Along with the Infosec Happy Hour, (a cathartic weekly bit of fun infosec therapy, every Friday during lockdown), The Beer Farmers created BeerCon2 because, with the current pandemic, the chances for new speakers to get a chance to speak at conferences has significantly reduced. I for, one, am incredibly thankful they gave us rookies an opportunity and the rest of this will be a rundown of things from my perspective of giving my first cybersecurity talk.<\/p>
Your 1st time might be daunting<\/h3>
The Beer Farmers had mentioned BeerCon2 and explained the reasons why. I thought this was an amazing initiative. Then they asked, \u201cwell where is your CFP\u201d? I was quite stunned at this. <\/p>
Although I\u2019d worked in dev for a long time and worked to bring security practices into my dev role, alongside my studies, I didn\u2019t think anyone would want to listen to anything I had to say. They were all very good at pushing me into giving my first talk on tech, let alone cyber, and I\u2019m very grateful they did. All I can say to anyone thinking about it but is unsure\u2026. DO IT. <\/p>
Send that CFP in. If someone else else has spoken about it, then still\u2026 DO IT. <\/p>
You have an interesting standpoint to share and no one else will have the same experience as you. <\/p>
The Talk: Using OPSEC And Social Engineering As AWOL (A Way of Life)<\/h3>
Looking at previous talks from them I thought of something that I thought would be fun and something that I had lived. So I chose a narrative around many years of DJing in night clubs while underage and some of the stories from that time. Well, what\u2019s that got to do with cybersecurity? It\u2019s kinda OPSEC and social engineering. In a way\u2026. Not really! A tenuous link, but at least it was something I thought I could talk about!<\/p> One thing that interested me when learning about social engineering was how you need to build trust in order to attack. I thought that if you think about chains of trust in humans, it\u2019s a bit like how certificates are trusted in Public Key Infrastructure (PKI). If you poison a Root Certificate Authority (CA), then other CAs will accept the poisoned certificate which can lead to things that should not be trusted, to being so. Let\u2019s consider that humans also have this tree of trust, a Human Key Infrastructure (HKI), perhaps. By using social engineering techniques, you can poison this HKI too meaning that you are trusted to do things that you shouldn\u2019t be. In this example it\u2019s being let into nightclubs underage, and getting to DJ at them. But it could also be someone in a business wishing to undertake corporate espionage.<\/p> Here\u2019s a link to the talk if you fancy watching it:<\/p>![\"\"\/](\"https:\/\/danconn.dev\/blog\/wp-content\/uploads\/2024\/07\/24707436-206a-48d0-8384-cc11ea1a6aba_2450x1382.png\")
<\/figure>