight hadn't left yet and if i hurried i might catch it (this is 2-3am my time by the way). so i hurried along until i was stopped at an access control point and asked what flight i was trying to get to and then informed that it really had left and so i went to the customer service desk conveniently located right there and got my boarding pass for the next flight.

that next flight was to be 3 hours later, a little after 12 noon, paris time (which made it after 6am my time). the gate, however, was a bus terminal - i'm now familiar with boarding a plane by bus, but that was the first time i'd heard about such things so in my sleep deprived mind i was rather confused. at any rate, i struggled to stay awake so that i wouldn't miss my bus and eventually it arrived and took us to our plane where we waited for takeoff. and we waited, and waited, and waited some more until the voice over the intercom informed us that the flight wouldn't be leaving as planned because the brakes were broken (of all the things that could break, it was the brakes). so we waited and waited and waited some more when the voice apologized for the delay and said they were still trying to figure out where the bus was to take us to another plane. eventually that bus arrived and we boarded it and headed off to the next plane but what struck me as curious was that that bus was being followed by another bus that displayed the flight information not for the flight i was on but for the subsequent flight to the same destination. that's right, i missed not one but two flights to spain and now they were going to try to squeeze 2 flights onto the same plane. thankfully that worked and i finally arrived in madrid, spain 5 hours later than my originally scheduled arrival time.

with that out of the way, i got offered a cab ride to my hotel (or what i thought was a cab, but not having seen spanish taxis yet i didn't realize that it was a more expensive option - and if their are any spanish cab drivers reading this, please make sure to print the cost clearly on the receipt rather than scribbling it so that i can actually read it and avoid you trying to explain that it's 79 euros without being able to say 79 in my language). once there i checked in, familiarized myself with the room, cleaned myself up and waited for the scheduled 9pm dinner with the others (there wasn't time for sleeping, at least not the kind of sleeping i needed after being awake for nearly 2 days). at 9 i wandered down to the lobby and had a nice meal with luis corrons, brian krebs, sean-paul correll and his girlfriend (whose name i can't recall - sorry), and josu franco; and we stayed in the hotel restaurant eating and talking until long after all the other hotel guests had left. i have no idea what time it was when that ended but i do know that when i finally got to bed i fell asleep immediately.

as hard as it was to pull that all-nighter, though, it worked perfectly because i had no trouble adjusting to the 6 hour time difference the following day. that's a good thing too, because that was the day of the main event, as well as a press conference in the morning. now those of you who are going to subsequent security blogger summits and who like to be surprised, you may want to skip the rest of this paragraph and the one following it because i'm going to share some of the surprises i experienced as the agenda for the event was a little vague about certain things. first the press conference: we had been told it was really more of a breakfast with journalists - well, ok, i've never been to either a press conference or a breakfast with journalists so from my perspective it was more a case of 3 of the english speaking panelists (brian krebs, joseph menn, and myself) presenting a synopsis of what we intended to talk about at the main event, while eating cookies and pastries. everything we said was then translated by our excellent translator matilda (sp?) and then the journalists asked questions which we answered and those answers were also translated back for the journalists. following that was a filmed Q&A with each of the 3 of us individually. following that was long lunch (they seem to like late, long lunches in spain) with most of the english and spanish panelists and after that was the main event, the summit itself.

i'm going to be brutally honest about this part - i was disappointed in my performance at the summit. i was too quiet. i have to admit, i was actually holding my tongue, even though i knew i should have been speaking more, but let me explain why. what neither the agenda for the event, nor the videos from last year's event hinted at was that the panel discussion was to be a 3 minute explanation of each panelists view of the state of security (i was thinking of going with the true nature of security and the security user conversion problem, but 3 minutes? oh, and hey i haven't even settled on a solution to the conversion problem yet) followed by a debate where each panelist with something to say had to get in line and wait their turn. and what a debate that turned out to be. everyone had their own opinion, the queue of people waiting to say their peace was never wanting for more bodies, and every time someone opened their mouth the direction of the discussion changed. that was a completely new experience for me and i'm afraid i was not able to adapt quickly enough. every time someone said something i thought i could comment on, my instincts told me i couldn't because by the time my turn in the queue would come the direction of the debate would have changed 3, 4, or even 5 times. in retrospect i realize that i should have ignored that instinct, that i wouldn't be doing anything worse to the continuity of the discussion than everyone else was already doing. unfortunately i realized that too late and i feel bad that i wound up not contributing as much to the discussion as i could have.

