44CON 2019 Assistance Programme

Last year we launched an Assistance programme with 8 sponsored tickets. This year, thanks to the generosity of sponsors, there are 13 assistance tickets up for grabs. These include full access to 44CON, 2 nights accommodation and some added extras thrown in too.

The 2019 Assistance sponsors include:

Continue reading “44CON 2019 Assistance Programme”

Building a Safe Space for Security Research

We set up a YouTube channel back in 2011, but switched to Vimeo in 2012. Earlier this year we started to move videos from our paid Vimeo account to YouTube.
 
Back in April, YouTube changed their policies to describe the following as “Harmful or dangerous content
 
Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data.
 
There’s a difference between malicious and instructional content. YouTube doesn’t seem to have made that distinction clear. Several security research channels have now experienced strikes and suspensions. As a security research conference, we want to upload all of our filmed content, including instructional workshops and talks. It’s not realistic to only upload defensive security videos, nor is it wise. The offensive research content is often instrumental for defenders as it shows them what they need to defend against. This leaves us in an awkward position with youtube, because of what we do.
 

Continue reading “Building a Safe Space for Security Research”

Building a cloud security training platform – Pt 5: Counting The Cost

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3. And as you might expect, I incorporated lots of security features, and wrote about them in Part 4.

In this last blog of the series, you’ll hear about a lost USB key, the bill, feedback to Amazon and their response. Continue reading “Building a cloud security training platform – Pt 5: Counting The Cost”

Building a cloud security training platform – Pt 4: Security Features

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.
That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.
I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3. Continue reading “Building a cloud security training platform – Pt 4: Security Features”

What Now For The 44CON CFP?

A couple of years ago we wrote a blog post about what happens once the CFP closes. Much has changed since then, so we thought we’d write something up to date.

What The CFP?

Most of what happens today is basically the same as back in 2017. We now have our own CFP platform (Gambit), handling submissions and reviews. Aidan and I run the CFP platform and process, with help from Marizel, Sam, Nathalie and our review panel.

We have 100-200 submissions a year, mostly in the last week and the last day. We expect a slight reduction in 2019 submissions due to Brexit-related uncertainty. Submission quality mostly follows a classical bell curve, with most talks being reasonable, some being outstanding and a few being a bit meh. Sadly, we don’t have 100-200 speaking slots. This means that we have to conduct some form of triage. We use a panel of former speakers, people involved in other events and longstanding attendees to select talks. Continue reading “What Now For The 44CON CFP?”

Building a cloud security training platform – Pt 3: Automated User Setup

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. If you enjoy this, don’t forget to check out parts 1, 2, and 4 in this series. Thanks, Paul!

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

I built the supporting infrastructure in AWS using Terraform – a great tool for infrastructure as code – see Part 2 for more details and screenshots. Continue reading “Building a cloud security training platform – Pt 3: Automated User Setup”

4 New 44CON 2018 Videos

We’ve added another 4 videos from 44CON 2018 to 44CON TV. Our older conf talk videos are also moving over to the channel. If you want them in your YouTube stream, don’t forget to subscribe to 44CON TV and click the bell. Once all the videos are up, we’ll start work on other ways to access our content. Lets see what’s new! Continue reading “4 New 44CON 2018 Videos”

September 2019 Training: What To Expect

Tickets for September training courses are now on sale in the shop. There are 9 courses to choose from so we thought we’d give you a quick run down in one place. Don’t forget we still have seats available for our June 6th/7th courses.

We’ll run a 44CONnect event on the evening of the 10th of September, to which all training attendees are invited. Training delegates also receive a substantial discount on conference tickets. Continue reading “September 2019 Training: What To Expect”

Building a cloud security training platform – Pt 2: Infrastructure As Code

This is a guest post by one of our trainers, Paul Schwarzenberger. Paul is running the fantastic Cloud Security and DevSecOps training course this June. He also has a blog where he talks about AWS, Cloud Security and DevSecOps. This is part of a series on how he’s built a platform to make things easier for those attending his training. Parts 1, 3 and 4 are also available. Thanks, Paul!

Continue reading “Building a cloud security training platform – Pt 2: Infrastructure As Code”