When it comes to cybersecurity talent, the Idaho Falls area punches well above its weight class.
At both Idaho National Laboratory and Idaho State University, cybersecurity expertise goes back to the mid-1990s, even spanning generations in some families. “I’m willing to guess that Idaho Falls has the largest per capita number of cybersecurity people in the country,” said Rob Beason, a manager and engineer in the Infrastructure Assurance and Analysis division of INL’s National & Homeland Security directorate.
Nowhere was the talent pool more in evidence than at BSides Idaho Falls, held Sept. 20 and 21 at College of Eastern Idaho. An informal “nonconference” now in its second year, BSides Idaho Falls attracted 187 participants. That’s a number more likely to be seen in places like Nashville and Detroit, Beason said. Attendees came from as far away as San Francisco, Seattle and Calgary, Alberta.
“Everyone wanted to help us,” Beason said. “They said ‘Idaho Falls is the smallest city we’ve seen do this.’”
For the unfamiliar, BSides started 10 years ago when organizers of the computer security conference Black Hat 2009 told would-be presenters their submissions were of too limited interest to appeal to a wider audience. After some lamentation, most of it on Twitter, an idea took shape in the loosely knit cybersecurity information (CSI) community to come up with an alternative venue for talks.
In the years that followed, BSides gained a reputation worldwide as events where intelligent presentations and discussions could take place in a more relaxed atmosphere. From Seattle to Cyprus, BSides became the place where CSI people could proudly let their geek flags fly.
Although there had been talk for some time, Beason said the wheels for BSides Idaho Falls got rolling in 2017, when he, Lee Kearns, and Eric Burgan started laying out plans. Organizing help came from Boise, and as far away as San Francisco, Calgary and Delaware. INL’s Todd Keller and his wife, Tiffany, got involved as well. “They deserve a ton of recognition for this being a success,” Beason said. “I was ready to toss in the towel that first year and then they showed up to help.”
The first BSides Idaho Falls was enough of a success that they took their lessons learned and started planning a second for 2019.
INL was a key sponsor this year, with the Cybercore Integration Center paying the rental fee for space at CEI. But Beason said the idea has always been for BSides Idaho Falls to be a community-supported event. Other 2019 sponsors included CompuNet, CRI Advantage, Gravwell, Thought Networks, Dragos and Herjavec Group. Most importantly, nothing would have been possible without cooperation and support from CEI, especially Jeremy Fregoso, the college’s information technology director. “(He) was the real hero,” Beason said. “He and his team helped make this thing a smash.”
Because of sponsors’ contributions, tickets were only $10, covering one day of workshops and a second day of regular presentations. “Most cons don’t offer workshops right away because they have to pay people to come in or don’t have the expertise immediately available,” said Bri Rolston, who has done cybersecurity work for INL since 2000. “On Saturday, we actually had two tracks of presentations. Again, most cons take three to five years to develop this kind of talk diversity.”
Saturday’s keynote speaker was Sandy Dunn, Blue Cross of Idaho’s chief information security officer. Other speakers included Jeremiah Bess, cybersecurity incident responder at Fannie Mae; Larry Leibrock, ISU visiting professor of computer science and strategic studies; and Jason Larsen, a consultant with the Seattle-based IOActive, and former INL employee.
As serious and “conference-y” as this sounds, perhaps this is the place to note that master of ceremonies Zach Tudor, INL’s associate lab director for National and Homeland Security, consented to having his hair painted green. Administering the spray job was Scott Cramer, INL’s Cybercore Integration Center division manager, who had his nails painted Joker green by one of the youngest BSides attendees, 7-year-old Addie Stacey.
While Addie was attending planning meetings with her dad, Rolston noticed she was wearing sparkly nail polish. “I told her I’d bring more nail polish for her to use at the con, since we’re trying to encourage women in security,” Rolston said. “Tiff Keller, one of the other female organizers, had her hair dyed pink and I sprayed mine fuchsia. I’m totally taking all the credit for Zach painting his hair green, though. I’ve known Zach since around 2002, which gave me an advantage.”
About 10 children were involved in BSides Idaho Falls. Saturday’s lockpicking village was hosted by Scouts from the Grand Teton Council Troop 154-G, based in Shelley.
Lockpicking is part of many BSides and cyber conferences because it offers a concrete example of how easily security systems can be hacked, said Ginger Wright, whose daughter, Elizabeth, 14, was one of the Scouts. Elizabeth picked her first lock at age 9 at BSides Las Vegas, where she freed BSides co-founder Jack Daniel from a pair of handcuffs.
“It’s an eye-opener for people to see how easily a lock can be defeated,” said Wright, who manages the Cybercore Integration Center’s energy cyber portfolio. “It blows their assumptions away, and then you can start to address more intangible forms of security protection.”
A self-described “cybersecurity evangelist,” Beason said they will start planning the 2020 BSides after the new year. He hopes it is only the beginning of a stronger cybersecurity community in eastern Idaho and is aiming to develop an Idaho Cybersecurity Cooperative. While CEI and ISU offer first-rate cybersecurity training, opportunities for graduates in the area are still limited. With a cooperative, INL, CEI, ISU and BYU-Idaho can provide a strong foundation for growth while the community can begin to realize the possibilities.
“Outside of D.C. and parts of California, eastern Idaho is a hot spot,” he said. “If we can forge collaborative initiatives, we could turn eastern Idaho into a Silicon Valley for cybersecurity.”
Posted Oct. 23, 2019