if you're at all curious how a discussion with people speaking different languages works from a logistical point of view, panda had apparently hired a team of translators to translate in (near) real-time over some headphones that were provided. there were translators for both languages so everyone got the full content of the discussion (though there were subtle things like "final user" instead of "end user" that make me wonder if, had engaged in a semantic debate over some point, i might be arguing over a minor mistranslation). it worked really well, although when yago jesus (who sat on my left) was speaking i found myself wishing the volume on my headphones went up to 11. following the debate was a Q&A with the audience, but that was pretty straight-forward, as was the networking following that.

the following day (friday) was a day-trip to bilbao to visit panda's lab. luis corrons and pedro bustamante gave brian krebs, joseph menn, and i 2 brief presentations about malware and cybercrime and then showed us around the lab, giving us brief demos of the internal tools and techniques used in the lab. now this was my first time in a virus lab (my first reaction was, wow this looks just like work only bigger) but after seeing what goes on there (there were a lot of familiar concepts in play) and thinking back to some of the things i written on my blog about what av vendors do, i can see how someone might get the impression that i've spent time in such a lab before. i haven't, of course - most of what i know is gathered from years of interacting with various anti-malware luminaries and the rest actually from university (for example, classifying something based on it's similarity to other already classified things - a malware lab does this with malware samples, but in school we did it with natural language text). because we weren't the normal sorts of people they do presentations for in the lab and actually already knew a fair bit about the subject the visit was much shorter than it might otherwise be and we had time to see some sights in bilbao with luis corrons, sean-paul correll, and javier merchan, and finally to have a late lunch on what was without question the best steak i've ever had. one of the others said that steak was ruined for them now but i take it as more of a challenge, i have something to aim for now. at any rate, once we flew back to madrid and i was back in my room i decided to do a bit of brainstorming and apparently lost all track of time because the next thing i knew it was after 11pm and i had been pacing my room for several hours (still trying to solve the security user conversion problem). i think the others had planned on doing something that evening but i missed it - oops.

saturday was a free day, nothing was planned, nobody was coming around to check up on us or anything like that. we were free do as we pleased, and so i wandered around madrid for 5 hours, getting lost then found then lost again in the big city. i would have stayed out longer but after the walking from the previous day, the pacing the previous night, and then 5 more hours of walking my legs were getting sore. i rested up a bit, let my legs start approaching normal again and then headed out to the prado national museum (of fine art, apparently). i had passed by it earlier in the day and someone told me it would be free from 6-8pm so i figured i should take a look inside. well, it turns out what i'd always figured was true - i'm a philistine. nothing really grabbed my attention for more than a few moments so i wound up seeing quite a bit of the inside of the place, zipping around from room to room, until i realized i was bored and headed back to the hotel early. there i called it quits because my legs were well and truly done by that point.

finally, sunday was the day to head back home. i opted for the subway as my transportation to the airport and i'm glad i did - 2 euros to go back as opposed to the 79 to get to the hotel in the first place. the trip home was basically uneventful, but i realized that in the 5-6 days i'd been traveling for the security blogger summit i had doubled the number of planes i'd ever been on in my entire life. i had a great time though, and panda showed us some amazing hospitality and took really good care of us. if i had it all to do over again i would. there's a couple of things i'd do differently, of course, but i'd definitely go.


pbust said...

Thank you for taking the time and making the effort to come over to spain. We definately appreciated having you here and sharing your views and deep knowledge of the AV issues. And don't worry about the panelist stuff, it was heated spanish discussion at its best!
Anyway, glad you liked the lab tools and the stake, to me that was the best part as well :)